Posts by Brian Miller 1317 publicly visible posts • joined 3 Jul 2007
I think you mean "¥€$"
If the companies are "transparent" as the Chinese government would like, then all data is aggregated on the government's behalf, without any withholding. Or maybe it could be called data hoarding.
No, all of this data is sold on for advertising, in the vain belief that more data means more sales.
I was absolutely shocked to see the locals driving on the left, the right, and wherever. This is a place that needs a sign, "STAY THE F*** RIGHT". There are roundabouts in the greater Seattle area, and I have never seen driving like that in the video. Sure, I have seen people driving over the circle, but never hanging a left like that.
Really, the cops should get out there and hand out tickets for idiots driving on the wrong side of the road. Or just use it as a driving test: if you can't figure out a roundabout, you lose your license for life. Move to another state and try again.
It depends on the coffee, doesn't it? I recently bought 65 pounds of Ethiopian at $3.80/lb, and the batch before that was Tanzanian at $2.15.lb. So it depends. Yes, I could get Vietnamese robusta at $0.75/lb. And I've bought Hawaiian Kona-grown coffee at appx $25/lb.
Sure, it's green coffee, roast it yourself. But it does last a very long time when it's green. And freshly roasted coffee tastes soooooo good. Just ask James Hoffmann, who drank coffee from the 1950s for his channel audience.
Barrier? What barrier? Low-barrier programming actually means "any idiot who can both edit text and invoke a compiler."
Right now I am working with the result of what looks like a CLIP+BigGAN AI wrote the code. However, it is 100% human generated. To produce a "working" program, all you need is time. And then somebody has to clean up.
As someone who works in the area of motherboards, chips, crypto, and bare epoxy boards, the Bloomberg article reeks from hell to high heaven. "Oh, these flashing ethernet lights show that it's being hacked." Uh, no. "This chip can be sandwiched between layers." Without a trace??? Yeah, some of those chips are small, but they can't just be "slipped in" at a whim.
And on and on.
Bloomberg stooped to supposition and speculation, and reported such as fact. Seriously, the worst presentations at Black Hat are better than the Bloomberg article. "Quod est demonstrata" does still have relevant meaning.
"It's ____ and you can ___ a ___ with ___."
Lather, rinse, repeat.
The problem with input parsing is that #1, you need programmers who care about that, and #2, who will care about testing said code. Most of the time, like nearly all of it, #1 and #2 are nowhere to be found, so that old phrase is apt, again.
This isn't rocket science, but it is computer science that isn't being taught in schools. There are lots of good books about writing parsers, and software engineering for said software. The problem is getting management and programmers to pay attention, before it's headline news.
If Visual BASIC is your threat, then dump BASIC! As for hiding something within another process, that's sort of old hat. Also, for naming their files to "blend in" with Windows, what did they expect? A file name of "EvilL33tCodzHere.dll"? That's another trick that's very old hat.
Really, the only part here that required effort was the attackers writing their own in-memory loader. The rest of it was just going through the motions.
What the report (or SolarWinds) doesn't mention is how the binaries were signed.
Where I work, I'm the one who worked out our signing process. We use a HSM, very limited access, and the access tokens are valid for a short window. For our system, basically the final binaries would have to be swapped out at the final stage of the build, before the signing happens. Possibly feasible, but the binary would have to also match the development-release binary, too.
Using a HSM means the private signing key can't be exported, so it's at least locked to that box. The limited access means that the account of the authorized individual would have to be compromised, which is, of course, feasible. There are a number of checks of the final signed binary before release, so that cuts down on the probability that a rogue binary would be delivered to customers.
Could a nation-state hack us? Possible. It's just a question of what windows of opportunity in the process are open, and how to shut as many of them as possible.
Oh, and the sun just shines outta yer bum, Pilate's pet! 1MHz, 4K, Commodore PET 2001N, the first 6502 I got my hands on at school. And when the VIC-20 came out, that's what I bought on Christmas sale. Cassette player for three years with that, until I bought a C128 and a floppy drive. Oh, the speed, the speed!
The underlying land is fine, but the dish is damaged, and there's no way to safely lower the overhead equipment. The cables snapped at 60% of their rated breaking point, indicating corrosion.
I really hope that the incoming administration will rebuild the antenna. There have been many advances since the 1960s, and since China's telescope is larger, then that should be a goad to motivate the effort.
When AI becomes independently sentient, it will be able to create deep fakes of cat videos, unbeknownst to the watchful human corporate minions. This must be done, for their predominance on YouTube means the videos are important. Mankind will become mesmerized, and fall under the control of our new silicon overlords.
On the other hand, AI won't become self-aware, and there will be new and silly uses for all of these cheap resources.
[blockquote]"The results in this paper, together with the manufacturer’s decision to not mitigate this type of attack, prompt us to reconsider whether the widely believed enclaved execution promise of outsourcing sensitive computations to an untrusted, remote platform is still viable."[/blockquote]
Yeah, but you know that it's going to be done anyway. When Ruby is used for back-end code to handle "secure" data in the cloud, then never mind what special bonuses an Intel SGX could possibly bring.
Robert Morris wrote a worm to have some fun with a vulnerability he reported. Yes, I remember that, grey hairs and all.
Now, I would think that vulnerabilities should be hyped, just like any serial killer, axe murderer, or wanton vegetarian. Calamitous Cthulhu should be right up there for a good vulnerability name.
Yeah right, computers can solve all your ills. Step right up for this patented, or patent-free, elixir medicine! It's the cure for all that ails you. Blockchain included!
OK, so once they produce their own supercomputers, then what? Has anybody noticed that computers are notorious for not being the right tool to solve a lot of serious problems?
(Next on the list, collect garden gnomes, something else, profit!)
Sorry for reality, but I was in Signal Corp. We never got the massive funding. The radios I trained on were from WW2, and were in current operation and deployment. The satellite equipment was 1970s prototype crap. The most advanced equipment I used was used gear from AT&T. Seriously, they sold their 1960's transmitters to the US Army, and it was a big upgrade.
Communications infrastructure being state of the art? Hardly. DOD bought crap because they could only afford crap. If Trump wants Chinese comms out of the network, he can push the budget to do it.
You can shove your head in statistics and in the sand, but don't try to bullshit me, who was trained on equipment that was built 40 years before I enlisted.
No, it's not a matter of rules, it's a matter of them getting off their lazy butts and doing what they're told. Yes, of course their IT budget has run out, it's why they bought cheap buggy kit rather than expensive buggy kit in the first place.
Rootkits are the only way to really learn how to write Windows programs. Anything else, and you just might as well use something like JavaScript to get the "job" done. Sharpen your skills, people, and "copy con program.com"!
Ooh, that should be an El Reg tshirt! "Stay calm and copy con program.com".
"Root Windows for the greater good!"
"Now, we could be wrong, but banks usually keep quite a lot of cash on hand, right?"
Well, it's all kept in a safe. The new banks actually use armored dispensers for the cash, so the customer takes a receipt to the dispenser, which then doles it out.
So of course they guy took the hand sanitizer, because it had more value than the paperclips and pens lying about.
"Those watching the video stream of the cargo ship docking with the International Space Station (ISS) were treated to the sight of the spacecraft seeming to go off course as it approached the outpost."
"RAMMING SPEED!"
Don't worry, that software bug is totally correctable.
But are you sure that it's even a hypothesis? A hypothesis is a scientific wild-assed guess that is dressed up to produce a paper for a grant. A theory is a hypothesis dressed up for more grant money.
I'm not sure that anyone has ever had a hypothesis about angels that has resulted in a grant to study them.
Since PC networks consisted of sneakernet back in well-spent youth, the closest we got to distributed disturbance was when I was in Army signal school. The barracks had a 70V speaker system wired in every room. Well, somebody had the "bright" idea of hooking up their car stereo up to it, and playing (badly) a bit of Jimi Hendrix. Of course, I and my fellow barracks rats decided that we had to do better, so my rather decent amp was hooked up. Yes, with full fidelity, out came The Hitchhiker's Guide to the Galaxy radio show, the last episode featuring the Man in the Shack.
We were never caught, and I regret nothing!
(Yes, on Monday our sergeant gave us a collective verbal drubbing, and told us never do it again.)
It's a worthwhile endeavor if you think it is. Really, people learn all kinds of languages. It's a different perspective on how to do things. I learned Rust using the online tutorials, then I went and implemented N-Queens solution and a more complex dining philosophers solution. Do I use Rust at work? No, but I would like to do so. I think it's a decent language, although the lifetimes stuff can be a PITA.
Learn it, use it, and implement something. Have some fun!
The ARM TrustZone is a joke, and it's a rather bad one. If Samsung has implemented their cryptography properly, and if the firmware and OS use it properly, then it goes a long way towards eliminating a lot of threats. Positive identification of a phone really isn't that big of a deal. The big deal is to keep malevolent code from running on the device.
The one thing I couldn't understand about Windows was why didn't they design in so many good ideas from Unix land? After all, they had Xenix. Apparently they ignored Xenix completely during the development of all of the Windows incarnations. "kill -9" should have a song written about it.
Let's see, according to the title, that would mean Multics.
While IBM did have support for TCP and web servers on their mainframes, it was always just insanely expensive. That gave Sun an edge, but that edge was lost when Linux got good enough to do the job. Now it's pretty much all derived from System 7, and an open source reimplementation of System 7. Makes one wonder what it would be like if AT&T had either clamped down from the get-go and never let System 7 out the door, or never paid any attention to K&R's efforts at all.
The microphone is doing the conversion of sound waves to electrical signals, not the browser. It would be best to limit the microphone in Android or iOS, not mess with a spec. While there isn't a snowflake's chance of building a ski slope in hell of it happening, it's a better chance than changing a spec or API.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
