It's not a bug, it's a feature.
122 posts • joined 16 Jun 2007
It's not a bug, it's a feature.
That the Germans, Spanish and Italians will have their primary fighter aircraft built by a non-EU country soon?
I guess the other factories bolting planes together and doing development work (like the one in Bavaria) must have been a figment of someone's imagination.
BAE are a partner company, it's an absolute fantasy to to suggest they were the the only people building the planes or were responsible for more than a percentage of the thing in terms of design or otherwise.
And it's fucking lazy for someone to write a story suggesting it.
I bet the one crew who won't be seeing cutbacks are the bunch at NETMA. Probably just bigger bonuses.
If only they put as much effort into their technical effort as they do into their political arguments.
As for what they're reacting to, you'd think the guy had done something horribly illegal and offensive rather than merely upsetting their delicate sensibilities by disagreeing with them.
Are they going to continue their nasty new habit of charging you a fortune for a specialised bit of kit with only one purpose, then charging you again for a licence to actually use it?
I'm just surprised it was this that finally made them take action, it's not like that site was exactly full of peace & love before. I guess press exposure forced their hand.
The Airbnb action seems a bit harder to justify on the face of it, any more details? Are they going after specific people they don't like or is it more of a political statement and if so how are they bounding it?
I'd be mildly impressed if a 12 year old had come out with this.
An actual adult showing that you can access data using a malicious USB device or by monitoring leakage or power draw is hardly doing something new or original.
Or in other words like so many of these researchers demoing 'new' side channel attacks their work is worthless.
I know at least one person in your office understands that companies pay tax based on profits not on sales or turnover. It's even cited in a quote in your article. So please don't repeat the bottom feeder tabloid trick of launching a story on a false premise.
Citing Ms. Hodge is also thin ice when talking about company tax affairs - hopefully you know enough to recognise why.
If you want to do it properly talk about any tricks they may have pulled to artificially reduce or transfer their profits to reduce their UK tax bill, that's if you can find anything.
I have actually been waiting for Kieren to pop up about this subject and as usual he doesn't disappoint with a load of reactionary bollocks about his personal bias.
The back room changes at El Reg have really warped its politics in a very specific direction. And shit like this would have been booted in the past if only for being neither factual nor funny.
They've started from the viewpoint that Linux is the answer, and worked back from there. This is the wrong approach.
There are existing proven solutions for partitioned real time robust systems including support for duplication and migration of critical components. ARINC 653 springs to mind and can handle everything they want and a compatible RTOS is easy and cheap to buy in.
But no, let's shoehorn Linux into another space it isn't designed for. The hypervisor is just a cherry on top of their failure to understand the problem properly.
If only he'd accepted that a microkernel-like approach was better than the monolithic one he wouldn't be stuck with arguments about the endless updates to all the cruft that shouldn't be in a kernel in the first place...
The number of phones still being stolen as a direct target - rather than for another reason like depriving someone of comms after a robbery - suggests these measures aren't much of a deterrent.
For one thing even if the latest shiny gadget has been properly killed as a phone (which may or may not really work) it is still worth a lot of money as parts. Just stripping for screens and cases is more than enough profit, and probably better income and much lower risk than shifting the whole phone.
It's not difficult to overcome this too but I suspect people would prefer to keep some tiny degree of repairability.
(Icon for the best deterrent)
This article is shit. Pure undiluted excrement.
Its actually down to the standard of recent 'I made it all up' Daily Mail efforts.
The author has started from a place where they didn't understand what has happened, padded it out with their own invention, then pressed send.
Can we have a factual retread from some of the remaining El Reg talent rather than the sub standard San Fran element?
Maybe start by looking at how the business ended up in its current ownership and what exactly happened since then.
Surely must have been marketing bods making those statements.
The engineers would be able to reel off at least half a dozen scenarios where things could still go wrong and at least a couple of those wouldn't even have a theory for mitigation.
And unless you can guarantee that you won't require the user to constantly monitor & possibly intervene then the whole exercise is pretty pointless as it's really just good old adaptive cruise/lane keeping/active braking/auto park. Safe & hands off is what they're trying to sell & they're not even vaguely close to that.
The problem with their idea is you build a monoculture, maybe not the same one their competitors build (like Google) but a monoculture all the same. And those are never healthy.
You need a mix of people to really get things done; the mercurial type who comes up with the radical new idea and the slogger who'll do the boring bits to get it to production.
And while it's reasonable to go looking for the brilliant but nice type I'm not sure they exist, at least not if you want someone who will get their idea to fruition. At best you'll find someone who just does a really good job of hiding what they really think and does a good line in making the team believe they've achieved consensus when it was really a skillful sell/tell job seeding their thoughts.
Realise that A and S are next to each other on the keyboard and you get to the truth.
Sad Nad getting to the top is when it all *really* started to go pear shaped, what with the forced 'upgrades' and all.
We went from poor product planning and some odd ideas to a company actively hostile to its customers and turning its back on ways of working that had been in place for years.
Bring back Gates and Ballmer!
But spoofing the sender would leave it unable to reply with the details which would make the exercise pointless...
Exactly. I saw that bit and just thought 'bollocks'. Even the infotainment is usually running something else.
Though for some reason Tesla do like running their systems on Linux and other COTS bits.
Another minor point re. some comments is that manufacturers are now switching to secure bootloader and encrypted firmware for everything, well beyond where it was before to prevent any possibility of fun and games. The only options will be reloading the approved firmware and the signed as-built configuration and everything else will be out of bounds. The only reason it hasn't happened earlier has been the performance issues related to programming everything in the time available on the production line and that is now pretty much sorted.
As spun it's a bit of a bollocks story.
Yes you can spoof the sensor readings if you want to.
No the isn't any route to using this as an injection vector.
It's an interesting POC but nothing more and a bit of analysis on the sensor data would probably detect it if you had an application where something like this mattered. Especially if cross referenced with other inputs like any sensible sensor user does.
Elon hasn't exactly had huge success with meeting specific deadlines in the past so I'll assume he knows he'd never be asked to meet this one.
The statement does get him in the press though...
Hand the bleach to the author of this rubbish.
After all he's the one thinking that poor helpless women are somehow utterly unable to do anything for themselves without his (particularly condescending) help. Even down to language like 'inviting' women into the tech industry. It's deeply insulting.
In his own special way he's just as bad as the people he complains about, maybe worse as his actions are actively hypocritical.
They've paid Internet bubble premium for that.
Compare and contrast with the value of most of the major automotive component suppliers and it seems steep for what is a component that may or may not have a big future, from a company that does nothing else.
And that's before we even start to work out where the financial return is meant to come from.
A password reset is free if you registered your device which gives them a verifiable link between the device and your contact details.
A password reset if you've managed to lose the password *and* didn't register is charged because they make a lot of effort to verify who you are without the benefit of the cheap verification that registration would give.
Or would he really prefer they just hand over access to random people with no checks of anything?
PS the headline is as misleading as the guy is stupid - password resets are free. Security verification for resets of unregistered devices is not.
The old cynical Register would never have published something like this.
I miss it, and mourn for what used to be.
I can see absolutely nothing wrong with spending $1billion on a me too effort for a technology with some fundamental conceptual flaws, and even better spending that money with people who have so far failed to deliver this same thing for their previous employer, have no IP and in the event they do produce some IP will spend the rest of their lives fighting over it with their previous employer.
The vast amount of money just shows it has to be tech bubble induced madness affecting people I would normally think of as sensible.
The only viable move left is to jump on the bandwagon. I'll be happy with a mid- 9 digit funding package. I might even deliver something, but make no guarantees it'll do anything except slowly blink a single LED.
It's great to treat servers and such as a disposable thing easily substituted in case of failure. In general terms I absolutely agree that the 'thing' itself isn't important, only what it does.
The big issue is cost. Between the platform and the application license costs the things are just too expensive to treat casually or to scale to X redundant instances just because.
I have no problem building and throwing away as and when I need to. But when I see the size of the bill attached I do start to think twice. Especially when you start to have licensing schemes which are actively hostile to cloud use except say if you run on the vendors platform.
How many is that today?
I know they all have a tenuous link to tech news but I come here for actual technology stories, not endless reminders of the muppet in the White House.
Whatever backroom staff changes happened at El Reg in recent months have absolutely fucked the site content.
Simon seems to have slightly misunderstood the analysis with his talk of tape and electrodes.
The battery fault was internal. Tape and electrode spacing would be a factor on Samsung part only if it related to the installation of the battery. Faults inside the battery are an issue for the component supplier especially when they are the expert design authority and you have asked them to meet a series of outline requirements that they have agreed.
Going as far as waving actual accusations of negligence around is a massive step too far especially when it's clear you can't understand the fault they described.
My main takeaway from the whole saga was that the move to builtin batteries mean it went from a simple issue of supplying a $20 part for the end user to replace (with phones made safe in the interim by removing the battery) to a massive complex recall of an expensive device with no easy options for rework and no easy option to make the device safe in the interim.
I can believe the claim that a certain person actually had little in the way of tech or prototype.
And that an established game company would have something developed.
And that when there was a hype bandwagon to jump on with a pile of cash attached someone saw an opportunity.
The whole Oculus story has been full of bullshit from the start so an extra helping would at least be consistent.
You do realise that some people do genuinely have 5 digit phone numbers?
Utter pain though when someone has a fiddle in the system somewhere and incoming calls (eg international) don't come through if an extra random digit isn't tacked on the end. Took a couple of weeks to get sorted.
In other parts of the EU I've known people who had area code plus 3 digits.
One thing that should be a giveaway is the calls where they spoof the number they're connecting to as being the source as it's an obvious impossibility.
What exactly did they expect when they put an ops guy in charge of a technology company?
He did exactly what you'd expect, incremental change and manufacturing cost optimisation and product mix based of analysis of volumes shipped.
Actual product concept and marketing and innovation and all the things Jobs did to make it all work are beyond him. We've had a few years sustained by the momentum of the company but that doesn't work forever. They've trimmed too much of the range so are left with a narrow set of core products and none of those has innovated or really led the market for a while.
The fall will take a long time to happen though, their cash reserves are so big that they can decline to utter irrelevance and still survive for decades.
'amateurs (who frequently refer to CAN frames as “packets” and CAN identifiers as “addresses”) '
Professionals have been known to use similar terms too, certainly addresses was the term that was used in a recent discussion around interoperability of different bus standards.
As for the fiddling aspect the amateurs are really going to be out of luck as everything is moving to hardened secure boot and signing of all software updates, the only reason it hasn't so far is the extra overhead required on the low power SOCs. Apparently.
You're even more out of luck with Tesla as they don't even give you diagnostic access and encrypt the buses too.
What subnets? Or for that matter what Wifi or Bluetooth? In the context of the avionics there isn't any.
But there are data diodes and gateways and things like that to ensure total isolation of passenger crap from real systems.
It's not like it's exactly complicated to implement a hard one way link to feed speed/altitude/heading/location with zero possibility of anything going the other way.
They've managed to get a load of coverage based on very little. Just like their previous efforts.
They've maybe managed to hack a little into the IFE, so what? It's just a game/entertainment system built on COTS technology. And even being generous they barely scratched the thing.
They've then managed to get a boost to their frankly amateurish 'hacking' by saying they think that maybe it might somehow be possible to do something to get at aircraft systems. Which it isn't. The language suggests they have no clue about the architecture and implementation but just a vague idea that hacking one bit might get access to other unconnected bits. Which you can't.
A lot of so called security researchers these days seem to be at the level of teenage skiddies who are all about hype and nothing about actual real exploits. But they get coverage based on a load of 'what if' that works because the majority of press and public are just as ignorant as the people making the original claims.
They're going to have a hard job making it look like an accident when the evidence of tampering is all over the device logs.
This is one of those lovely security scares where yes, you could do something but it's complicated, specialist and expensive and leaves a lot of evidence behind.
And they fail to mention that they could use a strong magnetic field (or strong RF source) in similar conditions and obtain similar results without the evidence trail or the same complexity.
But to security researchers every problem is a security problem.
The guy has always been an arsehole, and Oculus have been doing stupid things for a while now.
This latest bit doesn't really add much beyond what we were already very well aware of; he's an obnoxious guy with too much money from not actually doing very much at all.
His politics don't really matter to me as I couldn't have thought much less of him than I already did.
What seems to be up for discussion is McLaren Automotive which is a separate company from the other activities and these days mostly owned by former McLaren bondholders who swapped debt for equity.
Bringing the other companies into it could be seriously misleading.
Not sure what exactly is worth buying into as pretty much everything in terms of technology and manufacturing at Automotive was subcontracted. About the only things in house are marketing integration paint and assembly.
Everyone knows it's a stupid idea.
The key requirements are coverage, reliability and voice performance. Instead they've gone for cheap, shiny plus a bit of extra data.
The current solution might be a bit expensive and a bit clunky but it has the key advantage that it actually works unlike this 4G fantasy concept.
The same thinking comes up again and again - why should I spend XXX when my cheap gadget does sort of the same thing? Because maybe your cheap gadget won't work or won't survive?
On a side note I recently had a go with a prototype to try one of the peer to peer forwarding modes for voice in environments without a proper basestation signal. The latency was comical.
We won't mention why Audi moved to twin transceivers plus camera - OK we will, the earlier version with a central transceiver was prone to getting confused by oncoming traffic, corners and other things, plus the vagaries of the interesting range of radar profiles of other traffic such as the stealthy rear end of a mk2 Mondeo saloon which could appear on occasion to have accidentally matched what needed millions for the F117 to achieve.
It also isn't widely mentioned how the camera positioning has evolved over a short period as real life proved certain engineering assumptions wrong.
I have to say that the Tesla statement suggests they don't really properly understand how the sensors behave, or the best way to use them, or what is reliable and even things like their iteration rates seem a bit optimistic when you consider what can happen in 100ms at normal traffic speeds. And this assumes they have used a proper certifiable scheduler to drive it.
You can throw software updates at the thing but their hubristic approach smacks of an Internet startup way of thinking that doesn't match with the sound engineering approach something like this demands.
So the key point is there is nothing to worry about?
Yet somehow wrapped with a misleading headline and a load of scary what-ifs.
Note: I have occasionally been involved with CE and other test processes in house or carried out by a third party. None of these things are scary. An extra one on the list isn't a worry, even in the extremely unlikely event that the UK diverged from the CE process.
The story implies it was manned because it didn't work.
The actual reason was that it wasn't legally allowed on the river without a crew being present, even if they were just sat back having coffee.
Seriously. This is hardly some great revelation that a machine can leak noise of whatever sort that may include information.
It's also not much of a challenge when you have physical access, can install and run arbitrary code and maybe even plug something in, and the installation environment allows you to get some sort of detector close and then let that in turn get information outside.
A five year old could probably achieve the same 'research' and maybe get someone to write about it.
Proper air gapped systems - as opposed to something that doesn't just have Internet access unplugged - are slightly harder to crack and the ways of protecting them have been much the same for decades and would have prevented this sort of amateur nonsense right from the start.
In further news I can get information off an air gapped system by pointing a camera at the screen through your office window. This is a new and exciting technique as I use an IP camera so I can 'hack an air gapped system remotely'...
The big question is where exactly does the 500 billion come from?
Not worth worrying over too much though as my dog has more chance of becoming Prime Minister than Comrade Jez does.
Unless they're going to some really dodgy sorts I remember that the whole purchasing system involved (and still does) a ton of certification and QA on all the parts for a military or aircraft manufacturing process. Almost exactly like Suricou Raven suggested could happen; it all ready did.
Which is why everything turned out to be so expensive to buy due to the volume of paper and process involved all the way through.
It also made life interesting if you wanted small quantities of something (say 50 chips) where you could get them easily enough - maybe even free - from the manufacturer but then you had to insist on the full purchasing & QA process on a really tiny order when the usual MOQ was 1000.
Maybe that has broken down recently for some of their suppliers or maybe the military's purchasing side have been deciding things were too expensive from the official source, gone grey market or to broker then finding out where the saving actually came from.
Look at the byline on the article. Kieren is at least consistent.
Just subcontract their Twitter account off to a third party, then it's not their problem and they're compliant by default.
This is what most corporates do anyway, no point keeping it in-house.
You wouldn't even need to use the diagnostic port, you could splice straight into a bus on the other side of the gateway and push anything you like down it, which would also nobble their stupid little security idea.
Which in part is what I suspect they did because they're claiming to have done stuff that doesn't seem to be possible if you're going in via diagnostics, but could be if you went in elsewhere. Like overriding the vehicle speed messages which aren't on the diagnostic bus if you're talking about the ones between the control modules.
It's like claiming I can hack your banking passwords on your ultra-secure system after I've stuck a keylogger on the keyboard cable; not exactly complicated and doesn't really prove much.
They're busy knocking back Flash and claiming it causes instability (fair enough) but what is their excuse for the utter lack of stability in their Flash-less and feature restricted Android client?
Once they knock down Flash what are they going to have to blame for the bloat, resource leaks, insecurity and instability other than their own junk code base?
I don't know that they should have bothered reporting it as it isn't tech related beyond being on Twitter, though this is a comment piece not a report so reflects the author's opinion as opposed to just facts.
Someone was suspended by Twitter. So what? Happens daily. And as far as I can tell there were no innocents in this. On one side there seems to be a right wing attention whore and on the other a semi literate comedian prone to racist outbursts who seems to have been upset by a film review. Both seem happy to stir the crowd when it suits them.
And ultimately to the wider world it's meaningless.
But I still see an article reflecting a particular viewpoint that not so long ago would have come nowhere near this site but looks right on target for Comment is Free.
Kieren generates yet another article turning the once great Register into an outpost of the Guardian.
Biting the hand that feeds IT © 1998–2017