* Posts by Ogi

315 posts • joined 13 Nov 2009

Page:

'Millions of IoT gizmos' wide open to hijackers after devs drop gSOAP

Ogi
Bronze badge
Facepalm

Of course it won't happen anytime soon

I mean, why would vendors patch old hardware?

On one hand, they can spend time and money updating old firmware, then somehow sending the firmware out to owners, with instructions on how to update (and handle all the support calls), for no extra income, or..

They can just not care, state that the old hardware is "deprecated", and that the "fix" is to buy their latest shiny.

The second option is more profitable for them, precisely because there is no way of forcing them to fix old hardware. If you think about it, other industries have recalls, especially if a big problem is found, and companies are forced to do this, usually by whoever regulates their industry.

Software has no such regulator, so they can pretty much just wash their hands of the problem. If it causes the end user too much bother they should "upgrade" then.

Not sure what the best way of handling this is. On one hand, having millions of vulnerable IoT devices are just a botnet in waiting really. On the other hand, banning the devices from use or forcing companies to issue security patches both seem unlikely to happen and regulators could stifle what is a rather dynamic industry (for better or for worse).

My favorite solution is to just not have IoT devices unless absolutely necessary (and admittedly CCTV is one place where it is useful), however there seems to be a drive to shove a computer into every single thing possible, from children's toys to cars, and even lampposts, buildings and roads.

The world looks more and more like a cyberpunk dystopia as time goes on...

13
0

Russia launches non-TERRIFYING satellite that focuses Sun's solar rays onto Earth

Ogi
Bronze badge

I doubt the app is actually related to the university, more likely someone had the idea to pull public data (all non military sats blasted into space are tagged and orbit publicly logged AFAIK) and package it into a scam app with one of those "affiliate" referral type deals.

Someone is just trading on the public interest to peddle their affiliate scam.

1
0

UK spookhaus GCHQ can crack end-to-end encryption, claims Australian A-G

Ogi
Bronze badge

Re: "Me thinks the UK bod really was implying that you install spyware on one of the devices "

Maybe it did explode but nobody noticed.

Maybe nobody noticed because there wasn't anything in there to go "pop" in the first place?

Saying that, fat good it is having uber secure and encrypted app if you run it on a complete sieve of an OS like Android.

Fact is, Android was designed from the ground up for spying. That was its prime purpose. Sure, the spying was for Google so they could target ads and make money off you (hence the OS was free) rather than some dark government agency, but spying none the less.

Hence why permissions are such a tacked on joke, and you have to fight the OS to stop it sending data to third parties (and you can never be sure you got it all).

The problem is, even if Google do not co-operate and provide access to their spying system to governments (which I find unlikely they would deny, even if they publicly deny it) government black hats can reverse engineer the OS and find them themselves.

It is like when you insert a backdoor into a system, for whatever reason (even a complete pure and noble one), there is always the chance someone else will stumble upon it, and abuse it.

Same here, so when the GHCQ boss says they can access encrypted messages, I believe him, they don't have to break the encryption, or the app itself.

If the underlying OS is compromised, everything above it is blown wide open (to the point of them pulling the session keys out of memory if they wanted to). Keypresses, screen output, microphone, camera, the lot.

2
0

Beware, sheep rustlers of the South West of England! Police drone spy unit gets to work

Ogi
Bronze badge

A hackers dream...

...possibly delivered right to their feet for free.

I mean, a drone with a HD thermal imaging camera (with what looks like a decent lens on it), cool electronics, batteries, powerful motors, etc... I can imagine these things being pilfered by those so inclined for their parts alone.

Especially if the communication is the same COTS as pretty much all other drones (it tends to be, as a general rule, unless it is military spec). One successful MITM over say, a forest, and you could just make it seem like the drone lost power and crashed into the forest floor, out of sight.

By the time they go there to retrieve it, it can already be long gone (unless they send another one to look for it, in which case you might end up with two drones that day).

3
1

Electric driverless cars could make petrol and diesel motors 'socially unacceptable'

Ogi
Bronze badge

@JamesPond

Indeed, I had the same experience as you on public transport (and alas 13 years in, still am experiencing it), minus the cancelled trains. TFL tube has had cancellations, but not to the same level. On the flip side, standing is about 95% of the time on it.

I would add there is also the added worry of being mugged or killed. On the bus I take to my station, a guy was murdered by a recently released mental patient. Out of the blue, guy coming back from his commute, just like that. Guy sat behind the victim, and slit his throat because "the voices told him to". Didn't even say anything. I have to say I got quite nervous after that, especially when people sat behind me. Ignoring the bombings and other attacks that hit public transport links too, which didn't help matters.

Then you get all kinds of people, alcoholics, drug users, people who are rude, who spit at you, or just try to get into a fight. On the bus at least there is the driver, and a few times he has stopped the bus and thrown people out, but still a very unpleasant experience. A few times a fist fight would kick off as well, which is always fun, especially if you can't get out of the way in time.

The tube is worse because there is nobody there to deal with problems, and the other passengers will just ignore whatever is happening in the hope they are not next. Your best bet is to avoid anything kicking off before the next station, then get off and hope the other person doesn't follow you. If they do then just make a beeline to one of the security people in the station.

Quite frankly, if I could get a parking spot at work I would switch to a car in a heartbeat. Even sitting in rush hour traffic is better. At least there I am secure in my own little pod, I can turn on the air-con, sit in a comfy seat, put on some nice music on the radio, and chill. Sure it may take longer, but overall the experience is far more pleasant. I didn't originally get why people are willing to waste their time and money in such traffic, but a decade of commuting later (and a short consulting stint where I actually commuted by car) I now fully understand.

3
1

Hey, remember that monkey selfie copyright drama a few years ago? Get this – It's just hit the US appeals courts

Ogi
Bronze badge

Re: 2 thumbs up for this line

"Best line I have read in a while... and sums the situation up perfectly."

I fully agree. Made me laugh at the end, and so very true.

It is proof that between the lawyers, copyright system and arguing over who gets bits of paper with numbers written on them from a reproduction of a bunch of light waves, the monkey is the wisest of the lot. Just eat, sleep, shag and repeat. Pretty much the good life.

Sometimes I feel humans just invent problems so they can have an argument over them. I guess not having to run away from hungry Jaguars has given us quite a lot of free time, and some people are having trouble filling the hours with something productive.

11
0

Good luck building a VR PC: Ethereum miners are buying all the GPUs

Ogi
Bronze badge

Re: Cmon El Reg

> It still makes me cry.

Once I felt the same way. When I originally got into bitcoin I ended up mining 300 coins, I sold them at £25 a pop after a while to help with my first flat deposit.

Fast forward to present day, a bitcoin is worth almost £2000. Had I known I could have bought two flats outright with extra spending money on top.

A friend of mine who works in trading however, gave me a piece of advice "Any profit you can walk away from is a good result. Bitcoin has hit highs now, but it could just as easily have become worthless. There was no way to be sure of either future outcome".

And he is right. BTC could have floundered just as easily as it rallied. Makes me feel a bit better when I think of it that way. If you bought at £10 and sold at £30, then you made a very good return. ETH could have just as easily collapsed and you could have lost it all.

Saying that, I did get out of the cryptocurrency mining. I just can't compete with people in Asia who have stupidly cheap electricity costs compared to the UK/EU, not to mention they tend to get the newest hardware first due to proximity of hardware manufacture to them.

14
0

Zero accidents, all of your data – what The Reg learnt at Bosch's autonomous car bash

Ogi
Bronze badge
Unhappy

Re: Cars withe EULA

"The question is, if I buy a car - or a cell phone, or a computer, or any other tech - do I OWN what I paid for, or do I merely have a non-transferable license to USE my car in accordance with the car's EULA?"

The question on my mind is, how do you handle the second hand car market? Currently cars don't record an entire history of what happened in them, nor do you pay a monthly contract for the data connection.

What if it turns out to be like software? "Oh, you didn't buy the car, you bought a licence to use it", with all the restrictions, extra payments and general "fuck the customer" attitude that comes with software already.

Would you even be allowed to resell the car? What if they decide to change the licence terms, and you don't agree to the changes? Can they remotely disable the car until you agree? They can say you have 14 days to cancel your contract like with a phone, but do they just take the car away? Do you get a refund on your purchase price? Plus then you end up having to get another car with those terms already in the licence anyway, so you are screwed one way or another.

Bad enough having licensing restrictions and having monthly payments with software and mobile phones. Last thing I want to do is have a monthly payment and a EULA for my car as well.

The whole "connected automated car" thing sounds like a disaster in the making to me. Very dystopian, especially the whole "having cameras and microphones in the cabin" that are on all the time and tracking your eye movements and recording conversations.

Do normal people actually want this? I mean, as a geek I can think of all the ways this will go wrong, including the privacy and software security headache this would be, but even the "normal" people I know would not want a computer driving for them. I get the feeling this is more just being forced down our throats in the sense of "this is how the future will be, screw you if you don't like it" mantra that seems to have become quite pervasive in the last 10 years.

The only way I see these connected autonomous cars working is if you don't actually own them. You use them like you would a cab, bus, or public transport. Hail a pod from your phone/google brain implant, and it arrives to take you to any of the pre-vetted destinations (no driving around to areas the powers that be don't want you to see, citizen), ideally tailored to your preferences by AI as gleaned from all the data they collected on you. I guess you can sit in the pod and watch adverts inter spaced with a bit of entertainment to relieve the boredom until you reach your destination, then the pod leaves you there and goes to pick someone else up.

9
0

DDN burst buffer to bimble along more briskly after boost

Ogi
Bronze badge

Re: Not quite blurry enough...

I was going to say. They made it blurry enough for me to notice the number plate, but not blurry enough to be unable to read it.

Quite frankly had they left it alone I probably would have subconsciously filtered it out as I normally would.

Almost as if they wanted to let it be known :-P

0
0

Earth resists NASA's attempts to make red and green clouds

Ogi
Bronze badge
Black Helicopters

Re: Chemtrails FTW

> Just when I was thinking I hadn't seen much from the chemtrail crowd lately, along comes this one, the rocket is clearly just a cover to pretend they weren't already using planes to spread the stuff.

Naaah, people are so conditioned to ignore the tin-foilers that the deep state can not only not have to deny it anymore, but can dye the chemtrails funky colours in the sky, and the public will still not believe the tin-foilers.

I am sure it will drive the foilers nuts, especially as it is such a brazen public way of doing it!

/me tightens my tinfoil-hat strap.

3
2

Your emotionally absent pic-snapping partner's going to look you in the eye again

Ogi
Bronze badge

"And will they make the shutter click sound that is legally required in places like France? I sense an incoming ECJ sueball..."

Hmm, that is required for photo cameras. However if you are recording video, what is the legal requirement? If any?

I know that phones in franch make the clicky sound when a photo is taken, but videos seem to be silent. My old Nokia had a nice feature that if you were recording a video, a red LED would light up above the camera, so people knew when you were recording.

No modern phones have that (afaik) and they haven't been sued to oblivion, so I suspect it will be ok if the specs record constant video (and allow you to share "freeze-frames" from the video as snapshots).

1
0

Astroboffins spot a new type of galaxy bursting with stars

Ogi
Bronze badge

Re: Bah!

> So much for "science".

You could argue that it isn't Science at fault, but engineering :P

Specifically, Theorists have proposed multiple ways of getting to star systems, of varying "out-there-ness", from theoretical wormholes and warp drives, to more pedestrian systems.

I think the most practical one that could be designed and built with current tech is the Orion propulsion system, however politics and engineering challenges meant it never got anywhere.

The problem, as always, is power. Society thrives on energy, and up until the 60's, humans actively sought out more and more powerful energy sources to drive our societies. However with Nuclear we took steps back, as a race we decided against grasping this even more powerful energy source, and recoiled. Hence the somewhat stagnating quality of life, economy and energy tech advancement (apart from refinements into existing tech).

Eventually we will get kicked in the balls and will have to move forward, but till then we won't really move beyond the current space tech.

1
0

Bye bye MP3: You sucked the life out of music. But vinyl is just as warped

Ogi
Bronze badge

> Have you recently watched a VHS tape? You might find (like I did) that while "bad quality" is not part of what you remember, VHS is shockingly bad by any means.

Well yes, but it looked better on the old CRTs because they tended to blend the lines between scans, and because of the refresh rate sudden changes, and because the screens were smaller, quite frankly.

I played an old VHS tape on my flat screen TV, and it looked awful. However when I went to my grans place and played it back on the her 25+ year old CRT, it actually looked alright.

The technology worked well enough at the time, and they were matched. Not how I imagine one day, when people are used to 12-bit 4K video will look at 720p videos and wonder how they managed to watch such poor quality.

4
0
Ogi
Bronze badge

Re: What's the point of mp3?

> Most modern music has the dynamic range of a sheet of paper, with more compression than the bottom of the Mariana Trench. I don't think mp3 makes much difference there.

That is probably why most people can't hear the difference between the original source and highly compressed mp3 anymore, so people just stick with highly compressed mp3, played through a tinny bluetooth speaker.

What would be nicer, is if there was a push towards proper mastering again. I heard that when SACD came out, the big draw was not so much the 192KHz sample rate and 24/32bit precision, more that they were building a format for audiophiles, meaning they mastered the damn thing properly.

Fact is, adding dynamic compression is easy to do, but hard to undo. I can easily add dynamic compression to music (the open source audacity suite will do for that, if a bit overkill), or you can buy sound compressors that you patch into your hifi and alter the loudness as much as you want.

However trying to reduce dynamic compression is impossible. When you normalize all the peaks in a sound file, you don't know what their original values were, so you can't "undo" the compression. Without the uncompressed source you are screwed ( AFAIK, any sound engineers out there, feel free to correct me. I've been out of the loop for a while now, so don't know the state of the art),

4
0

Nukes tests caused space weather, say NASA boffins

Ogi
Bronze badge

Re: IIRC these were the tests that showed what EMP could do to electronics

> Since valves the size of a MOSFET do not exist (and cannot exist at that scale),

Ahem...

https://www.theregister.co.uk/2012/05/24/nan_vacuum_tubes/

http://spectrum.ieee.org/semiconductors/devices/introducing-the-vacuum-transistor-a-device-made-of-nothing

1
0

All that free music on YouTube is good for you, Google tells music biz

Ogi
Bronze badge

Re: Radio?

> 1) FM radio quality was still FM quality (and AM was even worse). What's the quality of a internet radio?

It varies. On youtube the music videos range from acceptable quality to poorly transcoded clipped songs done by someone completely ignorant of how to make a recording. FM radio was pretty good quality in comparison, 32KHz rather than 44.1Khz of CD, but pretty good, and in general was mastered by professionals so everything was the same loudness (except the adverts, but that is another issue).

On actual streaming radio stations, it again varies. Quite a lot go as low a bitrate as possible (I have seen 48kbit/s AAC) because bandwidth is a cost, and the lower your bitrate, the more listeners you can cram in down a pipe. These usually sound worse than FM Radio.

Some radio stations (usually ones with actual adverts who make money) will be higher, between 128-320kbit/s mp3/aac. These do sound pretty good.

The streaming radio stations usually have decent mastering, I guess some sort of automatic system that matches line levels of the different songs and adverts, so still better than youtube.

1
0

Drugs, vodka, Volvo: The Scandinavian answer to Britain's future new border

Ogi
Bronze badge

I don't think this will work here...

... for the same reason that adding cycle lanes and other rules and regulations didn't turn the UK into the Netherlands when it comes to cycle culture.

The Nordics (at least based on my exposure to them) have a more homogenized culture, one that is very respectful of authority and obedience to rules and regulations. The Swedes in particular pride themselves on being "good citizens" in that sense.

As a result just having a few cameras to monitor the situation and keep track of the odd nefarious outliers works fine.

However the British isles have a more rebellious and anti-authoritarian culture historically, especially between the Brits, Scots and Irish. Not to mention a diverse set of peoples and cultures from around the entire world, all of whom have different attitudes to authority and rules.

Mix that with some lucrative cross border booze/fag/other "business opportunities" and you have a recipe for bedlam. I highly doubt a couple of ANPR Cameras on backroads will stop a dedicated team of Glaswegians from shunting god knows what across the borders between the EU and May's "Tax haven Britain", let alone everything that may pass through Ireland and NI.

Hell, I am sure in this very thread we will have a whole selection of methods for defeating this idea and getting whatever you want across the border, and this is just a casual public discussion between strangers.

At this point however, it is happening, so we are all along for the ride in this train-wreck in waiting. Get some popcorn and enjoy the show :-)

25
3

Mozilla to Thunderbird: You can stay here and we may give you cash, but as a couple, it's over

Ogi
Bronze badge

Perhaps a Good thing?

Seeing as how Mozilla have been ruining Firefox in a misguided attempt to make it into a (poor) clone of Chrome, I think having Thunderbird detached from them is a good thing.

Quite frankly, I have been moving away from Firefox due to their messing with it (if I wanted a browser like Chrome I would just use Chrome, FFS) and Thunderbird is still my go-to email client (even for webmail systems like gmail).

All I would ask, is for some decent native CalDAV implementation. The Calendar plugins always seem a bit "tacked on" and not fully integrated, and sometimes will cock up.

Also, make the "smart search" work. It is completely useless, finding either no emails, or hundreds of emails, none of them related to my search terms. The "email filter" search that was the original method is far more intuitive and works better, but you have to enable it specifically, and it only works on a "per folder" basis.

Apart from that, Thunderbird is a solid piece of software, doing what it was designed to do, and doing it well. Please don't chase stupid "UI Fashion" and other buzzword crap like Mozilla has done with Firefox, just concentrate on bugfixes and the odd feature request, and you will do well.

10
1

Linux Mint-using terror nerd awaits sentence for training Islamic State

Ogi
Bronze badge
Black Helicopters

Re: Low tech

> So guided missiles are low tech now?

You know, when you sit and think about it, they kind of are, nowadays.

The first guided missiles to be used in combat were used by the Nazis in WWII, so we are talking almost 70 yeas ago. If they could make guided missiles 70 years ago, It would surprise me if a team of dedicated people with knowledge of programming and electronics, and with access to machine tools, would be unable to do the same now.

In fact, consider the arrays of sensors and servos you can attach to an Arduino or Raspberry pi, not to mention the compute power of these small systems eclipse anything available back then.

Sure, I don't think home made guided missiles would hold their own against the latest military hardware, but if the goal is to hit undefended civilian targets (like airliners) then they could work.

In fact my biggest surprise is that someone hasn't done it yet I remember a guy who tried to build a DIY cruise missile, but got shut down by the government when it was realised how easy it was for him to do it.

EDIT - Found the original sites (from 2003). Consider how now there are quite a few autonomous autopilot projects which are open source and open hardware, and it should be even easier to do the below if you were so inclined:

https://hardware.slashdot.org/story/03/04/29/1857212/build-your-own-cruise-missile

http://www.aardvark.co.nz/pjet/cruise.shtml

http://www.interestingprojects.com/cruisemissile/

( Black helicopters because I am sure I ended up on some "lists" due to my most recent Google search history in order to dig up this info)

9
0

It's paydaygeddon! NatWest account transfers 'disappearing' (not really)

Ogi
Bronze badge

Re: Cobol

> And the last time I had a bank that couldn't run as a bank, I withdrew all my money, and switched. People need to look at their bank's ratings, and move when need be.

Switched... to where exactly? So far every single major bank has had some sort of "technical problems", or a security leak, or some other godforsaken issue.

At this point, I would rather just put it all in cash under my mattress, but I can't convince my company to pay me in bags of used £20's, and more and more things are "online only" or "card only", so can't use cash.

So have to have at least one account. Can anyone recommend a decent bank that does not have such problems? Natwest has been the best so far, but they have been faltering lately.

0
0

Colliders, containers, dark matter: The CERN atom smasher's careful cloud revolution

Ogi
Bronze badge

Re: Code optimisation looks to be key here

> We generally don't, But often – especially given other demands for resources – it is the least cost inefficient.

Indeed, back in the early days of computers, computing power was more expensive than programmer time, so it made sense to get programmers to spend a lot of time to optimise their code to the limit to get the most power out of the machine. Hence you saw amazing stuff done with what we today consider an impossibly small amount of RAM and CPU power.

However now that has been inverted. Computing power is a lot cheaper than programming time, so sometimes "just throw more hardware at the problem" is the right answer. In fact it seems to be the more cost effective choice pretty much everywhere (Except embedded and aerospace industries, and to a lesser extent the HFT Finance area).

0
0

Just how screwed is IT at the Home Office?

Ogi
Bronze badge

Re: There's only one way to fix this

"So bring in IDS. He'll fuck the whole Home Office IT so comprehensively that it can never be resurrected. So it will be abandoned and they'll stop chucking money at it."

If past history is any sign, nothing will ever get abandoned by the government. They will just throw more and more money at it, indefinitely. They may rename/rebrand things from time to time, or merge and split with other projects, so the public thinks something was shut down, but that is just pulling the wool over the public eyes.

After all, they are spending other peoples money on this, no skin off their back, and if they manoeuvre smartly (which they can, otherwise they would not have been successful in politics), they can stick their noses in the money stream as well. In the end they just raise taxes/cut expenditures in other areas, or go into debt (future tax income) for it.

9
0

NASA agent faces heat for 'degrading' moon rock sting during which grandmother wet herself

Ogi
Bronze badge
Coat

Re: Why does the US care if people own bits of the Moon?

> Of course, if Apple manage to land on the moon, they'll retroactively patent it anyway, and call it iMoon. Then sue everyone who's ever looked at it.

I am not sure, I think it is more Apple's style to patent the "Look and feel" of the moon, and sue anyone who owns something that is round and mildly reflective. :-)

Sorry. Mines the dull non rounded one on the hook.

21
2

No more IP addresses for countries that shut down internet access

Ogi
Bronze badge

Would it be applied equally?

I mean, the UK government has the power to shut down the internet too.

The Civil Contingencies Act and the 2003 Communications Act can both be used to suspend internet services, either by ordering internet service providers (ISPs) to shut down their operations or by closing internet exchanges. Under the protocol of the Communications Act, the switch-flicking would be done by the Culture Secretary.

(From: http://www.independent.co.uk/life-style/gadgets-and-tech/features/could-the-uk-government-shut-down-the-web-2235116.html ).

So the government haven't done it yet, but the law is on the books, and they can do it if they want. However if the UK government decides to do this, would they really blackhole the whole UK from the rest of the internet, like they say they would do to some African country? What about places like the USA, where you can't technically blackhole them (because so much backhaul goes through the country).

This seems like an ill thought out solution to the problem of governments denying access to global communication to their citizens.

1
0

Parcel bods Hermes become latest London drone delivery droogs

Ogi
Bronze badge

Re: Seriously?

These things have cameras, so I suspect they'll post their theft to Youtube while they can (ergo, subverting these things is but a jammer away).

True, but seeing as quite a few youths actually film themselves doing crimes (and post it on fb/youtube) I doubt they would bother with the jammer. Half the kick they get seems to be from the fact they end up a minor online celebrity in a video for doing something. Like that "happy slapping" craze a few years ago, or even now where someone pinches something, then posts a selfie with the hot goods to fb.

People who do these kind of things don't usually plan ahead and think things through in the first place, let alone consider the wisdom of posting evidence online.

Those who are criminally minded and organised/smart, probably wouldn't bother with these things in the first place anyway, so they are not much of a concern.

2
0
Ogi
Bronze badge

Seriously?

Hermes.... The one company that holds the unique position of being a courier company that not only fails to deliver parcels to my door in a consistent manner (around 95% failure rate), but is also the only courier company I ever used that failed to *pick up* a parcel I had tried to ship with them.

Getting hold of a human was tough, and never managed to get a decent answer out of them, so bit the bullet, ate the loss on money I paid Hermes to deliver the parcel, and just sent it via RoyalMail instead (who, despite all the complaints people have, generally seem to be the best at actually delivering parcels where they need to go, for a decent price). Turns out you really do get what you pay for when it comes to the "cheap" option, and they are not that cheap any more as it stands anyway.

Needless to say, I never use Hermes, and if I find out the seller/shop uses them, I seek out to buy from whichever of their competition uses someone else.

Now, Hermes wants to use self driving robots for deliveries? I guess they really want to hit 100% failure rate with me :-)

In seriousness though, what stops people picking up the robot and its contents, shoving it into a bag and making off with it. Looking at the size of the thing, it will be even easier then pinching peoples pets (and that happens surprisingly often). What about vandalising them? Trying to steal their contents? Or just the local yobs after a few pints who decide it would be funny to throw it into the nearest canal/river/sewer/garbagecan just for fun?

11
0

Software dev cuffed for 'nicking proprietary financial trading code'

Ogi
Bronze badge

> I do wonder if there is a non-draconian way to mitigate for that risk.

Code reviews.

Specifically doing code review before deployment to production. For such an attack to work, you would have to have the reviewer and the developer working together. It goes from a "lone wolf" type attack, to one where you need a conspiracy amongst multiple people in the chain for it to be possible. It increases the chances or slip ups/detection or someone pulling out and exposing the others involved.

Plus, in addition to spotting backdoors, code reviews can sometimes aid in detecting bugs the other dev didn't notice/see/test for, and can be a good idea to do anyway when doing dev work.

1
0

So my ISP can now sell my browsing history – what can I do?

Ogi
Bronze badge

Re: I would take another route

Sounds like what you want is a big distributed VPN. Essentially what the internet is already, but fully encrypted.

the i2p project is what I looked into: https://geti2p.net/

Sounds very much like what would be the solution. The only problem is that unless you have a gateway to the wider internet, you are stuck to what services are run on the I2P network. However you (and your mates) can host whatever you want on it, including IM, web, etc... and you go from there.

I might have another look it, however the other problem is if all my traffic becomes encrypted, that will just single me out as someone that the powers should "pay close attention to".

Atm, not sure if wiser to secure yourself, or attempt to get lost in the noise. For now running a yacy search engine spider on my machines. That way the bot is constantly spidering the web so we get an open source P2P search engine that is usable with an up to date index, and my browsing hopefully gets lost in the noise.

2
0

UK Home Sec: Give us a snoop-around for WhatApp encryption. Don't worry, we won't go into the cloud

Ogi
Bronze badge

> incidentally, how the actual fuck do we know matey boy used WhatsApp before the attack? a copper went nudge nudge wink wink to a tame journo? they've got his phone and WhatsApp installed?

A far more interesting question, that few have asked so far. I asked myself the same question. From what I have gathered, the arrests in Birmingham happened directly because the attacker sent two whats-app messages to contacts at those addresses before he did his deed.

This leads me to think that they probably had the "metadata" (i.e. they were doing real time scanning of the whatsapp network to see who is messaging who), but are unable to decipher the messages themselves.

So now they want to decrypt the messages to find out if the people they arrested were in on the attack, or just unfortunate people who he texted last (maybe to say good bye or something).

Unless they knew in advance an attack was going to happen, I can only assume they are constantly monitoring who is talking to who on whatsapp, and (for the moment at least) it seems they can't actually read the message contents. Facebook can provide them with access to the network, but the enctyption is still client side "end-to-end".

Perhaps a future version of whatsapp will be crippled by fb, not unlike how MS crippled Skype after they purchased it.

27
0

Carnegie-Mellon Uni emits 'don't be stupid' list for C++ developers

Ogi
Bronze badge

Re: Good advice but

> Some of the advice is borderline farcical, not because the advice is wrong but because the language allows those things to be written in the first place.

Any language flexible enough to give you full and total control over the machine is powerful enough to blow your foot off if used incorrectly.

The concept of C (and C++ presumably) is that the language is your servant. You tell it exactly what to do, and it does it (as long as it is a valid instruction). It doesn't advise you, it doesn't question you, and it doesn't deny you the ability to do something.

Of course, whether it does what you intended it to do, or goes off and kills a puppy, is an issue of programming ability and/or understanding the problem set you are trying to solve (and the constraints of the environment).

Like most tools, there is a time and place for it. I am not going to whip up a quick C program to parse a text file, but likewise I am not going to write a kernel (or embedded code) in Python or Bash.

I think it is a good thing that CERT has done this, like a "best practices" if you want to write more secure, less exploitable code. It is up to the end user whether to follow it, or whether they really need to access unallocated memory for some particular reason.

No comment on Rust, because I haven't had a look at it myself, but have heard good things from people.

20
1

'Sorry, I've forgotten my decryption password' is contempt of court, pal – US appeal judges

Ogi
Bronze badge

Re: Valid excuse for the more elderly of us

Not just the elderly. My twenties and teenage years were littered with lots of encrypted files I cannot the remember the passwords to.

Some of them were just my attempts at hiding porn from my parents, others were attempts at encryption, some are my personal files backed up to be stored remotely , etc...

I still keep the files in the hope that one day I will just remember what the password was like a bolt from the blue (it has happened), but if you asked me to remember them right now I probably couldn't.

Hell, if you threatened me with prison time and demanded I unlock something right now in front of police officers, I probably would be so nervous/stressed that I could not actually remember the password, even if I typed it in earlier that day. Being under massive stress can make you forgetful, this is well known.

And I am not alone, just yesterday I had to bruteforce a friends password protected word document because back in 2012 she encrypted it (has all her bank account info in there) and has forgotten the password.

Forgetting passwords is so common that people invented password managers, so you only have to recall one single master password.

The court is essentially saying that forgetting is a crime here (whether the guy really forgot or is blocking is irrelevant, as we have no way of being sure which it is), which I find mind boggling, but then again, a lot that has been happening in the world is mind boggling to me, so a bit more should not surprise me anymore.

25
0

Everspin's new gig: a gig or two of non-volatile RAM on PCIe

Ogi
Bronze badge

> The first of the new “nvNITRO E” range will be a half-height, half-length PCIe card that can operate as an NVMe solid state disk, or as memory mapped IO (MMIO).

How is this different to other NVMe setups? I have a PCIe NVM card (120GB) in my server. It cost me £70 all in, and is rated at 6Gb/s bulk transfer and some stupidly high IOPS that I can't remember right now.

I can use it as swap (in which case it just becomes allocatable memory, and the OS handles all the paged MMAPing), or I can use it as a file store, and MMAP files directly on it for the same effect.

I don't see what is special about this startup, except their NVMe offerings are really low capacity? The 120GB SSD is running as swap and it actually works pretty well. I have used ~105GB of swap on the 32GB RAM machine, and it was still usable and churned out data at an acceptable rate (this was for peak loading, most of the time 32GB is enough, I just didn't want the machine to die when the peaks come in, and couldn't justify the cost of 256GB of RAM for it ).

> Everspin asserts its product is rather faster than Intel's 10 µs and, critically, that you can read and write to it all you like without the prospect of the medium degrading.

That will depend on the cost. When my SSD eventually wears out, I will just buy another one (as they would most likely have gotten cheaper by then) and carry on.

It might be cheaper to just treat the SSD as consumable, and replace when they wear out. Each time you replace you will get a newer/faster/cheaper/higher capacity version due to the march of technology.

> The cards claim 1,500,000 IOPS with six microsecond end-to-end latency, making them rather useful in scenarios like high-frequency trading where the odd microsecond can be the difference between profitability and purgatory.

HFT shops have long since moved away into FPGAs with local RAM, computers have been relegated to babysitting the FPGAs and monitoring/restarting them as and when needed. You don't need uber low latency memory for that.

They do mention merging their memory with FPGAs, and that might prove an useful niche for the technology, but that hasn't been done yet, and no idea if it is a worthwhile and profitable niche (FPGAs do need to store some data, but not much, most of HFT is simple arb strategies just done stupidly fast based on data in/out of the network port)

0
1

MAC randomization: A massive failure that leaves iPhones, Android mobes open to tracking

Ogi
Bronze badge

Re: Since the phone can be tracked anyway, why bother?

> Whoah, that's never been my experience, so I'm curious as to what accounts for that. Could it be a a matter of your environment i.e your phone has a clear view to the sky, so uses less juice to listen for the satellites?

Well, I am in London, so mostly buildings in the way, and generally poor GPS signal.

> I usually drive a small van with metal sides, so my phone can only see 180º of horizon through glass (whereas most cars would offer mostly glass through 360º.) I don't know if this could account for a high battery drain.

I don't see how tbh. The GPS does not transmit anything, so all it has to do is sit idly and wait for a satellite to come into view. This might use some CPU and memory, but not a noticeable amount. How much it uses shouldn't be affected by whether it has a lock or is still searching for satellites, because even when it has a lock, it is still constantly looking for more satellites, so that if one drops out of view, it can carry on seamlessly.

One thing might be is that I use Samsung phones, which can use both NAVSTAR and GLONASS systems, so generally I can always get enough satellites for a lock, even through cars (Although admittedly have not tried with a van). In comparison when I use my dedicated NAVSTAR bluetooth GPS device, I don't get as good a lock, if I get a lock at all.

0
0
Ogi
Bronze badge

Re: Since the phone can be tracked anyway, why bother?

> The answer is to turn WIFI off until and unless you intend to use it right then and there.

Indeed, there was a nice open source Android app on f-droid which would use your GPS location to decide whether to turn on the wifi or not. That way I could tell it to turn on wifi only when I am at my home, or a friends place, otherwise it just turns off.

Having pure GPS on was not that much a battery drain. It is also passive so nobody can track you with it, and my Android phone was a custom ROM without any Google stuff, so they were not tracking me either.

However, I am noticing that it is getting harder and harder to get decent working custom ROMs for phones, especially after Cyanogenmod got sold. Lots of half hearted buggy attempts though, usually by a single dev who gives up shortly after the first couple of versions, when bugs are actually raised.

1
0

Germany to roll out €100bn gigabit internet network

Ogi
Bronze badge

Re: oooo

> i live in rural France my average speed is wait for it, wait fir it... 0.47mb

Depends on where. A friend in rural France (Near the Pyrenees) has 30mbit/s ADSL, and apparently the village is earmarked for a new fibre backbone connection (along with electricity upgrade to underground cables), so soon he will have a faster internet connection than I do in central London :-/ (apparently he will get 100mbit/s).

4
0

Road accident nuisance callers fined £270,000 for being absolute sh*tbags

Ogi
Bronze badge

Consent, really?!

> People using those websites had agreed to their details being shared with "third parties whose offers we think might interest you".

BULL-SHIT. I am sorry, but I never click to consent for my data to be shared with third parties. Secondly, I don't put my phone number down unless I actually have to (so, insurance primarily, and a select few sites for sensitive/secure stuff).

Yes somehow they keep calling me about my "recent accident" on my mobile, despite the fact I never had an accident in my life, nor claimed on my insurance.

They just dial random numbers and play their automated crap. At one point I would get 3-5 of these calls a day, and it is really frustrating, especially if I am waiting for an important call.

The worst part is if they get busted, they just go "oh, we thought these people consented when we bought the list", when the "list" of every single number they could think of was bought from a shell company most likely owned by these turds in the first place, and then conveniently dissolved so the trail goes cold.

Thanks to voip, I also get "PPI Insurance" recordings from apparently local landline numbers, so I can't even filter them out any more. Also loved the "UK number" call where it was an actual Indian call centre woman who called me about my "recent accident", and actually had an argument with me over the fact I never had an accident. Quickly became apparent she had no idea about UK law or even how the insurance system works here, at which point I hung up.

> Media Tactics has also been given a legal notice compelling it to stop making unlawful calls. Failure to comply with this could result in court action.

Maybe this is why for the last few weeks the calls had stopped. Good riddance. However I know they will just form another company with the existing lists, and carry on again for a few years before that one gets shut down as well, and so on so forth.

10
0

Anti-TV Licensing petition gets May date for Parliament debate

Ogi
Bronze badge

Re: Good going cobber - Pollution reasons

> BTW a 1.6 petrol Zafira A (also in my interesting stable of vehicles) is good for best part of 50mpg at 50mph, but this is already dropping off by 56 and is noticeably less by 60, by the time you take it on an autobahn 'flat out' (about 100mph) you are down to 15mpg or less.

This is an interesting topic. I always believed cars fuel efficiency was based on a combination of gearbox ratios, final drive ratio, engine tuning and engine type. The cars I have driven seem to have engines tuned to be most fuel efficient around the 3000 rpm mark ( except the VW Turbodiesel, around 3000 rpm the turbo would start running and your mpg drops like a rock).

Now, what speed you are at varies by which gear you are in. In top gear at 3k rpm one of my cars seems happy around 75 mph, and the other around 85mph. However I wonder if in lower gears this would match up with the 56mph mentioned above.

I would like to test this out, however 56mph is a bit of an odd number to reach. It is too slow to go on the motorway (where I can set the cruise control on the car, and see what mpg I get over a period), and too fast to do the same on A roads (with traffic, lights, pedestrians, etc... impacting mpg). What I might do is see if 56mpg corresponds to 3k in a particular gear, but that would not prove it is the most efficient place to drive at for fuel efficiency.

0
0

Fancy that – the sharing economy lobby doesn't speak for the sharers

Ogi
Bronze badge

> My threshold's just gone up by a pound.

> And again.

> And again.

Alas, that only works if everyone else who can do that job does the same :-) .

Otherwise they will just replace you with another cog willing to work for cheaper and carry on.

0
0
Ogi
Bronze badge

> Then you'll have no other place to go, and they're free to fix the pay as low as they like.

I believe in those situations collusions/pricefixing/market failure, people tended to band together into Unions, and collectively deny their labour to the company until an agreement is reached.

Although not sure how that would work in the era of automation. The minimum wage hikes in the USA seems to have resulted in more people being laid off and replaced with automated machines (e.g. fast food servers replaced by computerised "order kiosks", checkout staff replaced by "self-serve" checkouts).

If automation becomes an actual like for like replacement for unskilled/semi-skilled labour (minus the initial capital cost), then unionising and collective bargaining will not work as intended. Then the capitalists (Those that own the capital, i.e. assets) are pretty much in total control.

3
1
Ogi
Bronze badge

On a related note. I actually did some reading on the "Luddites". Despite being portrayed as uneducated numpties that smashed machines because they were against technical progress, it turns out they had some legitimate grievances.

The machines were owned by a few wealthy men, who reaped most of the rewards from mechanisation of the cotton industry. Before, people worked in cottage industries, they were their own boss, worked on their own time, and had a good work life balance. The skills earned would result in a decent income for them, and could be passed down the generations. They themselves were not against progress, having (and developing themselves) quite a few machines to improve their productivity and increase production.

However when rich men got wind of these machines, they had the money to pay specialists (e.g. clockmakers) to build even more advanced and fancy versions, on a much grander scale. As a result the machines became too expensive for normal people to afford, and many could not compete.

These people then became wage slaves. No longer able to work and take breaks when they wanted, the people were shunted into long gruelling days and nights of shift work, where their injury (or even their death) was not a concern to the owners. The wages were so small that many had to move out of the countryside farms/cottages and live in factory provided slum houses that were disease and filth ridden.

The price of one machine was far beyond what they could afford, so only those with money could buy them, and then make even more money on the backs of others.

It was due to this that the Luddites revolted, not some anti-technology bent. They were reduced and dehumanised to nothing more than meat cogs in a machine. Indeed it was due to this revolt and the rumblings of further violence that the government actually stepped in and started defining things like safe working practices, employee rights, a minimum wage and other things we now take for granted.

Looking at this modern "sharing economy", and automation, I can't help but see some repeating patterns. if we manage to develop robots who are a direct replacement for humans, most of which will again be owned by rich corporations, we reduce most of humanity to being zero hours "temp workers" struggling to make ends meet, it will cause some serious upheaval.

The upheaval will be delayed as long as we have the state to provide welfare (if nothing else than a soft cot and three squares a day), but I don't think having masses of people basically living off the state in slums and a few very wealthy people/corporations owning and running everything else will function as a long term societal structure.

Even in the times of kings and peasants, the elites had to protect themselves. Those castles you see, were as much to protect the royal family (and their supporters) from their subjects as it was to protect against foreign invaders. Despite this in the end it still wasn't sustainable (hence the revolutions in France and Imperial Russia, and the reformation of other monarchies into modern day states).

13
0
Ogi
Bronze badge

> They are quite happy to make money from the labour of others, but not so happy to adequately emburse those who actually do the work and generate the wealth.

A previous boss of mine once told me quite honestly (when I asked for a raise) that the company "pays the employees one pound over the threshold where people would just resign".

It is a fact of life that a company/client/whatever will pay the minimum they can get away with. It is your job (as provider/employee) to demand as much as you can.

The company will give you a price for your labour which it thinks is what the labour is worth. If you think your labour is worth more, you are free to entertain offers from others. Otherwise you take the best offer you can get. That way the market sets the price of your labour. Whether it is "fair" or not doesn't really play into it.

In my case, at that point in time, I was unable to get a better offer for my skills (and didn't get the raise), no matter whether I found the wage unfair for the skills I was providing. So I put in the effort to upskill and left the job a year or so later for more pay.

It did teach me however to take a very mercenary approach to work. Your client/company is not your friend, or your family (despite this rather modern desire to make me feel like they are. I find it a bit creepy tbh).

They will not hesitate to get rid of you when you are no longer of any use to them. Loyalty is for chumps in their eyes. So now I do the same, if I get a better offer from someone else, I will go for it.

14
1

Tesla 'API crashes' after update, angry rich bods complain

Ogi
Bronze badge

Re: Electric Cars and Cloudy Apps...

> And you still have to turn them off and on again to make them work.

> Welcome to the bleeding edge of 2017.

I know!

It is like people looked at the state of their computers and mobile phones, and said "You know, I would really like my watch, my car, my fridge, my TV and everything else to be just as much an insecure, buggy, spyware infused, headache inducing PITA as this is".

I for one try to keep the amount of technology I use to a bare minimum to get the job done efficiently, but apparently I am an outlier, and people want their lives to be really complicated and unreliable (which they then moan at me about, because I am a "Tech guy" who can fix it all with a magic wand)

15
0

That CIA exploit list in full: The good, the bad, and the very ugly

Ogi
Bronze badge
Devil

Re: Where's Linux?

> I didn't see Linux in that set of bullet points. Is it secure or are you still reading about all the exploits they have for it? Enquiring minds are anxious to know.

I am still reading through the data, but based on what I have read (and wikileaks actual press release: https://wikileaks.org/ciav7p1/ ) Linux is a target and has been compromised.

Just an example quote from the press release link:

"HIVE is a multi-platform CIA malware suite and its associated control software. The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants."

No mention of the BSDs so far though (hence the Icon).

5
0

Cybercrooks charging more than the price of a new car for undetectable Mac malware

Ogi
Bronze badge

> But I brought 40 Bitcoins last year for only $250 a coin. It's a bargain for those who thought ahead!!!!

Indeed, I at one point had 500 of the damn things, but sold almost all of them when they were £15 each. If I had only known....

Saying that, the 40 bitcoins they are asking depends on whether who is buying can make a profit. If someone thinks they can make more than 40 BTC of profit utilising the software, they will go for it and write off the cost against revenue (not unlike any other business). Any haggling to lower the price is just a benefit (and I am sure they would try).

Also, limiting access to the software means that very few whitehats will have a chance to reverse engineer and work on defeating it.

In some ways, it might actually be a scam. Claim to have amazing uber undetectable malware. Advertise it for $stupidly_high_price, perhaps claim you have sold a few licences already, and see if you can get the white hats to stomp up the dosh to buy a copy just to see what the threat is (especially if they haven't detected it in the wild, so might actually be "undetectable"). After purchase they find out it is useless (the malware equivalent of "Hello world" perhaps), and the seller is 40BTC richer for little effort.

Sure once the white hats publish their critique of the malware and say it is no threat and/or develop defences against it, no more sales will come, but still, it earned something initially. It isn't like you can ask for a refund if the software isn't fit for purpose, and I doubt it has a warranty attached to it.

2
0

Iconic Land Rover Defender may make a comeback by 2019

Ogi
Bronze badge

Re: Which market segment will they go for?

> parking problems of a Unimog.

What parking problems? You can make your own parking space with a beast like that =)

Friend had a custom Chevy suburban ( Suburban body with Humvee bottom end and mil spec tyres) in London for a while. The wheels were too big for clamps and the beast too heavy to be towed, so he could park it literally wherever he wanted. It also took up 1 and a half road widths, so driving through London rush hour traffic was really interesting.

5
0

Has your spouse stayed on after Mobile World Congress? This sex doll brothel might be why

Ogi
Bronze badge

Re: Nothing for the wimmin?

> I came here expecting to hear about male dolls.

Most women who are into using inanimate objects seem to only really need one part of the male anatomy for their pleasure. Also, it is far easier for women to get a man for a night than vice versa, so a woman who wants animated anatomy plus its life support system can find one relatively easy.

Saying that, perhaps in time that will be the case as well, but they figured "Lonely desperate men" are a market segment not to be ignored (Of course, not all men who would be interested in this are lonely and desperate, but a subset will be, and they can be a decent source of start up income).

Also, I suspect the women would want the dolls to actually, you know, move (in and out, if nothing else). So once they get the inanimate bit down pat and find whether it is a viable business model, they can look into animated dolls and upgrades in order to increase market penetration and broaden its exposure.

13
2
Ogi
Bronze badge

Re: I'll leave this here.

> "I asked my wife if she’d mind me having sex with a robot that looked exactly like the actor Gemma Chan and for some reason she said that she would mind that."

Why would she? You are in the end screwing an inanimate object (*1). Except that just being a fake boob or fake orifice of some sort, the bits come together ready assembled in humanoid form.

If an inanimate object can rival your partner for company and enjoyment of life, then you already have massive relationship issues. For people in happy relationships, it would not be seen as a threat (any more than those women who use all those electric toys from time to time).

(1) Not that I would be that interested or keen in screwing inanimate objects, but each to their own.

13
2
Ogi
Bronze badge
Coat

Re: I really wouldn't want to be...

> Easy enough to have it done by a robot.

But who would clean the robot cleaning robot then?

" It's robots all the way down! " :-)

21
0

Two-thirds of TV Licensing prosecutions at one London court targeted women

Ogi
Bronze badge

>>"Because most courts refuse to accept that it's possible for a woman to rape a man.

>The legal definition of rape is "penetration of the v*g*n*by the p*n*s". So, legally speaking, it really is impossible for a woman to rape a man (asterisked to avoid the draconian Internet filter where I work).

Yes, I seem to remember hearing about similar (my ex was a lawyer). Due to the definition, a lot of female/female rapes are not classed as rape but sexual assault, even if forced penetration occured.

> 98% convicted rapists are men.

It does make me wonder though, if women are incapable of rape due to missing the required equipment to rape (by legal definition), what on earth did the 2% non-men do to be convicted of rape? Or does that refer to those of a different "gender identity" in a male body?

5
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017