* Posts by Crazy Operations Guy

2324 posts • joined 29 Jun 2009

If you bought a dildo in Denver, the government must legally be told

Crazy Operations Guy Silver badge

@Dave 15

I grew up in Vancouver, WA (Right on the other side of the river from Portland). Too many people were doing that, so you now have to present a state ID card on any purchases over a certain amount, if you don't have an Oregon ID card they'll tack sales tax onto the bill.

Nowadays, having such an ID card is why Washingtonians tolerate anyone from Portland (We apologize to any Portlanders that aren't pretentious hipster cocks, but the fact is that such people are now a minority.)

Moscow says writing infrastructure attack code is a thought crime

Crazy Operations Guy Silver badge

Will they arrest themselves?

Pretty much every advanced government out there, especially one stuck in a cold-war mindset like Russia has several divisions of folk producing anti-infrastructure malware all the time. The people creating it aren't using it themselves, but rather passing it onto the military or third parties to wreak havoc on their enemies. Russia proved this during the Liberation/invasion of the Ukraine as well as their action with Georgia.

Pretty much everyone has that capability. The US has proved that they do possess such capability and willingness to use such technologies as well with Stuxnet.

Crazy Operations Guy Silver badge

Re: That's going to be a blow to the Russian economy

"Crime IS Russia's economy."

The same claim can be made about any other country out there. It really just depends on what side of the double-standard you are on. One man's "civilizing the savages" is another man's "Oppressing the hell out of defenseless people and taking their natural resources"

AT&T took too much money from customers, will pay them back by ... taking less money

Crazy Operations Guy Silver badge

Re: How can I make that more complicated?

I think those 200,000 people have left AT&T since the lawsuit began, so there is no bill on which to place a credit.

Hardware Labs sees off Nvidia trademark sueball-smasher in court

Crazy Operations Guy Silver badge

Re: GTX and GTS

There are quite a few processor instruction sets with GT* mnemonics, so would they have grounds to sue as well?

Trump's FCC will soak net neutrality in gas and toss in a lit match

Crazy Operations Guy Silver badge

Re: Obvious who is pulling Trump's strings

The networks copy each other, so when one releases a story, the others will jump right on it and apply their own spin to it (No outlet wants to miss out on a story and lose valuable advertising dollars). Or at least look at the same sources, and once a large network starts listening to a news feed, the other will start to as well. The American people can't get enough of watching terrible people do terrible things, just look at the popularity of Paris Hilton, The Cardassians, The New Jersey Shore folk, The Duck Dynasty people, Honey Boo-Boo, etc. Trump fits perfectly into that category, so networks were trying to out-do each other in trying to cover the random and 'outrageous' stuff that he did.

People see Trump doing something racist / sexist / homophobic and think back to a time when they or their friends said/did something just as hateful and thus think that Trump fits in with them, that he is "A guy I can have a beer with". Really, anything that embarrassed him in public made him more sympathetic to people that have been embarrassed about doing something similar themselves (nearly everyone).

Comcast would certainly do everything in their power to get a sympathetic candidate in office. They stand to gain massive piles of cash in extortion money from web sites and services if Net Neutrality is killed. They had already spent astronomical amounts of money in lobbying since the conversation about Net Neutrality started. Even if Net Neutrality isn't ended, they still stand to gain quite a lot of cash in reduced corporate taxes that Trump has promised.

Crazy Operations Guy Silver badge

Obvious who is pulling Trump's strings

Its way too obvious who Trump is taking orders from considering his past. Up until the election, Trump was an employee of NBC (Actor on 'The Apprentice'), and later an employee of Comcast (When they bought NBC, which really seems like it should never have been allowed to happen).

He gained popularity due to all the free media coverage he received from the various news outlets, so it seems quite likely that Trump made a deal with Comcast that they would pressure their news subsidiaries to give him more coverage in exchange for Trump using his power to crush Net Neutrality.

I wouldn't be surprised that if Net Neutrality is ended that Trump doesn't return to hosting 'The Apprentice' at a highly increased amount of pay upon leaving the Oval Office.

Online criminals iced as cops bury malware-spewing Avalanche

Crazy Operations Guy Silver badge

Re: the infected PCs still out there

And this is why I would love to see, with proper oversight, some sort of Carrier-grade Network Access Protection system in place.

Malware or attack traffic detected coming from your internet connection? Congratulations, you can now only browse to remediation servers...

SHIFT + F10, Linux gets you Windows 10's cleartext BitLocker key

Crazy Operations Guy Silver badge

Re: And this is why I prefer OpenBSD's approach to Disk Encryption

If you have proper folder redirection and a proper backup regimen, then access to the files on the individual machine is unnecessary. If your company depends on being able to access files on user systems, then your company is doomed. My company uses rsync over SSH to backup users' home directories and configuration deltas (EG pulling the logs from the package manager and producing diff's between the current version of a config file and the base file that shipped with the system).

This happens daily and allows for backing up no matter where the employee is located so long as they are connected to the internet. The intention is that any lost / stolen / failed / attacked / infected system can just be fully written off and replaced with a new system with only trivial loss in productivity. Rather than waste time to disinfect systems or to try and recover files from a failed hard disk, we just grab a new machine, through an image on it, provide the list of packages that were on the system to the package manager to install, then apply all the backed-up diffs to the configuration files. The users' home directory is then copied onto the machine, rebooted and the user can carry on with, at most, loss of anything that happened in the last 24 hours.

Crazy Operations Guy Silver badge

And this is why I prefer OpenBSD's approach to Disk Encryption

No recovery keys, no backdoors, only the password/keydisk you used to create it will work[*]. If you lose the authentication method, well, you do back up your data, don't you? The encryption key is never stored as plain-text, only the encrypted version. The only time a plain-text version of the key exists on the system is after the user inserts the keydisk or types in the password in which case it only exists in a highly-protected region of memory and is overwritten with random data when the volume is unmounted. The region in memory it is stored is also used for all the other secrets the kernel keeps around and has quite a few protections looking after it.

[*] provided you haven't changed the password since creating it, in which case, only the most recent password/keydisk will work.

Crazy Operations Guy Silver badge

Re: "dns claim my server is updates.microsoft.com"

"that have been signed by a key that the target machine trusts for this purpose"

Yup, the OS will only trust updates that have been signed using the same key as the kernel and base libraries were signed with. This is to stop people trying to spoof the Windows update servers and even going so far as to cut certificates that the client trusts.

If you can somehow manage to either replace the kernel and the base libraries with version you wrote and signed yourself, or somehow managed to figure out Microsoft's 4096-bit code signing key, then you can perform much better hacks than impersonating the update servers...

Crazy Operations Guy Silver badge

Re: Whole-disk encryption is silly anyway

And that would be (one reason) why /home should always be a separate partition. I do the same thing on all my application directories for my servers.

Each parition is encrypted with a separate password. I have the system set up so that /, /bin, /dev, /etc, /root, /sbin, and a /util (Which contains scp, curl, and a few other utilities). That way the server admins can patch, upgrade, and manage the system and only need to know a single de-cryption password and even knowing the root pass, do not have access to sensitive data. Application owners, on the other hand, only know the passwords to decrypt their password's partition and neither the root or / decryption password.

Each application is chroot'ed with its own set of directories (such as /etc, /sbin, /var, and so on), so the application owners can do what they need to their partition without affecting anything else.

HMS Queen Lizzie to carry American jets and sail in support of US foreign policy

Crazy Operations Guy Silver badge

"The US Navy and its regional allies have been carrying out freedom-of-navigation exercises to reinforce the fact that international waters are not Chinese."

I wonder if the Chinese are only doing those patrols to show that International Waters aren't American Waters...

Chernobyl cover-up: Giant shield rolled over nuclear reactor remains

Crazy Operations Guy Silver badge

"I wonder how many deaths would have ensued had the Fukushima power plant been coal, oil or gas fired?"

Even operating normally, coal power plants kill far more people that nuclear power ever has due to accident. Coal power plants send quite a lot of toxic crap up into the air, ironically, a lot of it is radioactive. People living down-wind of a coal plant are at a ridiculously high risk of cancer, leukemia, respiratory problems, birth defects, and many, many other health problems. Oil and gas plants have the same problems (On a lower scale, but the effects are still certainly noticeable). That isn't even counting the number of workers killed each year digging that crap out of the earth in the first place (and the associated health problems).

Crazy Operations Guy Silver badge

"Which is a long time, but not longer than the danger posed by what's left of the reactor."

But in 20-30 years, those really dangerous bit would be dangerous bundled up in a bunch of nice safe casks buried in an underground facility designed specifically to hold such dangerous stuff rather than in a big precarious pile of miscellaneous crap protected only by a thin-ish concrete dome.

The reason this dome is so much larger is so that they can start moving automated equipment into the dome and have space to work and start removing contaminated rubble and debris that is in the way of accessing the reactor so they can start tackling the task of getting rid of it and making the site much, much safer (well, relatively). The radioactivity has greatly reduced in the last few decades to where it is now possible to do that soft of work, of course technology being much more advanced also helps so they can send in cheap remote-control vehicles operated by someone hundreds of kilometers away rather than having to send in ole Vladimir on a 30-year-old bulldozer...

This dome is also likely to live a much longer useful life since its constructed of proper materials and over-seen by highly-trained engineers rather than the original dome that was built by the same folks that brought you such wonders as the Berlin Wall, and the Chernobyl Power Station itself...

Drive-by web nasty unmasks Tor Browser users, Mozilla dashes to patch zero-day vuln

Crazy Operations Guy Silver badge

"First off, it's a garden variety use-after-free, not a heap overflow, and it affects the SVG parser Firefox."

So the flaw isn't an extremely incompetent programmer, just a garden-variety terrible programmer? Seriously, use after free errors are way too basic of an error to occur with something that is supposed to be secure. I'm concerned that this was caused by a programmer getting too many 'potential use-after-free' error messages that the compiler was throwing so just decided to turn that feature off rather than try to fix the errors.

As for SVGs, why in the holy fuck, does an -image parser- have access to networking functions? The only thing it should be doing is to draw shapes on a canvas and then send the canvas to a BMP for the browser to paste into the webpage.

Oh well, I suppose its back to Lynx for my secure web browsing needs...

I'm not having a VMware moment – there's just something in my eye

Crazy Operations Guy Silver badge

Re: Hooray for single points of failure!

We actually started out as a Microsoft-shop on big, monolithic boxes. We shifted over micro-size machines after hiring a developer that became impatient with how long it was taking to build test environments, so they built their own out of a pallet of Pentium-4 desktops that were destined for the scrap heap. They became frustrated with the performance of running a full deployment on a single box so started to split the option out to multiple machines; the application then evolved from there.

Management was impressed by their work (First time development was both well under budget and delivered early) so set them loose on other projects. They ended getting some staff of their own and pulled in some Open-source *BSD devs that they had worked with before at some local hack-athons. They eventually re-coded everything to work on Open / FreeBSD, nginx, PostgreSQL, and using CGIs built in Python and C (Depending on performance requirements). After some time, they ended up with the time and energy to start tuning the OS, eventually bringing the OS overhead down to 4 GB of disk space with base daemons and libraries; less than 1 GB of RAM; and the OS uses less than 10% of a single CPU core on a E3-1230v2 chip while saturating the machine during load testing (The rest of the machine is spent on the application load).

AS for DB performance tuning, all queries go through a set of stateless "director" systems that have a set of in-memory db tables containing performance data, a list of which tables are present on each DB server, and last update time for each DB to direct the queries to the most optimal server. The director servers are completely stateless and exist behind a shared / LACP IP address on the front-end and use a multi-cast address on the back-end to receive performance figures the 'performance manager' system. Once a minute, performance figures from all the DB servers are sent to the 'performance manager' system which compiles a performance score and send out those figures to directors. The performance manager also tracks long-term performance data to determine which tables should be distributed to additional Database servers.

Additional tables are distributed the performance manager itself, it sends a list of tables that each server should possess to the database servers which will pull those tables from the master DB server that stores all tables (A low-performance DB box that is loaded with a bunch of several-TB 7200 RPM SATA disks). This master server doesn't handle queries from the applications, only replication requests from the actual DB servers and changes moving up from the DB servers to the Master server account for less than 1% of query traffic, so not much performance is taken up with that (most of its performance is spent sending tables to DB servers or dumping its tables out to a backup server). Once a DB server receives a new table, it informs the performance manager which then updates the list it sends out to the directors.

The whole thing is a bit complex, but its a lot of the same pieces, so the documentation is relatively simple (at least no more so than any company's documentation and architecture diagrams). A lot of the complexity is just appearances, sure its a lot of pieces, but the pieces are simple and straight-forward so teams can operate without needing to know things end-to-end, only what is coming into their piece, and what is supposed to come out the other end.

Crazy Operations Guy Silver badge

Re: Hooray for single points of failure!

Well, in my environment, the critical data is -also- stored on large central arrays. The model I've gone for is to break tasks up into as small of pieces as possible and then distribute the tasks across as many boxes as needed. We prefer scaling out rather than up.

With our mission-critical system, rather than scaling up, we scale out. So rather than using a high-end 8-way Xeon E7 system with a 1+ TB of RAM and a 24-disk bay filled with high-end SSDs, we use 32x Xeon E3 machines with 64 GB of RAM and some mid-range SSDs. For databases, we split the tables so that very active and CPU-intensive end up on many of the systems, even mostly inactive tables end up on several machines.

We found that its very cost-effective to just distribute the work load to many mid-range servers. When pushing a system further and further, it was found that at a certain point each additional FLOP / IOP we squeeze out of system, the more expensive it was, so we build systems up until we get to the point where an additional 10% performance is going to push costs up further than 20%.

We also save a lot of money on staffing as well. Rather than having staff working around the clock, we just have a skeleton crew outside of business hours whose task is just to diagnose why something failed rather than attempting to repair: When you have a pair of large system in an HA configuration, you need to repair them quickly to ensure things run smoothly; but when 1 out of 32 servers go down, capacity is only reduced 2-3% and can be handled on Monday when normal staff come in. We also saw a lot of gains in routine maintenance, we don't need to wait until after-hours to patch a system, we can do it any time and no one outside of IT even notices that something was down.

We even do that model with our file servers, we use these 1U boxes with 12x 3.5" disks in them and filled with 6-8 TB drives. With everything replicated and advanced load-balancing, we can squeeze many more IOPs out of a rack of boxes with inexpensive spinning-rust and 1-gig interfaces than the 1.5-rack monstrosity EMC sent us to try out.

The developers we use for in-house development are highly-disciplined and code is profiled quite regularly so that we can identify inefficient databases, overloaded functions, or just inefficient methods. Our head of development is a firm believer in the Unix model of building things so they do only one thing but does it well and does it quickly. Our code may be a bit large, but the systems zip right through it without breaking a sweat and its very, very easy to understand and debug. Managed to reduce development staff from 150+ devs in India and China to a dozen folk in Austin and another dozen in Frankfurt.

Crazy Operations Guy Silver badge

Hooray for single points of failure!

So they want us to move storage for mission-critical data from very reliable local drives to a SAN that can fail for many reasons and taking the whole rack with it? Yeah, that's a pass for me...

Crazy Operations Guy Silver badge

Re: Not a technical question...

In a proper datacenter the fans in the machines would push the hot air out the back where it gets sucked up by the cooling system, which pushes deposits cold air in front of the machines. If you are worrying about heat rising in a server room / datacenter, you have much bigger issues to deal with.

As for flooding, all the data-centers I've been to are raised up a few feet from ground level to match the height of the loading dock and have a basement underneath to store fuel for the generators, run cables, or for storage of items that aren't damaged by flood water.

Crazy Operations Guy Silver badge

Those look awfully familiar....

Yet another company re-selling year-old SuperMicro hardware and throwing a massive markup on the thing:

https://www.supermicro.com/products/system/2u/2028/SYS-2028U-TN24R4T_.cfm

Or go with 48 NVMe in 2U:

https://www.supermicro.com/products/system/2U/2028/SSG-2028R-NR48N.cfm

Wouldn't be surprised if they weren't also just using SuperMicro for the networking as well, what with these adapters:

https://www.supermicro.com/products/system/2U/2028/SSG-2028R-NR48N.cfm

and a couple of these switches to stitch it all together:

https://www.supermicro.com/products/accessories/Networking/SSE-C3632S.cfm

San Francisco's sinking luxury Millennium Tower: Tilt spotted FROM SPACE

Crazy Operations Guy Silver badge

Third World

""I somehow don't think San Francisco is in the 3rd World.""

"Yet. The city council is working very hard on getting there..."

You mean the City Council is planning on making San Francisco a sovereign state aligned with neither the USSR or the Western/NATO alliance?

The whole "First/Second/Third World" idea was Cold War propaganda where the "First World" were nations aligned with NATO/Western Nations; Second World nations were aligned with the USSR and third world nations were those that remained neutral towards both groups.

Technically Switzerland was a third world nation while Liberia was considered First world. Its all random bullshit to make us seem like civilized and superior to those not towing the party line.

Crazy Operations Guy Silver badge

Typical San Francisco...

Build something big and shiny that is built on top of pure crap, sell it for tons of money to rich idiots, then walk away without ever looking back at the damage you caused to everyone else. You know, the Facebook model of development...

Grand App Auto: Tesla smartphone hack can track, locate, unlock, and start cars

Crazy Operations Guy Silver badge

Re: Going stone-age

"Ive had a super idea! why not a physical key like one has for ones home or safe?"

Yeah, except people are getting rid of those as well in favor of apps. Had a coworker of mine that had to crash on my couch for a weekend because he dropped his phone and couldn't get into his house (Bluetooth locks) or turn off the alarm (IoT app-only bullshit). They couldn't buy anything since all their cards were stored in a Bluetooth-enabled safe at home and just used Apple Wallet to pay for everything. I had to drive them since they couldn't seem to figure out how to get home without a navigation app to direct them (Traffic is terrible in the area, so the app would direct them around a lot of random side streets to avoid the congestion so never took a route enough times to get it imprinted in their mind).

Crazy Operations Guy Silver badge

Re: Going stone-age

Yeah, but also factor in that an old VW costs around $5000 where the cheapest Tesla is $35,000*. You also have to factor in the fact that they've made 21 -million- Beetles vs only a few thousand Teslas. You would also have to factor in location as well since most Beetles are driven in poor countries where car theft is common and the police highly ineffective.

And even if it is stolen, I think it'll be much easier for the police to find a purple bug versus a medium-gray car that looks like every other car on the road. There isn't even much motivation to steal one anyway since new parts are about the same cost as used, so scrapping it wouldn't net the thief all that much cash making the risk-reward ratio completely untenable.

[*]A Tesla would be much more than that at the end of the day since I would need to finance a Tesla and pay interest on the loan versus paying cash for a Beetle.

Crazy Operations Guy Silver badge

Going stone-age

Been meaning to get a new car, but with security issues like this, I think I'm going to get something a bit older. A local company refurbishes classic cars that just got a whole load of old 1960's VW Type-1 Beetles, might have to pick one up...

I have no need for A/C (Almost never gets warm enough around here), all I need from a radio is a a 3.5mm audio input jack and a USB charging port (An hour or two at a soldering iron will take care of that), and I especially don't need yet another device that needs to connect to WiFi for updates. Parts and other replacement components are extremely plentiful and easy enough to repair while stuck on the side of the road and equipped with only a few tools. Plus it doesn't need water and is immune to EMP blasts.

Microsoft’s ‘Home Hub’ probably isn’t even hardware at all

Crazy Operations Guy Silver badge

Re: Another MS me too

Microsoft was successful mostly because they weren't innovative. They ruled the business and home markets because you could sit down at any Windows-based machine and get running immediately. They would watch their competitors, learn from their mistakes, and then put out a product that addressed those problems and fit into the MS ecosystem.

They were much like a wolf hunting a rabbit, only running fast enough to keep their prey in sight and wanting for the opportune moment to strike. Now they are trying to out-run the rabbit and are getting hit with obstacles that would have been avoided if they paid attention.

Crazy Operations Guy Silver badge

"But not Hindi, Arabic, Bengali or Russian,"

Having worked at Microsoft*, I find it ironic it doesn't work with those languages since the vast majority of dev work is performed by outsourcing / body shops in India and Indonesia with a lot of the Senior Devs coming out of Russia after the fall of the USSR. Not too many Bengali folk, but they at least out-number Americans by a wide margin.

[*] I was young and stupid at the time, I didn't know any better...

Airbus flies new plane for the first time

Crazy Operations Guy Silver badge

Re: Bye bye Arctic

The Concorde was also uneconomical from the point of view of maintenance. Going super-sonic places an immense amount of stress on the entire craft, and especially the engines and the leading edges. At those speeds, the craft also required much more and more often inspections since a fracture that would lead to, at most, minor damage on a traditional craft would cause the Concorde to disintegrate upon breaking the sound barrier.

There was also the problem that the thing turned like a cow (the thing was so skinny and delicate that turning too fast would cause the thing to twist apart and shatter), so if you had to over-shoot your landing, it was either hope there was another runway with the same orientation, or you had an hour of fuel so you can loop back around.

Even the the super-luxury aircraft market where cost is no object is staying below super-sonic speeds and opting for 0.99-mach maximum speeds and aiming for 0.99-mach cruise. No one wants to buy a plane that is stuck in the hanger for maintenance longer than its usable flight time...

Crazy Operations Guy Silver badge

Not surprising its safe, no one is doing anything exciting anymore nowadays

Its not surprising at all that tests flights are so safe and reliable when no one is designing anything new or different.

Test flights are pretty much a formality now that everyone is just building slight variations on their existing craft and are just your standard aluminum tube with a pair of wings on either side and powered by 2 / 4 petroleum-burning turbofans strapped to the bottom of the wings. The most revolutionary thing to hit the skies in the past several decades is replacing the aluminum on the sides with carbon fiber or blending the winglets into the wing surface whoop-de-fucking-do.

Why don't aircraft manufacturers have the courage to actually make something revolutionary anymore? Why no new designs (Flying wings, proper blended-bodies, etc)? Why not try different fuels on a larger scale? How about something new for once? I'd settle for a new design that would cut down the hour and a half cluster-fuck that is getting 100 passengers off the plane and 100 new ones on (Could probably be solved by the airlines, but the manufacturers could do something to help make it more efficient).

Chirp! Let's hear it for data over audio

Crazy Operations Guy Silver badge

" In nuclear power station control rooms, radio devices have been banned since the 1950s because of concerns about interference. No Wi-Fi or Bluetooth is permitted. Chirp can talk to the machines safely."

Yes, but shielded cable, which they've been using from the start, is going to dominate such applications. Besides, the chirping is going to get drowned out by Geiger-counter clicks and the sound of relays snapping open and closed.

If something is important enough to be allowed into the control room, then its too important to have such basic causes of failure.

FBI's Clinton email comedown confirms it could have killed the story in a canter

Crazy Operations Guy Silver badge

Re: Come(d)y come(dy)down

"Pretty much because it's still Wall St., big oil and the military industrial complex that runs America."

They only reason that could be true is that they participate in local politics. These companies are most affected not by the billion dollar deals occurring in the senate, but by the local city council meetings, by the various public hearings held in school gymnasium and church basements. They win not by dirty practices, but because no one else shows up to these events so the only opinion the local councils get is "This deal will be bring $10 million dollars into the city" as said by the PR guy for that multi-national oil company and no one form the community to even ask "But how much pollution will be generated?"

The Flint Water Crisis happened not because of anyone on the federal, or even on the state-level, governments, but because no one showed up to provide a dissenting opinion to the decision to switch water supplies (In fact, not a single soul had shown up, nor to nay previous meetings or any following meetings). The whole crisis could have been avoided if just a single plumber showed up to ask "The Flint river is terrible, how will it affect our pipes?" or even just a regular citizen asking for the state or federal EPA do a study on it.

The vast majority of power and money in the US is controlled by random chuckle-fucks that ran unopposed for the position of "City Council Member #27" or "County Comptroller". Remember, that guy that ran for "Public Safety Commissioner" might have just wasted $5 million dollars on getting Stryker Transports for a 10-office police department because the representative from Raytheon told him that it would protect the people; Councilwoman #13 may have just passed a resolution that makes it overly difficult for a local Credit Union to set up shop but would allow Chase bank to come right in a set up shop without a problem; the City's environmental agency public hearing in the elementary school on a construction project last week might have just allowed ExxonMobil to build a refinery along the shore line.

Hitler's wife's lovely lilac knickers fetch £2,900 at auction

Crazy Operations Guy Silver badge
Joke

Re: Shades of Jurassic Park?

Its completely wrong to compare Trump and Hitler. Adolph understood how economics worked...

Zerg rush! Now Google DeepMind, Blizzard train AIs with StarCraft battles

Crazy Operations Guy Silver badge
Joke

An AI playing StarCraft II

Well, at least then -someone- would be playing it.

El Paso city bungs $3.2m to email crooks pretending to be bosses

Crazy Operations Guy Silver badge

Specify financials in the contract

Any money paid by a government entity should always be part of a well-written and verified contract. Any proper contract would include the exact destination of funds along with the payment schedule. At the outset of the contract it should be known "On this day, provided the contracted tasks have been completed in a satisfactory manner, the sum of $300,000 USD is to be transferred from <routing/account number of city's coffers> to <routing/account number of contractor's coffers>". Any changes to the amounts, schedule, or the source/destination should go through the lawyers and the bean counters of both organizations.

Hell, this should apply just as well to all organizations. The CxO / Mayor / Council / Governor / Head of State should never have the authority to just authorize payment or any money transfer without explicit authorization for each transaction by the responsible legal and financial authority. These 'CEO Scams' would be dead in the water if organizations would just follow procedure. The problem, and sole reason the scam exist, is the massive ego of those in power and they want control over everything, especially the check book.

Is password security at just $1/month too expensive for most?

Crazy Operations Guy Silver badge

Re: So they want me to trust an online service with all my passwords?

"You don't control your bank, but they still hold your online banking details...."

Yes, but if my bank were to be breached, only my banking information would be leaked. If Lastpass gets breached, -everything- gets leaked.

If one of my banks were to be breached, I would legal recourse and the bank would be required, by law, to either reverse any transactions in progress or to refund the stolen funds (FDIC requirement if its shown to be their fault for the breach). That is also assuming that they'd somehow gain access to my email account so they can get the tokens to authorize logins / transactions (Email is encrypted between the banks' and my email servers). And even then, I'd still be fine since only one of my bank accounts would be affected (I have a personal bank account for my day-to-day expenses, my retirement account that I can borrow against in an emergency, and my investment accounts; all of which are protected by various laws if the bank if found responsible).

All of those protections go away if the passwords were to be leaked by Lastpass which would include the details to all my bank accounts and the email accounts used for two-step authentication. Also, since its not the fault of the banks, they have no legal requirement to do anything (Other than re-issue my cards and reset my passwords after I report the problem). All I'd get from Lastpass is maybe a few free months of an identity theft protection service, a few months worth of free service and a letter from their PR team that is nothing more than "Sucks to be you" coated in diplomatic fluff.

I carry around an encrypted thumb drive (a 16-GB IronKey) on a chain around my neck with a portable copy of KeyPass(X) and a hardened version of FireFox for accessing security-sensitive websites. I figure that that level of protection is well beyond the level of effort someone would want to exert to acquire my passwords.

Crazy Operations Guy Silver badge

So they want me to trust an online service with all my passwords?

I don't care how cheap it is, I'll never trust something I don't control to hold anything as sensitive as the password for my throw-away hotmail account, let alone my work or banking accounts...

Vodafone and Inmarsat hang satellites over potential Internet of Things customers

Crazy Operations Guy Silver badge

RFID-equipped fence posts? Cow walks near the gate, it registers that cow-278390 is near gate-485. Maybe with additional poles in the middle of fields and other points-of-bovine-interest.

At least that is my best guess.

I also imagine that they may equip cows with GPS-enabled auto-prods to do the actual work of getting them back into the 'geofence'.

Mysterious algorithms, black-box AI recruiters are binning our résumés

Crazy Operations Guy Silver badge

In my experience

It seems they are all coded as "If candidate already has a job, spam them with contract offers. If candidate is unemployed, stay silent"

AI software should be able to register its own patents, law prof argues

Crazy Operations Guy Silver badge

I look forward to it

Maybe people will realize that the patent system is complete pants when some AI patents '5 mm rounded corner' followed up by '6 mm rounded corner' and the classic '5.5 mm rounded corner'

RRS Sir David Attenborough construction goes full-steam ahead

Crazy Operations Guy Silver badge

Re: I'm confused

That's CGI...

More than half of Androids susceptible to ancient malware

Crazy Operations Guy Silver badge

Re: or alternatively...

The Note 7 ships with Android 6, so would be immune anyway...

US reactor breaks fusion record – then runs out of cash and shuts down

Crazy Operations Guy Silver badge

"richest country currently on earth can't get behind true research"

What are you on about? China is throwing billions into Fusion research as both part of ITER as well as home-grown CFETR tokamak. Then there are all the various fission-power research projects, not to mention being the largest contributor to the field of clean-technologies. China is also home to the greatest number of super-computers (Including #1 and #2). China also has the highest STEM scores in the world across the board. R&D spending is growing faster than any other country and will be greater in both terms of raw spending and even percentage of GDP of any nation in the world by 2022.

Sextortion on the internet: Our man refuses to lie down and take it

Crazy Operations Guy Silver badge

"you're taken to the West Kent Police Page or Europol page"

Well, its easy to figure out if its a scam:

If the website looks like a teenager's Geocities page and it requests payment by typing in your details on a regular http page, its very likely to be a legitimate government website.

ShadowBrokers put US$6m price tag on new hoard of NSA hacks

Crazy Operations Guy Silver badge

No one bought it, becasue why bother?

Anyone interested enough in the data dump to waste US$6 million on it would have the capability to just break the password themselves. Plus there is the whole "There is now a money trail" aspect, so they'd probably be willing to spend several million more on compute resources.

Netflix reminds password re-users to run a reset

Crazy Operations Guy Silver badge

Certificate-based authentication

I wish certificate-based authentication would have caught on by now. Passwords are terrible need to be thrown out. It seems ridiculous that our security hangs on a string of characters that are difficult for a human to remember but are trivial for a machine to guess.

Even if we don't move to certificates, I'd still like to get rid of security questions since the information they ask for can be found on Social Networking sites, blogs, information dumps, or for noteworthy people, Wikipedia. Its especially annoying when they ask "What is your favorite color?" then impose a 7-character minimum...

How a chunk of the web disappeared this week: GlobalSign's global HTTPS snafu explained

Crazy Operations Guy Silver badge

Re: Is there still trust in the Cert system?

I'd say that the certificate system is a lot like plane crashes: Works perfectly 99.99999999% of the time, but when a failure happens, the damage is widespread and makes headlines around the world.

Crazy Operations Guy Silver badge

Re: Let's Encrypt is not an alternative.

"OV certificates are useless"

Functionally, no, but they are useful for knowing that the CA actually did at least some basic checking before issuing the cert. There are too many CAs that will just issue a standard certificate to anyone with an email address and a couple bucks to spend for a basic certificate.

Crazy Operations Guy Silver badge

Re: Let's Encrypt is not an alternative.

Identity certificates, Extended or Organization Verification certs, authentication certificates, code-signing, time-stamping, etc...

Let's encrypt really only does web server certificates that can, with some effort, be used to secure SMTP, FTP, and some other protocols, but there are a lot that you can't.

Google: We look forward to running non-Intel processors in our cloud

Crazy Operations Guy Silver badge

Re: Plus ca change

I've been seeing PCIe cards built specifically for speeding up virtualized telco servers. The cards are equipped with an FPGA or ASIC that is loaded with hundreds of DSPs and some session management logic. There isn't any reason why they couldn't work on other architectures, so long as they speak PCIe (And drivers are available for the platform).

Biting the hand that feeds IT © 1998–2019