* Posts by theblackhand

733 posts • joined 1 Oct 2009

Page:

That's Huawei I like it: Chinese giant's cloudy arm dumps 19-inch rack for newer model

theblackhand

Re: Stupid U

"Also, I suspect the vast majority of cloud datacenters today (including those in Facebook, Google, Microsoft, Amazon etc.) are using 19-inch racks.. So deploying 21-inch racks only becomes a consideration"

The majority of cloud data centres typically deploy equipment as a pre-built rack - ether during initial deployment or during equipment upgrades to allow for pre-deployment testing so it's unlikely to be a significant consideration outside of the physical space required.

As the majority of clouds DC's are also power limited (i.e. either directly or indirectly via cooling limits), space is unlikely to be an issue.

Overhyped 5G is being 'rushed', Britain's top comms boffin reckons

theblackhand

Re: Well then

I hope you are prepared for a visit from Apples lawyers. You seem to have both the internal details and the curves...

Alphabet snoop: If you're OK with Google-spawned Chronicle, hold on, hold on, dipping into your intranet traffic, wait, wait

theblackhand

Re: Nice horse!

"Kaspersky was alerting users of a self signed Google cert on their network:

https://www.bleepingcomputer.com/news/security/kaspersky-av-having-certificate-conflicts-with-google-chromecast/"

If I understand this issue correctly, Kapersky is using a self-signed SSL certificate to allow it to scan SSL content and Googles use of HSTS is causing the error to be flagged.

Or am I missing something?

Demand for HP printer supplies in free-fall – and Intel CPU shortages aren't helping either

theblackhand
Trollface

Finally....

2019 - the year of the paperless office

Jeez, what a Huawei to go: Now US senators want Chinese kit ripped out of national leccy grid

theblackhand

Re: what?

"There's ALWAYS something about to go wrong - a tree shorting a 32 kV local feeder line, the 400 kV export connection of a big power station failing, a nuclear plant shutting down on a safety system flagging up"

Coal/gas plant's going into an overspeed state will suddenly drop upto 500MW off the grid due to a fuel or mechanical issue so smaller amounts shouldn't cause any issues.

The attacks on Huawei's reputation appear to have been driven by commercial interests around 5G availability from non-Chinese vendors - I suspect this is politicians adding 1+1 and getting "the Chinese are hiding under the bed".

Password managers may leave your online crown jewels 'exposed in RAM' to malware – but hey, they're still better than the alternative

theblackhand
Trollface

Re: Security software 101

"To be fair 101 also says if a hacker can read your RAM it's gameover...<snip>...they'll know where you pron stash is for starters..."

You have your pron stash in RAM? Is an SSD not fast enough?

Oracle throws toys out pram again, tells US claims court: Competing for Pentagon cloud contract isn't fair!

theblackhand

Re: Interesting

"They both have FedRAMP certified cloud facilities."

They do as do ~50 other providers, but Oracle and IBM lack the facilities in the locations DoD prefer and the existing connectivity. There bids specifically mentioned building new facilities in the required locations to the size required at a cost of ~$100m and resulting in a 2-year ramp up vs a 1-year ramp up for AWS/Azure who have existing facilities.

Google also had facilities in the required locations, but withdrew - the reason given was employees not being happy with the contract, but I suspect they couldn't complete the required FedRAMP certification in a timely manner and the employee unhappiness was convenient. But then I'm cynical...

Blockchain is bullsh!t, prove me wrong meets 'chain gang fans at tech confab

theblackhand

Re: I've yet to hear of an actual, real application of blockchain

Oracle AND IBM...

Just wait until IBM announce that they are using AI to enhance blockchain in the cloud - at that point you know it’s dead.

Ivan to be left alone: Russia preps to turn its internet into an intranet if West opens cyber-fire

theblackhand

Re: Clientside Loopback Protection.

Lucky you used the joke icon - I wasn’t sure if this was humour or a desperate plea from an IT management-type for help with their latest cunning plan.

Big trouble Down Under as Australian MPs told to reset their passwords amid hack attack fears

theblackhand

Re: But...

And with such a tech-savvy government, shouldn't "At this early stage our immediate focus is on securing the network and protecting its users," be:

"At this early stage our immediate focus is on removing encryption to allow both the hackers and law enforcement access to the data to ensure it can be verified. If the politicians have nothing to hide, I'm sure they have nothing to fear"

Sysadmin's three-line 'annoyance-buster' busts painstakingly crafted, crucial policy

theblackhand
Black Helicopters

Re: Oh yeah, _that_ fscker.

"It (SELinux) was originally engineered by the American government"

You mean the NSA...so they can watch everyone's mobile phones... Andoid even lists it... Apple doesn't because they don't want you to know the truth...

I think that covers all of the SELinux mobile phone conspiracy.

The Six Billion Dollar LAN: Intel hopes to gobble network kit biz Mellanox 'for $6bn'

theblackhand

Re: Monopoly?

I fear that Intel maybe the best hope for Infiniband - as long as Ethernet continues to make advances in traditional Infiniband markets and Intel continues to increase it's market share, the two options are likely to be Mellanox struggling to maintain the required investment in newer, faster Infiniband as they lose market share and revenue to Intel or Mellanox and Intel working together to make Infiniband a more viable competitor to Ethernet (i.e. lower cost through volume and build on it's performance advantages, particularly given the potential for Infiniband in cloud providers where the better solutio is more likely to win...)

I'm not trying to advocate a monopoly, but the market data does not look good for Mellanox in spite it being the superior product.

You're an admin! You're an admin! You're all admins, thanks to this Microsoft Exchange zero-day and exploit

theblackhand

Re: Possible quick fix

Captain Scarlet...no pitchfork, but I would like to escort you to the Hague for your trial...

Intel boss: Expect chip shortages into mid-2019, stumbling server processor sales this year

theblackhand

Re: Expect chip shortages into mid-2019...

"Intel 28 Core Xeon Platinum 8180 Server/Workstation CPU/Processor"

Definitely not vaporware - we just setup a 4 node ESXi cluster with 2 x 8180's in each node. The customers specs, not mine.

You buying retail or going through an existing vendor? Cisco certainly had them for sale in December (when the order was processed)

Open sourcerers drop sick Fedora Remix to get Windows Subsystem for Linux pumping

theblackhand

Re: Yeah, but redux ...

Jake - aren't we just comparing different methods of suck starting a Harley? Sure they get the job done, but there must be a better way...

Nationwide UK court IT failure farce 'not the result of a cyber attack' – Justice Ministry

theblackhand

Re: Hanlon's razor

Or the outsourcer's addendum to Hanlon's razor

Never attribute to malice a screw up which can only really be achieved by a team of idiots brought together by an outsourcing agreement....

theblackhand

Re: CPS

It's like clapping.

Once you start you never actually stop - it's just the period between claps that alters.

With the CPS sometimes the period is measured in days, weeks, months, years or decades. But there is still movement. Never paralysis.

McKinsey’s blockchain warning irks crypto hipsters

theblackhand

Re: While I'm sceptical of blockchain as of yet,

McKinsey - real, make money for McKinsey, appears to be genuine snake oil, wouldn't spend my own money on them

Blockchain - real, made money for some people, jury still waiting for snake oil to be produced, wouldn't spend my own money on them

GDPR: Four letters that put fear into firms' hearts in 2018

theblackhand

Re: Oh No It Isn't...

“And also: "We take users privacy and sercurity very seriously" after a major breach of either.

I'd like to see journos point blank refusing to print such a statement without an answer to a question as to how the company squares this with what's just happened.”

Or allow PR people to say it on video on the condition that suitable backing music will be added later. I’m torn between circus music and the Mickey Mouse club song...

London's Gatwick airport suspends all flights after 'multiple' reports of drones

theblackhand
Black Helicopters

Re: I wonder if...

"And, then you have to consider aliens too."

Or Blackhawks using covert technology to make them look smaller and less menacing.

Having swallowed its pride and started again with 10nm chips, Intel teases features in these 2019-ish processors

theblackhand

Re: Not what Intel has been saying for the past several years

"FWIW... 10nm v1 (Cannon Lake) is dead and buried. It was impossible to see it through to mass volume. The integrated GPU in the CL Core i3 was disabled because it didn't work.The metalization was not viable."

Yields for a ~70mm2 chip were in the region of 30%-40% when they should have been at least double that for a new process, ignoring the 4+ years spent getting to that state. And it needed the GPU disabled to hit those yields.

The root cause appears to be the EUV process Intel are using - it has significantly increased the number of process steps during etching which has led to significant slowdowns in producing chips AND significant drops in quality (and hence yield). Not a good place to be... While there were other materials issues (i.e.cobalt), fixing those would not have addressed the production speed/yield issues which would have meant Intel needed more fabs for the same chip volumes.

In hindsight, Intel took the wrong path to 10nm - the question is why they refused to acknowledge that for so long when it looked like their competitors were going to beat them to market (i.e. late 2017 based on availability of etching equipment). And if they have actually learnt from their mistakes...

theblackhand

Re: one metric when it comes to the cpu and that is performance and price

Our chief weapon is performance...performance and price...performance and price.... Our two weapons are performance and price...and compatibility.... Our *three* weapons are performance, price and compatibility...and an almost fanatical devotion to Intel.... Our *four*...no... *Amongst* our weapons.... Amongst our weaponry...are such elements as performance, price... I'll come in again.

theblackhand

Re: TSMC not at 7nm until 2019? Really?

There will be different layout options targeting different designs at a given process node. Mobile SoC parts tend to utilize lower clock speed designs that involve larger gaps between components/interconnects and less aggressive design rules that allow for faster time-to-market for a new process (called CLN7FF by TSMC) but are less power efficient for complex designs. For more complex CPU's, higher density designs are required to achieve higher clock speeds and higher density but the associated design rules are much tighter, and take longer to develop/troubleshoot. For 7nm, this is what TSMC calls CLN7FF+.

So you're right, there are 7nm parts out there in mass production, but not following the high performance design rules typically found in CPU's. The high performance TSMC designs are likely to land in Q1 2019 based on trial parts being in the channel already and TSMC is advising production is ramping during 2019 with full 7nm production capacity expected to be reached by 2020.

Amazon robot fingered for bear spray leak that hospitalised 24 staffers

theblackhand

Re: Actual danger?

And who's going to pay for this improvement in ElReg staff working conditions?

You don't expect them to taste the freedom of working in an Amazon warehouse and then be prepared to return to the dark, dank closet at the end of the hall do you?

Why millions of Brits' mobile phones were knackered on Thursday: An expired Ericsson software certificate

theblackhand

Re: Note to self ..

“These things don't have internet access. They're not a hobbyist website. They're core nodes in a telecom network. It's national infrastructure.”

Yes....My question is if “older software” means that a fix was available via an existing patch or upgrade that had been “delayed” or whether this was a new and unexpected issue.

I don’t expect that even with Internet access that the certificate could have been renewed automatically.

Sensor failure led to Soyuz launch failure, says Roscosmos

theblackhand

Re: "can the fault detection system work fast enough. "

"What are you guys even talking about? Do you think a fault detection system has to run tensorflow computations?"

No....mine bitcoin.

These rocket launches aren't cheap....

Official: IBM to gobble Red Hat for $34bn – yes, the enterprise Linux biz

theblackhand

Re: But *Why* did they buy them?

"I'm still trying to figure out "why" they bought Red hat."

What they say? It somehow helps them with cloud. Doesn't sound like much money there - certainly not enough to justify the significant increase in debt (~US$17B).

What could it be then? Well RedHat pushed up support prices and their customers didn't squeal much. A lot of those big enterprise customers moved from expensive hardware/expensive OS support over the last ten years to x86 with much cheaper OS support so there's plenty of scope for squeezing more.

Apple to dump Intel CPUs from Macs for Arm – yup, the rumor that just won't die is back

theblackhand

Re: Worth the RISC

"I believe in 10 years, architecture (ie. x86, PowerPC, ARM) will be more of a preffered brand, except in very specialized applications."

I'd be very surprised if PowerPC is a viable architecture in 10 years time. SPARC has been open sourced for a while and it is still in decline, with MIPS head start in the open source CPU designs appearing to give it the advantage in the also ran stakes.

AMD has got the low power/high volume CPU market covered. With Intels miss-steps, it looks like a combination of Intel and AMD will keep the mid-to-high performance/high volume CPU market covered and Power is the last real survivor in the very high performance bracket with Itanium having no uarch changes since 2012 and SPARC likely to be one final iteration away from being purely niche.

Can ARM challenge Intel/AMD in the mainstream server market? Possibly, but I'm unsure how it will match performance without increasing cache sizes/pipeline length and moving more functions onto the chip which hurts performance and cost.

Intels current failings at 10nm may completely alter that assumption as it would keep ARM/AMD on equivalent process tech. Intel now have a massive hole in their production line assuming they are sticking with 10nm - a surprise change to 7nm in Fab 28 would address a lot of this but I'm unsure if it is even possible and if not Intel will end up with two failed 10nm Fabs that will need re-built as x nm...

UK Home Office admits £200m Emergency Services Network savings 'delayed'

theblackhand

In other news, I will do the washing up and the cheque's in the mail...

Ex-Cisco chief John Chambers: Tech biz bods are 'too arrogant'

theblackhand

Re: He should know

I thought Cisco was one of the more successful acquisition and integration companies, at least in IT while Chambers was there.

Looking through their list of acquisitions, a lot of them still exist in some shape or form. At least I recognise companies and what current products they contributed too for about 75% of the acquisitions.

Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

theblackhand

Thanks for the reminder

* checks for updates *

None

* uninstalled *

Attempt to clean up tech area has shocking effect on kit

theblackhand

Re: C

"So in the UK you have to stand there breathing in the carcinogenic fumes from the evaporating petrol generated by the hot British sunshine ?"

If you avoid filling up on that day each year, you can avoid the issue with the fumes.

Or just enjoy deaths sweet embrace.

Pain spotting: Russia's Aeroflot Docker server lands internal source code, config files on public internet

theblackhand
Joke

Re: How responsible of you...

Salisbury Cathedral is terrible to visit at this time of year - very little mud and slush so most people go to Stonehenge instead.

Much better to go in late winter when the cooler temperatures provide a good excuse for not hanging around for very long and getting back on the train to London before anyone asks questions.

Ooof! Cisco Webex has been down for 7 hours – and counting

theblackhand

Re: Coordinated attacks?

The incident details are here:

https://status.webex.com/#/service/status

It appears that Cisco migrated customers to a new platform, something went horribly wrong and they addressed the issue by rolling customers back.

While they have now identified the issue with the new platform, I'm guessing there will be a publicly released breakdown of the cause, troubleshooting/customer notification process, resolution and any attempts to address these types of issue in the future.

Don't put the 'd' and second 'i' in IoT: How to secure devices in your biz – belt and braces

theblackhand

Re: Or...

"Oh, and don't use 192.168.0.* or 192.168.1.* for your internal network.". Curious. Why these 2 address ranges but not any other RFC1918 addresses?

Technically there's no reason not to.

However, I would suggest that if you are connecting networks together at any point, maybe 50% of the worlds networks use 192.168.0.x and/or 192.168.1.x, causing problems with either routing, site-to-site VPN's or client VPN access.

You maybe able to use NAT to workaround the issues, but reducing the pain of NAT or renumbering will make your life easier in the long run.

GDPR v2 – Gradually Diminishing Psychotic Robots: Brussels kills Terminator apocalypse

theblackhand

Re: its not the fully autonomous hunter killer death machines I worry about

Too many repeating characters...

12345678

Article 13 pits Big Tech and bots against European creatives

theblackhand

Re: Weighing things up

I'm unsure that music copyright violations are the real target. If the music has a long lifetime and some value, its likely to result in a take down that does enough to placate both sides.

The real target is premium content with a short shelf life i.e. sporting events or other events where there is no other footage available for months such movies with staggered regional release dates, concerts (although arguably this is likely to be more of a marketing tool than any real loss to the artist based on typical levels of quality), news footage and anything else offering pay-per-view type coverage. YouTube and Facebook use this "free" user content to drive ad revenue.

My cynical prediction? Content will migrate from YouTube ("free" content distribution with no restrictions) to Facebook (content restricted to friends and friends of friends and widely shared is harder to take down if the owners don't see it) followed by YouTube offering a similar private setting. For other material that still warrents enough profit to run the risk of public distribution, there will be Twitch (already users have come up with some ingenious ways to distribute content) or smaller file sharing platforms to allow it to make it to FB in the first place.

British Airways hack: Infosec experts finger third-party scripts on payment pages

theblackhand

Re: Looking at the JS

Thank you!

My question was going to be "could this be a case of exploiting an unnoticed typo or partially planned functionality that was never implemented by finding the error and discovering the domain was available" but the async AJAX suggests they were trying to minimise the impact of the calls so they remained hidden.

What's AI good for? Industrial or consumer tech? Meh. Airliners? AHA, says UK.gov

theblackhand

Re: AI ice prevention system

"the system simply prevents the plane from taking off."

Ahh...this already exists - it's called RyanAir....

Experimental 'insult bot' gets out of hand during unsupervised weekend

theblackhand

Re: Costly? No...

"Both PCs were useless until the Novel server was rebooted."

Probably completely useless information now:

1. Drop to debugger:

<left-shft><esc><right-shft><alt>

2. Put the dead process to sleep:

EIP = CSleepUntilInterrupt

3. Exit the debugger:

G

All going well, you might be able to shutdown cleanly following that....

GlobalFoundries scuttles 7nm chip plans claiming no demand

theblackhand

Re: Not a complete surprise

"especially so for people who care about security as well as performance, because of e.g. leaky speculative execution and cache consistency designs which have been revealed in recent months."

Any fixes for security issues revealed in recent months will likely require more die space OR a smaller process node to achieve the desired performance. The smaller process node will likely be required to match or exceed current performance with the fixes in-place.

i.e. if there is an answer (i.e. tagging cache entries with the privilege level of the process that filled the entry strikes me as the most likely possibility of keeping the benefits of caching while mitigating the worst effects of Spectre), a smaller process node will almost certainly be required to avoid a performance hit.

IBM slaps patent on coffee-delivering drones that can read your MIND

theblackhand

Re: What could possibly go wrong?

....a flying coffee drone could get sucked into the intake of Ginni's personal helicopter causing a catastrophic engine failure?

Oh...sorry, you only wanted to know about bad things

Use Debian? Want Intel's latest CPU patch? Small print sparks big problem

theblackhand

Re: Does Windows patch the microcode this way?

To set your mind at ease for latest MS OS releases:

https://support.microsoft.com/en-ph/help/4093836/summary-of-intel-microcode-updates

'Oh sh..' – the moment an infosec bod realized he was tracking a cop car's movements by its leaky cellular gateway

theblackhand

Re: Default passwords? In this day and age?

"It's not lazy, it's about cost and corporate profit. A few cents here, a few cents there, and pretty soon, the shareholder value takes a hit. Public agencies don't answer to corporate bosses but taxpayers and no taxpayer wants taxes raised to "fix" IT stuff since they don't understand it."

In many cases, the issue is poor planning and a lack of time to fully implement plans - we want to create/configure/deploy A with features W, X, Y and Z. By the time A is in production Y and Z are mostly done, X is on the to do list and W is forgotten about.

While this can be seen as a cost issue (if only we'd employed more people or taken more time to plan properly), in many cases this isn't apparent until long after the damage is done. Treating it as a corporate profit issue ignores the other cultural issues that result in these types of security problems.

Changing a default password is more likely to have been either a lack of product knowledge or a lack of simple security knowledge ("change any default passwords to something more secure"). Given the number of organisations affected, I'm frankly astonished that somebody within the organisations didn't question the lack of security.

Cracking the passwords of some WPA2 Wi-Fi networks just got easier

theblackhand

Re: What has changed...

For the key, it will be hashed to a 160-bit value via an HMAC-SHA1 function.

Pre-computing all possible 8 character passwords (assuming 96 characters possible from A-Z, a-z, 0-9 and 34 commonly used symbols on a standard keyboard - 96^2) requires 9.68 days on a single Nvidia GTX1080 @ ~8.6GH/second. (ref: SHA-1 hashes here https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40)

The equivalent 10 digit password (96^10) would take 244 years to pre-compute. With distributed cracking, this is doable.

By the time you get to 12 character passwords, you are likely safe for the next few years and 16 characters would allow for all but the most serious attempts at accessing a low value target and you are more likely to be affected by a weak password hash implementation than the password strength assuming you avoid anything covered by a dictionary attack.

Note: all password lengths assume SHA-1 hashing as used in WPA2.

theblackhand

What has changed...

My understanding is that this makes the capture of the interesting Wifi packets easier on newer Wifi kit, primarily due to being able to grab EAPOL packets without needing an existing client connected to the AP.

If you are using any EAP based security with a session lifetime set to a reasonable level (i.e. EAP-TLS or PEAP with <2 hour session lifetime), this introduces no real increase in risk.

If you are using WPA2 with a pre-shared keys, strongly consider moving to an EAP-based solution if you have servers running 24x7 and security is important.

If you don't have that option, as long as you have an adequate Wifi password (i.e. 16+ characters, a mixture of numbers and symbols and nothing that appears in any of the common hacking dictionaries) you're still forcing an attacker to go through a brute force crack of a SHA-1 password (i.e. 2^69+ potential combinations).

Feel free to correct anything I've misunderstood

The American dilemma: Competition, or fast broadband? Pick one

theblackhand

Re: Swamp -- Alligators

Trump came 25+ years to late to hand over the keys to the swamp.

The alligators had the keys to the swamp when it was just TV and long distance calls. The plan was simple:

- negotiate with local government to provide roll out of cable and phone services in exchange for limiting competition to one or two providers

- in the case of multiple providers, one would take cable (typically Comcast) and the other provider took voice.

Adding internet to the mix just gave the providers the opportunity to take more...

Naturally, every regulator has suggested a number of fixes (including net neutrality that seems to address the issues of Comcast etc by making large interconnects to content providers the only option while doing little for the majority of end users) while branding actual competition in cities afflicted by these duopolies some form of communism...

IBM Watson dishes out 'dodgy cancer advice', Google Translate isn't better than humans yet, and other AI tidbits

theblackhand

Re: Artificial intelligence

You misunderstand, this is an evolution of the win at all costs chess strategy.

Yo can't beat Watson if you're dead

NXP becomes N-nixed-P, Apple snubs Qualcomm modems for Intel chips

theblackhand

Re: Yes but...

Unless Apple have got some IP from somewhere, I would have expected their licencing costs to by a significant component of the total modem cost.

The only real reason for Apple designing their own would likely be power savings or some additional functionality (better vSIM's?) that reduced the chip size. But even then, the costs of validating your design with third parties would probably exceed any real benefit when compared to contracting an existing supplier to do it for you.

Brit spending watchdog brands GP Primary Support Care a 'complete mess'

theblackhand

Re: "When outsourcing goes bad!"

Normally, you expect outsourcing to be a gold-plated turd or maybe a competently delivered shit sandwich that vaguely provides what someone hoped the business or customers would want.

However, in the hands of the NHS and Crapita, you can really get the worst of all worlds.

Managed end of contract service handovers? who would need that? CHECK

Arbitrary cuts to budgets without anyone understanding the effects for years to come? Maybe even requiring a third party to come in and tell you how to do YOUR job? CHECK

Reassuringly expensive for both the initial failed delivery and subsequent attempts to try and deliver the original requirements? CHECK

Making thousands of peoples lives miserable? CHECK

Those responsible walk away with their Teflon shoulders in tact? CHECK

PR people making bland apologies in-spite of nothing improving? CHECK

(Note: NHS managers considering using this as a requirements document should contact me first...)

Page:

Biting the hand that feeds IT © 1998–2019