Posts by Brian Miller 1317 publicly visible posts • joined 3 Jul 2007
Honestly, I have no idea why more browsers don't have script blockers like NoScript built into them. The web and Internet are so toxic, it's just pathetic. Turn off the capability to run scripts, and suddenly so many vulnerabilities just disappear.
Wanna build a botnet? Just buy some ad space, sit back and relax.
Does anybody have a clean desk like that? I can't imagine anybody that actually does anything not having something on their desk besides a keyboard and mouse. Really!
And is he "GhostShell" or not? Well, he is in Romania, so getting arrested may not be a very high risk.
This has been available on ARM chips for some time. The Parallella board uses the Zync SOC, which is dual-core plus FPGA. I remember years back that someone came up with a FPGA for Opteron socket boards.
Something like this is for specialized applications. Yes, Windows could use this, but it's not like its a general-purpose thing. You load your FPGA binary, and fire up the application that uses it.
Microsoft could have released a Linux distro ages ago. After all, they had Xenix. But no, they're really good at going with a really half-arsed OS. But since they've come out with Windows 8 and 10, Linux now has a real opening because that new UI is so miserable to use!
Would Windows applications benefit from running on Linux? Yes! Part of my job long ago involved testing Windows products on Linux, under Wine. The installs took a fraction of the time that they did on Windows, and the applications ran much faster. People can joke about "Penguinistas" all they like, but benchmarks with extreme differences should make people notice.
Apple has shown that *nixes can be usable by the masses, and be the cool and "in" thing.
"Oh, hey, it's a bummer to have to keep all these papers in their secret and top secret folders. Let's pin them up on a bulletin board in the hall instead!"
Did nobody on her staff tell her that all of this was a very bad idea? Are the governments email servers really that bad? I know that at one time they were using Microsoft Exchange, maybe that's the reason all of this happened. Still, though, one would think that audits are carried out on a regular basis to prevent stupid things like this.
Last year I quit a company where the developers, literally, did not care about security or testing their software. Yes, testing and security was met with a literal sneer. And that was at a major retailer, where the team was writing web APIs!
So in this regard, Bruce is dreaming. Developers need to give a s*** on a personal level, and I honestly think that the majority don't care. Governments can legislate what they like, but I don't see anything that is going to cause sloppy developers to sit up and sharpen up their game.
"... the US Congress had an opportunity to force some truth into the equation. It failed to do so."
That's normal. The US Congress rarely forces truth into anything. If there is truth in a session, it's not a deliberate result or even intention.
No, it's all par for the course. Hot air in Washington, DC, global warming not blamed.
The FBI had the PIN changed for them. If they hadn't done this, they could have has access to all of the files on the phone, no problem. The phone would have done its automatic backups, and all would have been well and good.
However, the PIN has been changed, and it's going to take real effort on Apple's part to write a patched OS that will allow the FBI to use a USB connection to brute-force the PIN. Of course, Apple wants its phones (60% of its business income) to be seen as secure. Apple has the money to put up the fight, and I'm glad they are doing it.
Is this a 1st and 5th amendment issue? Well, if it's the only leg Apple has to stand on, then that's what they'll use. The government should not be able to coerce the private citizens to toil for whatever it desires. While this is about weakening security, it is also about slavery. What else is forced compulsion of labor?
"So if we're going to move to a world where that is not possible any more then the world will not end, but it'll be a different world." -- James Comey
So he knows that the world will not end. And he also bloody well knows that first, the FBI is at fault for this problem, and secondly that very probably there's nothing on the device regarding terrorism. Did the Paris shooters use any encrypted technology? No, it was all normal messages.
No, the world will not end. And it will be the same world.
Let's see, at 54 passengers per coach, one weapon apiece, that's 8 coaches, as the ninth coach really would only have a few terrorists on it, so never mind it, really. But really, you'd have 303 armed terrorists, because you'd have a primary and a secondary weapon. So that's six coaches, with some room to spare.
But of course the real terrorists don't have weapons. They pass laws...
There are actually two problems with the phones: #1, You can call from the web! #2, No password, or bad passwords.
Take a look at problem #1! The phone's web UI allows the user to place a call. The phone will automatically go on speakerphone, thus sending all audio out to the attacker. This isn't about sniffing the network traffic, it's about taking control of the phone and making it place calls without you noticing. At a minimum, this means that premium rate numbers can be dialed, racking up your monthly bill.
Problem #2 is same old, same old. Hopefully the phone can be set up automatically, like many VOIP phones. This needs to be done, and not ignored until later.
In Seattle, there's quite a few places where the homeless congregate to charge their phones. I don't know the approximate numbers of those who have a phone, just that a good portion of them do.
The real question is, was the data accurate? Were there actually local services that were not displayed?
Or is it an attempt to solve the homeless problem by getting them to swim to Tasmania, where the survivors will be eaten by Tasmanian Devils?
Why nobody wants it:
"At present there is no heating, no running water, there is serious damage to the facades, the roofs are falling apart and inside there is a lot to do too," Moehring admits, saying renovation costs would be "considerable".
It's a heap, so of course the best option is to raze it. House refugees in it? No, that would not do because the conditions would be substandard. I'm sure that there are enough refugees who have the necessary skills to do the work, though. Actually, that's a great option for a lot of unused government buildings. (And why is the government so intent on building more when they have so many vacant?)
A while back for grins and giggles I bought a couple of self-encrypted drives. Ones with keypads on them, so if I needed, I could use them with something other than Windows. The drives are slow. Sure, the manufacturers claim that the new models are faster, but there's a price to be paid for your data being encrypted before it gets written to the drive.
A problem with the Windows drives is that each of them wants to load a utility into Windows to access the data on the drive. So your Windows machine is going to wind up with a zillion utilities in it for all of those drives. And then what happens if your OS goes titsup? Bye bye bytes!
Currently both Windows and Linux have encryption for removable file systems. The user just has to be aware of them, and put them to use.
And cost! The program so far is over $22 BEELION dollars, with the Zumwalt's "unit" cost nearly $4 BEELION dollars. Is this running Windows for Warships? "Captain, it's a blue screen!" "Quick, reboot the computer before we capsize!"
Never mind an iceberg, the Navy has Windows...
This is the essence of "agile" "methodology." It's neither agile, nor is it a method nor the scientific study of a method. It's just a stupid "to do" list, and if it's put into a computer program, then it's a to-do list with blinky lights and extraneous stuff to fill out. In my last job, I have no idea how much time we spend on the to-do list instead of producing the product. The team was less than 10 people, yet it had three managers for it: a team manager, an agile manager, and a technical manager. Hello, anybody spot something blatantly wrong there??
If it blinks, then it's important. If it doesn't blink, it isn't important. That's why prevention against rodents gets zero funding, and non-existent cyber threats get lots of funding. Cyber threats mean blinky lights. Squirrels, not so much.
(When I worked at a giant Redmond company, a squirrel did, in fact, chew its way into a power conduit and take out the power to our building. The power was out for several hours.)
However, cybersecurity should be targeting data leaching by criminals. What's our success against that? From reading the news, not so much. A lot of the problem is with developers who don't care about security at all. I recently quit a job, where, really, the lead dev scoffed both at testing his software and implementing security. Yes, truly!
This keeps returning because politicians are usually too stupid or lazy to pay attention to history or science.
Could you imagine what it would be like to live in a world where politicians did pay attention to history and science? They might be paying attention to accounting math too, and wouldn't lose 2,000 data centers under the couch. No, they just might make 1984 look like a children's primer.
Why, of course advertising is driving what was once the sole province of spy agencies! If you want to block it, just wrap your mobile in a cloth to muffle the sound a bit. Or stop watching television.
Of course, the adware SDK could also listen for distinctive tunes instead of dog whistle sounds. That might take a little more processing power, though.
Never mind "losing" a server in a wall or boarded up closet, Uncle Sam is losing warehouses of machines! Is the Ark of the Covenant in there, too?
Look, it's simple. If you can't find the XP machines, stop issuing them IP addresses. The users will find you soon enough.
Top pay with FBI, $78K. Expedia, $140K, or more.
FBI: Washington, DC. Expedia: Bellevue (a bit east of Seattle).
FBI: Onerous hiring process. Expedia: Good on the interview? Can you start next week? How about this week?
FBI: Bunch of suits and a bunch of paperwork. Expedia: Did you know they have an alcohol-friendly culture? Why bother with the pub when if it's not on your floor, it's already on someone else's floor?
Personally, I like doing things like catching crooks. But I don't want to move to the east coast, and take a pay cut and have my living conditions reduced to poverty.
So OF COURSE they can't get people to help them. There are plenty of people who would do it, and do it well, but the FBI is simply too stuck in their own rut to break out and give some thought to what the potential employees might want.
The problem is that some user goes and puts an IOT thing in the house, and then deliberately exposes it to world+dog. For instance, there are many IOT IP cameras that people have exposed, and can be easily found. At my home, I don't expose IP cameras, because I just can't bring myself to trust the vendor's software build. If I actually did, then they would be isolated on their own VLAN, with appropriate rules. Yes, I have commercial equipment at home, because it's just not that expensive now.
The people that F-Secure is targeting for their product are the numpties. These are the people who never change admin passwords, etc. So very likely the people who most need something like this will never buy it, because it's too expensive. When a "home router" can be had for under $20, why should the numpty pay more?
(not so) Long ago, CPUs came without a FPU. That's right, you had to buy a separate chip for all of that floating point math. When I worked on the Celerity mini computer, the 1260 model could have two processor boards in it with, get this: one integer coprocessor, and two floating point coprocessors. Yes, that's right, there were three Weitek coprocessors per CPU!
And of course, there were Weitek coprocessors for 386 and 486 CPUs, too.
So: does a lack of a FPU coprocessor for each CPU mean that people were ripped off? If I had bought one, I wouldn't feel ripped off unless I was doing a lot of scientific work. The real question is, how flexible is the execution scheduling? For instance, say there are two processes that do heavy FP math. If they wind up on the same Bulldozer module, is the chip (or OS) smart enough to put them on different modules, or are they stuck on the same module?
If someone were doing heavy FP and expected 16 FPUs for 16 cores, then I would say there were ripped off. Otherwise, I don't think it's that big of a deal.
"I particularly love the ones who can stare at a screen of hex and infer something important for the plot from it (beyond 'oh look, a bunch of hex')"
Depends on what you've been doing. When I hand-compiled 6502 and 8086 assembly code, I could do that! Of COURSE someone can do that, because it took HOURS to compile the machine language program by hand, laboriously looking up things in the manual. You started memorizing things just by repetition. I can still do that to some degree, too. Hint: Look for 90 90 90 sequence, as that's a NOP to get the code onto a boundary, and then it's allocating stack space, and on into the code.
I love machine language.
Well, there's 0, 00, 000, and then 0000. Of course bird shot wouldn't sever a cable, but I can take down trees with slugs and 000.
The cables are well within the range of the larger shot sizes. I don't expect that "shotgun fade" is usually a problem, in that most of the time the rednecks are smart enough to like electricity, etc. (Doesn't stop some of them stealing downed power lines, though.)
They aren't going anywhere. All of this is hype for a TV show, and it doesn't have to be backed by actual science because no science is required to stay on the planet and grab some ratings before everybody gets bored and switches to something else. Remember, Survivor wasn't about surviving. The producers can write whatever fiction they want. The fact is that nobody is going to Mars being funded by some advertising. El Reg's playmonaut has a better shot of going to Mars than any of these "contestants."
Speaking of which, why not send the playmonaut to Mars?
"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway." —Tanenbaum, Andrew S. (1989). Computer Networks.
So in this case the boot would be filled with 64Gb micro SD cards. A bit on the high latency side, but what the hey, it's still better than any cable service, and served up with far more panache!
I'm getting a V8 swapped into my Jeep, but that's got nothing on a sports car that can handle a full tank engine!
There are so many good Linux distros running on a Live CD that it's just silly not to do it if you are worried about Big Brother and spyware and all that. For heaven's sakes, the CD can't be altered, so there's a guarantee of no spyware between boots. It's not that hard to do a different bit of clicks to open a different program to edit the same document.
And if you're really paranoid, stop using the stupid computers! Use paper, and the solitaire cipher.
Really, the "privacy bods" need to recognize that there are better solutions than useless scanners.
Amazon has a policy that forbids people plugging in their phones to any Amazon computer, and they're quite upfront about it. As in, "plug it in, get fired."
From the Lookout blog: "NotCompatible.C operators do not use any exploits that we know of and instead rely on social engineering tactics to trick victims into completing installation of the malware. One observed spam email informs the user that they need to install a “security patch” in order to view an attached file."
So it sounds like, "Here's your attached system update. Plug in your phone, and put it in developer mode. Thanks for joining our botnet!"
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
