* Posts by Doctor Syntax

16449 posts • joined 16 Jun 2014

Forget Mirai – Brickerbot malware will kill your crap IoT devices

Doctor Syntax Silver badge

Re: Telnet really?

"Anybody that deploys any Unix computer with telnet installed and answering is a moron and should consider a career change."

The people deploying these don't know they're deploying a Unix computer. They think they're installing a gadget they bought in a box that says video camera, video recorder, thermostat or whatever.

Doctor Syntax Silver badge

"Unlikely as it would probably cost less to do a fly-by-night and reappear a few weeks later under a new name."

Rinse and repeat every few weeks until the market learns that no cheap devices survives for long? Fine if you want to keep driving round in a Robin Reliant van.

Build a brand that earns a good reputation and that brand is actually of value. That's where the big money is in the long term.

Doctor Syntax Silver badge

Re: @Doctor Syntax - make buyers more careful in future

"but of course then you are paying a lot more so that's a step most won't take."

It depends on how many cheap devices they buy and get bricked. The penny will drop eventually.

Doctor Syntax Silver badge

"Whats the probability that it was written/commissioned by someone who has been on the receiving end of a bot DDoS attack"

Or someone with a better device to sell clearing away the competition?

Doctor Syntax Silver badge

Re: Is it just me who is secretly applauding this...

"mostly it's just adding another headache in the lives of poor bastards that just want to automate their homes"

And the poor bastards who, by trying to automate their homes (in itself a solution looking for a problem) are becoming a headache to vast swathes of the internet. Look on it as overall optimisation.

As a lot of the targets of botnet herders and of this attack seem to be security DVRs it's likely that at least some of them will have been installed by "professionals". If someone prompting themselves as a security professional installs an IoT device without securing then their customer care operation deserves all the grief it gets.

Doctor Syntax Silver badge

Re: Is it just me who is secretly applauding this...

"Unless, of course, THEY'RE getting bricked, too, meaning you're damned if you do and damned if you don't."

That's the point. This is going to brick insecure devices in general. If you're making one of them you'll find both you and your equally insecure competitors are having your products bricked. In any case you're almost certainly just relabelling the same product as your competitors. If you don't tighten up your operation you're toast. And if they don't your competitors are also toast. Those of you who get wise have taken on some extra costs but you're still alive but, because you've all had to take on extra costs (either by your upstream vendor improving the product or changing to another vendor's product) you're all moving in step. It remains the same competitive market but at a slightly higher price until the extra cost has been absorbed.

The alternative is that the generic Chinese approach gets such a bad reputation so quickly that only well-known brands are able to sell by getting a non-bricking reputation. This could even be an operation by someone with a better product aiming to wipe out the competition.

At the moment it seems to be working on a thing by thing basis from C & C servers. If it gets turned into a worm it will propagate a lot faster.

Doctor Syntax Silver badge

Re: Is it just me who is secretly applauding this...

"a shedload of support calls and returned 'faulty' items might get their attention."

As Charles 9 keeps telling us, a lot of this stuff is bought on the grey markets which might make support and returns more difficult. However, it will affect reputations and make buyers a lot more careful in future when they come to replace the bricked items. That, more than anything, will grab vendors' attention.

And the oft touted argument of price competition between vendors really doesn't come into it. There's no point in being a penny or two cheaper than the competition if nobody's buying your product because it's known to get bricked.

Facebook's 'delightful' AI Clippy the Paperclip creeps into Messenger

Doctor Syntax Silver badge

Re: and it will be as broken as Google is

"Sometimes one feels safer knowing that there are no musical groups comprised of alto clarinets, bagpipes, banjos, and violas."

I think our local arts centre could probably assemble one at fairly short notice.

Staff, projects shed as Ubuntu maker Canonical tries to lure investors

Doctor Syntax Silver badge

Re: Reason to invest with Canonical

And do it all without snooping.

Doctor Syntax Silver badge

Re: Live by Linux, but it's getting more Windowsy every day

"Add to this the PITA of systemd. I know somebody will pick me up on this"

I will, but only to agree with you.

As to KDE you can turn all the fancy stuff off. Irrespective of whether it sucks all the performance out of the UI it's just down-right annoying.

Doctor Syntax Silver badge

"That was true until systemd came along"

Amen, brother. But there's no convincing way to argue that systemd is modelled on Unix.

Doctor Syntax Silver badge

"I can't say I'll miss Unity."

Neither will I. It was designed on exactly the same desktop-to-mobile premise as the Windows 8 interface and misguided for the same reason - different use cases need different interfaces.

What I will miss is the effort to get a non-spying OS on a non-overpriced phone. One possible outcome might be that commercial investors restart the Ubuntu phone development going without the overhead of pretending that the same interface can work on a desktop with the downside that they'll insist on cloning the Google/Android business model.

"Linux on the desktop has always been marginal; it's really a server OS that works okay in embedded applications too, which is why Android could use it."

Think this through. Why can what you allege to be "really a server OS" work okay in embedded?

It's because any OS modelled on Unix is a portable and properly layered system. Portable means that any part of it can be compiled for different CPU architectures. Layered means that the kernel can carry a run-time appropriate to the use case: a cut down payload for embedded, a mobile-oriented* payload for Android or a standard set of Unix utilities with or without a choice of graphical interfaces for desktop or server.

No it's not "really a server OS". It's an OS. Just because you struggle with it doesn't mean that our elderly relatives can't manage it when we use it to rejuvenate their old PCs.

*The modular driver system helps here.

Printer blown to bits by compressed air

Doctor Syntax Silver badge

Re: Air lines

Lab airlines aren't usually particularly vicious.

Chemicals OTOH... Because of the nasty biologicals that might be encountered we used chromic acid as a cleaning solution. The best way to impress a new assistant of the care they needed to take with it was to toss a piece of paper into it so they could see it disappear instantly.

'Amnesia' IoT botnet feasts on year-old unpatched vulnerability

Doctor Syntax Silver badge

Meanwhile someone seems to have taken an alternative approach to insecure devices: https://www.bleepingcomputer.com/news/security/new-malware-intentionally-bricks-iot-devices/

Outsourcers blamed for cocking up programmes at one in three big firms

Doctor Syntax Silver badge

Re: "talent models"??

I assume "talent" means "employees"...?

It seems to be the case. I came across someone describing himself as a talent manager. Probably HR finally got fed up of being called Human Remains.

Doctor Syntax Silver badge

Re: Outsourcing only works...

"A contract may not have spirit, but the people implementing it do.... I've worked with contractors and outsourcers who have been willing to go beyond the letter of the contract"

True. We used to have a saying in the PCG forums that the contract is only for when things go wrong. If it's your own business there's a lot of value in having a happy client. It brings renewals or new clients because of your reputation; most of my contracting career I had pimp-free contracts for this very reason. (The sad thing, of course, is that the IR took advantage of the spirit of such arrangements to characterise contracts as IR35-caught.)

Doctor Syntax Silver badge

Re: one of the main issues

"It's not universal, but in general, in-house IT staff deal with an application as if it's theirs, and treat it as such ... If it goes wrong, they know they'll have to deal with it, and so take a bit more care. if it's not what the business need, they'll question things, as it'll save them rework in the future."

More than that. The in-house staff know that what the system does is what ultimately earns the money that pays them. They have skin in the game that outsourced staff half the world away don't.

Doctor Syntax Silver badge

Re: Outsourcing only works...

"In the end, people spent more time arguing about the letter and spirit of the contract than anything else."

Well, there's the source of your problem: believing that a contract has spirit as well as letters.

Doctor Syntax Silver badge

Re: I am amazed!

You aren't allowing for the fact that half of them would be too embarrassed to admit it. The remaining 1/3rd probably also had problems but they'd been successfully hidden from whoever was interviewed.

Doctor Syntax Silver badge

Re: I think I see what's happening

"There's nobody left who hasn't outsourced"

Yes, but the early adopters have already insourced again so they're now ripe for outsourcing.

Doctor Syntax Silver badge

"management will always rather listen to what an external cunsultant says than to their own expert staff. Even if it's exactly the same."

That's because it costs them more. Price = value. The consultant can ask the expert and then pass the answer on along with a big bill. It's called adding value.

Customer satisfaction is our highest priority… OK, maybe second-highest… or third...

Doctor Syntax Silver badge

Re: You lost my sympathy right here:

"what if your home has hard water"

It doesn't. In fact, when we moved here from High Wycombe it de-furred the kettle in about 2 weeks flat.

Doctor Syntax Silver badge

Re: Frankie SAY Relax

"Say", not "Says". Tsk.

You're thinking of the wrong Frankie. He meant Frankie Smith down the pub.

Doctor Syntax Silver badge

Re: BS 5216C:2005 Proof correction marks (Pack of 20)

Don't forget an adequate supply of stet.

Doctor Syntax Silver badge

Re-reading the comment, and bearing in mind where your story ended up, I wonder if it was a joke we all missed.

Doctor Syntax Silver badge

Re: tea please

"paper cup of hot water"

Hot? Luxury!

Doctor Syntax Silver badge

Re: "coffee please"

"in a cup that last saw a dishwasher"

Toddington services?

Doctor Syntax Silver badge

Re: "coffee please"

"I'll have a tea."

It'll probably be served tasting faintly of coffee.

Doctor Syntax Silver badge

Re: Local bowling club does signs right

I'm always a little bemused by signs in public toilets to the effect of "Please leave this toilet as you'd expect to find it". That depends entirely on your expectations of the state of a public toilet.

Doctor Syntax Silver badge

Re: Public wifi?

"arse handed to you on a plate."

Don't say things like that. It'll be on the menu in no time at all.

US govt ceases fire in legal spat with Twitter to unmask anti-Trump 'immigration official'

Doctor Syntax Silver badge

Quite likely the arrival of Twitter's suit was the first anyone sufficiently high in DHS's legal department had heard of it and they probably went ballistic.

How their GDPR ignorance could protect you from your denial

Doctor Syntax Silver badge

"How so? it makes no difference how a bank interracts with it's customers, the data held will be the same."

You have some problem you need to get sorted out.

Scenario 1. You go into a branch, talk to someone, get it sorted. No data.

Scenario 2. You try to sort it out on line Succeed or fail there's data recorded.

Scenario 3. You ring up, maybe because you didn't succeed on line or you knew better than to try. "All our calls are recorded for training purposes...".

Doctor Syntax Silver badge

Re: Sounds line a nice earner to me

"how many of them get found to be in breach!"

All of them most likely.

Doctor Syntax Silver badge

"But none of it will.mean anything if the authorities don't bother to enforce it"

With the ability to issue fines on that scale of course they'll enforce it.

Doctor Syntax Silver badge

Reading the article I wonder if the banks will realise the risks that over-reliance on online and call centres will have brought them. I look forward to a wave of branch openings. I'll probably have to wait until a few of those large fines have been handed out so bring 'em on.

Doctor Syntax Silver badge

Re: Conflict of legal requirements ?

"The thing some companies fail to grasp is that just because they have the data for reason a, doesn't mean they can use it for reason b."

One way would be to have separate databases for a & b. It would avoids that category of error. Unfortunately it introduces a new one, that of keeping one of those databases up to date. The database that's used for trading needs to have its names and addresses up to date, the marketing database may well rot in isolation. However there's an effective solution: throw away the marketing database and add value to the business by stopping pissing off customers with unwanted mailshots and spam.

BOFH: Defenestration, a solution to Solutions To Problems We Don't Have

Doctor Syntax Silver badge

Re: Basement

"Sadly, over here, they often put I/T departments in the basement. It does make it a bit more challenging to push the boss out the window"

Insist he needs to see for himself the critical problem that's just developed with the cooling plant of the roof.

Aviation regulator flies in face of UK.gov ban, says electronics should be stowed in cabin. Duh

Doctor Syntax Silver badge

Re: It's fine

"No-one minds dying in an accident, just as long as they don't get killed by terrorists.

That's what I'm inferring from what the politicians and media are saying, anyway."

What you should be inferring is that politicians don't mind you dying in an accident just so long as you don't get killed by terrorists because they won't be blamed for that.

Doctor Syntax Silver badge

Re: It's all verry simple

"Not so easy with many sealed unit items without removable batteries."

The item might have started off sealed but with sufficient determination...

Doctor Syntax Silver badge

Re: Logic

"I'd attach a glider behind the airplane, carrying luggage."

I had the same thought. Maybe we should patent it. Next step, the flying caravan...

Doctor Syntax Silver badge

Re: Entirely predictable

"download it onto a rented laptop after arrival at your destination. I'm guessing the spooks will definitely have access to the cloud."

Why bother. They can get access to it when you hand the laptop back before you depart.

Doctor Syntax Silver badge

Re: Entirely predictable

the device "stolen" for analysis

Or just plain stolen.

Doctor Syntax Silver badge

Re: First AC

"The US was very much 'it's their problem' on the matter"

In fact, it was so much of a matter of "it's their problem" that it extended to letting their own citizens finance it providing it was on the other side of the pond.

Doctor Syntax Silver badge

Re: That was not unexpected...

"there just aren't as many nutters out there as the security services would like us to think."

And rather more spontaneously combustible batteries than they've taken into account. It's more a matter of weighing up the risks of alternative courses of action than deciding to follow one on what are, in effect, PR grounds.

Germany gives social networks 24 hours to delete criminal content

Doctor Syntax Silver badge

Re: This will be interesting and maybe nasty

"The only practical way of doing that is to get a credit card number and take some money from it, to establish the useful identity through the banking system."

One problem: credit card fraud.

Doctor Syntax Silver badge

Re: Enforcement?

"This sounds like a way to sidestep any need for the usual processes of enforcement, such as courts."

Not really. Presumably failure to comply would have to go through the courts at which point the criminality could be argued. What it does do is require some nifty decision making as to whether there would be a good case to take to court and some erring on the side of safety. Eventually there'd be sufficient court decisions to make this a more informed process.

Twitter sues US govt to protect 'Department of Immigration employee' who doesn't like Trump

Doctor Syntax Silver badge

Re: Problem here

"those in the civil service and administration who make these sort of requests have nothing to lose"

Misfeasance in public office?

'Evidence of Chinese spying' uncovered on eve of Trump-Xi summit

Doctor Syntax Silver badge

Re: "by the threat actors, "

"So far, nothing is greater than it was four months ago."

US political history isn't my field but hasn't he achieved the greatest ever rate of churn in senior political appointments?

Doctor Syntax Silver badge

Re: I wonder who tipped them off?

"That depends who is likely to be the most embarrassed by the revelation.

The Chinese for getting caught or Trump for his government being hacked."

There's quite a list who would line up to embarrass both.: the Russians, the Norks, S Korea, Taiwan...

ICO fines 11 big charities over dirty data donor-squeezing deeds

Doctor Syntax Silver badge

Re: You can see how the deep dive into the data would work

"No point fining the CEO or trustees - they are not paid very much (relative to FT350 companies with a similar turnover) and is would only prevent the charities being able to attract good talent."

If the trustees are allowing this sort of behaviour it throws the notion of "good talent" into question.

Biting the hand that feeds IT © 1998–2019