* Posts by Brian Miller

990 posts • joined 3 Jul 2007

Page:

Hewlett-Packard history lost to Santa Rosa fires

Brian Miller
Silver badge

Re: How ironic

I'm sure they made copies, but an original is still an original. When an original goes, it's gone.

How to protect against fire: don't store stuff in fire-prone areas in the first place.

1
10

It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too

Brian Miller
Silver badge
Linux

Re: The NeverEnding Story Continues...

Yeah, but they're eating Windows users.

17
3

Hackers nick $60m from Taiwanese bank in tailored SWIFT attack

Brian Miller
Silver badge
WTF?

Re: SWIFT nasty software malware cyber-heist ..

It's frightful that so many companies use Windows systems for financial transactions. I worked at one place where they had a Windows computer specifically for bank transactions sitting outside of the firewall. They trusted it to do the transactions, but didn't trust it to be inside the corporate firewall. I have no idea why people keep writing high-end financial software for Windows.

2
0

'Israel hacked Kaspersky and caught Russian spies using AV tool to harvest NSA exploits'

Brian Miller
Silver badge

Re: in 2015, Kaspersky [...] was infected by the [American] Duqu 2.0 spyware

The problem is that our operating systems are such big targets, necessitating scanners of some sort. The open source scanners basically suck, Long ago, McAfee offered a "scanner" that would basically checksum the binaries, and let you know if something changed. But that doesn't work for viruses that hide in dynamic data.

Yeah, I use Kaspersky, because it's been the least problematic scanner. I've used and dumped McAfee and Symantec. Would any of Kaspersky's real problems not be seen at other vendors? I doubt it. If nation states want in, they have ways of getting in.

28
0

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Brian Miller
Silver badge

CIA wants better encryption

There was some article years back about the CIA extolling the virtues of better encryption for corporate data. I would hope that the CIA would pipe up again, but I doubt they'd do it under this administration.

Oh, yeah: anybody remember the Clipper chip? I still have one of those t-shirts...

18
0

Senators call for '9/11-style' commission on computer voting security

Brian Miller
Silver badge

Re: Machines are the problem

Actually, my state did go back to paper ballots. We used to have the touch screen machines, and the realized it was cheaper for everyone to just mail in a ballot instead. In a recent analysis, the fraud rate on the part of voters was very low.

Now, there have been instances where the officials simply didn't count scores of ballots, but that wasn't the voter's fault.

9
0

Hubble Space Telescope spies possibility of liquid water in TRAPPIST-1

Brian Miller
Silver badge

Re: Nice Impression - do red skies have blue rivers?

If you were standing on the river bank and observing the sky reflected in the river, then yes. On Earth we have the occasional red skies, but the river retains its own color.

4
0

US government: We can jail you indefinitely for not decrypting your data

Brian Miller
Silver badge

I also would be in trouble...

My passwords are written down. If I lose the paper, I would have to do a recovery. But what would I tell the judge? "It was written down on one of the stickies. Didn't you pick it up?" They wouldn't believe me, would they?

58
0

Hash of the Titan: How Google bakes security all the way into silicon

Brian Miller
Silver badge

Secure boot good idea...

Until the bug is in the ROM code. The i.MX7 does this, but a bug in the ROM means that any firmware can be booted if the firmware image has a malicious cert.

But otherwise, it's a great idea. The chip can have certificate hashes burned into it, and then to boot the firmware, it has to have a signed cert. Once the firmware is booted, the Linux kernel is checked to make sure it is signed. Once that's done, it all boots normally.

Mind you, none of this prevents evil behaviour on Google's, or any other company's, part. It just means that a rootkit will be harder to plant on the machines.

0
2

Lottery-hacking sysadmin's unlucky number comes up: 25 years in the slammer

Brian Miller
Silver badge

No code review??

Let's see: somebody decided that a computer, instead of an observable physical device, should be used to issue random numbers governing the issuance of millions of dollars. And apparently there was no code review done.

When lotteries became a thing in the late 1980's, they used ping pong balls blown around in a chamber. Completely random, completely observable, and quite simple.

28
2

Don't throw away those eclipse glasses! Send 'em to South America

Brian Miller
Silver badge

Re: GLASSES ... GLASSES ... We Don't Need No Steenking __GLASSES__!

That's what a number of us did this time around. I built mine out of a long shipping tube, and it worked quite well. Others used cereal boxes, and one person had a contraption made from cardboard and plywood.

Even at 92% occlusion, the sun was still amazingly bright. Tell the children that cardboard and pins works wonders!

1
0

Can North Korean nukes hit US mainland? Maybe. But EMP blast threat is 'highly credible'

Brian Miller
Silver badge

Re: Mother Nature?

Even a limited strike would be bad. Remember the L.A. riots? Remember how people acted when New Orleans was hit by a hurricane? There are way too many people who will "behave badly" given the slightest opportunity. Popping something over southern California or the north east would be catastrophic for those areas. Yes, Kim would be blasted back into the stone age, but the U.S. would be significantly hurt.

11
2

FYI: Web ad fraud looks really bad. Like, really, really bad. Bigly bad

Brian Miller
Silver badge

Re: Pants

Toss your cookies, and then the ads will go away.

As for me, I purchased a major item last weekend by going to an independent retailer and physically carrying it out the door. That retailer relies on word of mouth, not web ads.

13
0

What code is running on Apple's Secure Enclave security chip? Now we have a decryption key...

Brian Miller
Silver badge

And then that one guy discovers what's been obfuscated and the gig is up.

Better to have a real encryption system. Not that that can be a perfect solution, but I'd rather have that than something that just pretends to be a good solution.

2
16

So you're thinking about becoming an illegal hacker – what's your business plan?

Brian Miller
Silver badge

Re: The threats

Early plot release doesn't jeapordize income. The income is from advertisers. If they found a way to drive off the advertisers, then that would be a threat. As the hackers found out, scripts be themselves aren't worth anything.

1
0

DJI drones: 'Cyber vulnerabilities' prompt blanket US Army ban

Brian Miller
Silver badge

Re: Pork

"We'll use the video from this drone in our covert op..."

Yeah, I'd discontinue the use of drones like that, too. Your usage is monitored, and not to improve the drone's performance.

9
0

Oracle's systems boss bails amid deafening silence over Solaris fate

Brian Miller
Silver badge
Joke

Re: Conventional?

So it's like a Swiss chronometer if it's like an English chronometer?

1
6

In the red corner: Malware-breeding AI. And in the blue corner: The AI trying to stop it

Brian Miller
Silver badge

Re: Scary

This is actually very good research. The next generation of AI malware producers will be using source code snippets. This is a lot like fuzzing, where data is munged in order to produce a crash or a hang.

3
0

No vulns. No hardwired passwords. Patchable. Congress dreams of IoT: Impossible Online Tech

Brian Miller
Silver badge

Re: @Gene Cash

The certificates are used to verify the firmware image, before the processor runs it. If an image does not match the appropriate certs and signing, the board is effectively bricked. Thus, "high assurance boot" chain is established. Then a signed kernel is booted.

In this case, the ROM code has a vulnerability with a firmware image that has a munged cert. This causes a stack overflow, causing the verification process to be skipped completely. NXP now has to rev the mask and ship a new processor.

1
0
Brian Miller
Silver badge

Known vulnerabilities

This is actually the problem with the bill: when can you stop patching, and ship the product? And let's say that the vulnerability is in some pretty knackered spot, just before release. What then?

The i.MX7 processor has a certificate vulnerability in its ROM. This means that no product with that part may be shipped under this bill. Whole product lines would have to be scrapped. Way too costly. But what can you, as an OEM, do?

2
0

Ohm-em-gee: US nuke plant project goes dark after money meltdown

Brian Miller
Silver badge

Crap construction from the beginning

There are articles out there about how all of this started in the first place. The company Westinghouse bought didn't have the expertise to build reactors in the first place. It was a big bait and switch game. So Westinghouse and then Toshiba bought in, and the house of cards has tumbled down.

7
0

Death to strap-ons, says Intel, yet thrusts its little AI stick into us all

Brian Miller
Silver badge

AI compute stick?

who uses compute sticks for anything serious, or at all? "Here, I need an AI boost for that, I'll just plugin the Intel stick for that."

4
0

So, FCC, how about that massive DDoS? Hello? Hello...? You still there?

Brian Miller
Silver badge

Public comments are trade secrets?

Wow, first time I read that one. Who knew? El Reg needs to be classified ASAP!

8
0

Second one this month: Another code bootcamp decamps to graveyard

Brian Miller
Silver badge

Too many schools, etc

Same old thing, too many schools and not enough suckers, er, students. Impress employers with code, not paper degrees. There was some study recently claiming to link pay to Github contributions.

2
0

An AI can replace what a world leader said in his video-taped speech. This will end well. Not

Brian Miller
Silver badge
Joke

Fabulous!

This is exactly what the U.S. needs right now. And if it can rewrite late-night tweets, all the better.

I, for one, welcome our new robot overlords. We need them.

3
2

Mac ransomware author is giving away malicious code to script kiddies

Brian Miller
Silver badge
Childcatcher

Help for Script Kiddies

Aw, come on, someone's finally thinking of the children! Just because they're a bunch of malevolent miscreants doesn't mean that someone shouldn't throw them a bone.

Really, though, there's been malware kits available for some time. The next bot army should have something like Docker, so that the herder can rent time for nefarious calculations.

Come to think of it, when the robot revolution happens, how many will be infested with malware?

1
0

Farewell, slumping 40Gbps Ethernet, we hardly knew ye

Brian Miller
Silver badge

Moore's Law on Acid

At this rate, we'll be seeing 1Tbs switches soon enough. Only $20,000 for 36 ports. Gaming latency, we hardly knew ye.

2
0

Raspberry Pi sours thanks to mining malware

Brian Miller
Silver badge

I just hooked it to the DMZ, and it's fine...

How many people do this? Really? Buy something, and then just throw it open to world+dog, and think it's all just fine and dandy.

When logging into the Raspberry Pi, it nags you to change the password!! Really, every single time you log in, there's a message nagging about changing user pi's password to something other than raspberry.

If somebody's too lazy to change the password, keeps it on, exposed to world+dog, then they should pay a stupid tax for their actions.

5
2

Microsoft Azure adds OpenBSD support. Repeat. Azure adds OpenBSD support.

Brian Miller
Silver badge

But, why?

Who is the customer for this? Who would be wanting to use OpenBSD, but within the Azure cloud?

2
2

I fought Ohm's Law and the law won: Drone crash takes out power to Silicon Valley homes

Brian Miller
Silver badge

Who needs terrorism?

Usually it's just the birds and squirrels that do this. But now we have to watch out for generic white people too.

13
0

Bogus Bitcoiners battered with US$12 million penalty

Brian Miller
Silver badge

But they'd still be in jail...

No Bitcoins were mined, and thus it all falls down. Sure, looking back with what Bitcoin has leapt to, they should have just held it, but hindsight doesn't count.

Cryptocurrencies and cryptomining doesn't go well together. Something needs to be transparent and verifiable. The only "mining" you can trust is what you do yourself, and it's all massive custom ASICs from here on out.

2
0

Every time Apple said 'machine learning', we had a drink andsgd oh*][

Brian Miller
Silver badge

"Machine learning" not new

Obligatory XKCD

Why in the world are so many jumping on the "machine learning" buzz wagon? It's called "collecting and processing data." The only difference is that now we have YUGE piles of data, and if we apply a neural network, then we have no idea how the machine came up with the answer in the first place.

Progress!

5
1

Boffins get routers spilling secrets through their LEDs

Brian Miller
Silver badge

Signalling by light? Really?

Let's see, if you have control of the "router," and it's running Linux, and you can upload new firmware or just drop a new binary on the drive, then of course you can do all sorts of things!!

In other news, water is still wet.

They could also just send the data by audio side channel by loading a text-to-speech module, and announcing all the important bits on the PA system. (Ah, hacking the PA system, that brings back memories. They never did find out who did that...)

22
0

Cuffed: Govt contractor 'used work PC to leak' evidence of Russia's US election hacking

Brian Miller
Silver badge

Re: Dear "The Intercept"

I would have thought The Intercept would have retyped the document, or scanned it in, run OCR, and then sent that back to the spooks.

But just flopping it on a scanner, and sending that back? Well, of course then the microdots survived the process. After all, they look just like "random" flecks of toner.

And to think that Ms. Winner just mailed it off to them, also without taking any steps to anonymize the document. She could have at least run it through dodgy fax machines a few times.

Ah, well, at least it wasn't info that was really hidden, it just confirms what everybody was suspecting all along. The voting machine companies have dodgy products, the employees can be easily spear-fished, the politicians can also be spear-fished, and Microsoft always has bugs/holes as features.

26
0

Who's going to dig you out of a security hole when the time comes?

Brian Miller
Silver badge

Sleeping guard dogs

You’ll also not have missed that the attackers’ capabilities are far ahead of those of us trying to defend our systems against them.

You know what I've found in a number of installations? The "guard dogs" are fast asleep, and their own computers are filled with so much malware it just isn't funny. They've been spending their days not in diligent work, but hanging around and surfing the web, wherever it may lead. Like porn.

One manufacturer of large earth moving equipment had a network so full of crap, and an IT staff so lame, that they would not allow us to send a computer to them unless it was already running a firewall and virus scanner. Anything that was unprotected in the least would be p0wned within seconds of being plugged into the network.

There's an article about the insecure Hadoop servers making 5PB of data available for all comers. WTF?? Why does noone secure their databases? Are passwords so difficult? Are good firewall rules so confusing?

The attackers are not ahead of us. Flat out, they aren't. Too many installations aren't even practicing any security. There is no training of the staff about what they should do about attachments, and verifying possible phishing information in emails. To many idiots are completely irresponsible about their actions, and they pretend to be the hapless victim. Sorry, no. If there were licenses mandated to operate computers, 90% of the punters out there wouldn't receive one.

2
0

Sons of IoT: Bikers hack Jeeps in auto theft spree

Brian Miller
Silver badge

Re: Are Jeeps that expensive?

Yes, they are that expensive. The used parts trade is huge, which is why a lot of automobiles are parted out after being stolen. A Jeep can be disassembled quite easily. Plus the parts may be sold as "new" if it's from the current model. And many of these pavement-only Jeeps are in, in fact, like new condition.

1
0

Intel gives the world a Core i9 desktop CPU to play with

Brian Miller
Silver badge

Re: At 140 Watts...

Yeah, but then every half hour you'd have to shut the computer down to put on another kettle.

Oh, wait, ... Windows ... right ...

15
5

Internet of snitches: Anyone who can sniff 'Thing' traffic knows what you're doing

Brian Miller
Silver badge

Watch the windows

If someone is casing a house, they'll just watch the windows! No burglar is going to be sniffing IP traffic to see when someone is up and awake. Why go to all the trouble, even if they had the knowledge?

5
7

ARM talks up fresh CPUs and a GPU, all tuned for AI

Brian Miller
Silver badge

Re: My dad said "Ronco" used to supply dodgy products through late nigth infomercials

Rob Popeil founded Ronco, and both are still bringing you "amazing" kitchen appliances!

(I've never bought anything from either of them, so I have no idea what the actual quality is like. But I'd be worried if Mr. Popeil decided to start manufacturing tiny computer systems.)

1
0
Brian Miller
Silver badge
Terminator

AI on Raspberry/Banana/ODroid

So will this be a Terminator Pi?

3
0

US laptops-on-planes ban may extend to flights from ALL nations

Brian Miller
Silver badge

Laptop bomb, Lockerbie

Nobody "in charge" seems to remember the bombing of Pan Am flight 103, coming down on Lockerbie. If a laptop can contain enough explosives to blow up the plane, putting it in the hold won't do a thing to make the aircraft safe. I'm sure that any laptop extended battery case can hold more explosive than the cassette player used to bring down flight 103.

As for using a laptop while traveling, might as well use a tablet, a bluetooth keyboard, and something like VMware Horizons for iOS, or RDP for iOS.

1
0

Bitcoin exchange Coinbase crashes after Asian buying frenzy

Brian Miller
Silver badge

Re: "Legal tender"?

Cryptocurrencies are fiat currencies, ...

All currencies are actually fiat currencies. All value is assigned according to perception. Mercury is rarer than gold, but has a lower monetary value. The price of diamonds is artificially inflated due to a global monopoly by De Beers.

1
0

What's got a vast attack surface and runs on Linux? Windows Defender, of course

Brian Miller
Silver badge

Re: Fuzz?

I thought fuzzing started with Edsger Dijkstra and Goto Considered Harmful. Line noise resulted in the connection crashing, etc.

It really depends on what you are trying to do with fuzzing that will get results. Trying to do fuzzing on slow embedded systems, and it becomes an exercise in patience. Google AFL gets results because it's running over 40,000 iterations per second. A device I'm testing at work goes through two to three iterations per second. Sure, that adds up over time, but I have to temper my manager's expectations for the platform.

If a DLL can be isolated, then it's a great way to get results.

5
0

Chinese e-tailer beats Amazon to the skies with one-ton delivery drones

Brian Miller
Silver badge

Amazon goes to China!

Is there some reason that Amazon can't develop its drones in China, as well? Or some country other than the U.S.? Just because stupid bureaucracy is stopping progress in this country doesn't mean that a huge tech company can't move development someplace else. What are the air regulations like south of the border? Or how about various EU countries?

Really, though, all one would have to do is beef up an open source drone, and then go for it. It's gonna be all right, with these wandering all over carrying a 2,000lb load, right?

1
2

PayPal peed off about Pandora's 'P' being mistaken for its 'PP'

Brian Miller
Silver badge

Tingleize it!

This is so ready-made for Tingleization! Since the Tingler is kind of offline, I'll have to take a crack at the headline: "PayPal peevishly peed at Pandora's purple P"

4
0

Hi! I’m Foxy! It looks like you want to run Flash. Do you need help?

Brian Miller
Silver badge

NoScript: already solved

I installed NoScript years back to stop JavaScript and Flash. Really, once the browser can't run content, the web becomes a (sort of) safer place. (I wish there was a NoScript for Chrome, too.)

15
1

Amazing new boffinry breakthrough: Robots are eating our brains

Brian Miller
Silver badge
Terminator

Ned Ludd is dead

The neo-Luddites are the bot masters, and they aren't making a dent in the advance of the solid state society.

Yes, it would be nice for companies to wake up a bit to the fact that society is stable only as long as the underclass (99% of us) are fed and employed. We don't riot, we don't set fire to their houses and pull them out for a lynching. (The Rodney King - Los Angeles riots were 25 years ago, and nobody was starving. I'm guessing you'd need to be at least 30 years old to maybe have a direct memory of them.)

What would a robot tax accomplish? Would it actually result in more human employment? Usually taxes are regarded as necessary overhead, and if the taxes are too onerous, then companies move their production elsewhere. Once a factory of robots is set up in a country where the parent company won't be bothered, don't expect them to come back and hire workers in first world nations.

Imagine that a neo-Luddite writes software to brick the robots. So there's some down time, the robots and network gets hardened, and everything goes back to being productive. That means there's no effect in the long term.

It has been proven that software can write software. Just give it a business case, and libraries are cobbled together in short order. The field will widen, until one day most software will be written by other software. It will be tested by software. It will be marketed by software.

Back in the 1930s there was the Work Projects Administration, along with the Federal Project Number One for skilled people. Would something similar be a solution for this? I have no idea, but I do know it would take more money that the government has.

But to keep my brains from rotting, I'm contributing to open source projects, and doing my best to keep myself up-to-date. It's a hedge against what may come, but we don't need to have a rise-of-the-machines to being on the receiving end of discrimination.

5
1

CIA tracked leakers with hilariously bad Web beacon trick

Brian Miller
Silver badge

Re: Government Anti-Leak Tricks Can be Very Sophisticated

How?

The method is by "listening" to the RF energy generated by the electric typewriter as it operates. Each key has a unique signature, so by recording, then analyzing the signals, the document can be reconstructed. This is why TEMPEST-shielded typewriters were built.

0
0

Welsh Linux Mint terror nerd jailed for 8 years

Brian Miller
Silver badge

Threat level: soft and fluffy

Every time legislation gets passed to allegedly get the masterminds and the guys making and setting the bombs, all we invariably get are these low-level non-threat motormouths. Or the police/feds/____ are running an illegal entrapment operation.

As for ZeroNet, their motto is: "We believe in open, free, and uncensored network and communication." So how is "open, free" hidden and encrypted? Bit of a stretch, there.

3
0

What's driving people out of tech biz? Unfair treatment, harassment, funnily enough – study

Brian Miller
Silver badge

Obligatory XKCD

Settling: "I'm really not happy here, but maybe this is the best I can expect and I'll regret giving it up."

If in doubt, go. If you really are miserable where you are, then go.

I recently left my job because the company owner decided that the team product owner should be a goofball from the sales team. Much misery ensued.

14
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017