* Posts by Bitsminer

30 posts • joined 13 Sep 2017

Sacked NCC Group grad trainee emailed 300 coworkers about Kali Linux VM 'playing up'


Re: they should have simply swapped out the laptop

Er, s/laptop/lusr/g


(Turns out they did after all).

Bordeaux-no! Wine guzzling at UK.gov events rises 20%


Re: Canada?

Yep. But production is tiny. One vineyard in Chile is larger than all the vineyards of British Columbia together.

(About 4000 ha/10,000 acres)

It's really good. And we're not sharing!

Linux kernel Spectre V2 defense fingered for massively slowing down unlucky apps on Intel Hyper-Thread CPUs



Reliability and trustworthiness now has a spectrum of options to be selected. Get it wrong and get pwned!

X86 = Special Executor for Caching Troubles with Revenue Extraction

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)


Re: Drive firmware updates?

Can happen. Dell, as an example of this, publishes update packages that go through every drive in a raid controller updating the firmware. Offline of course. IIRC the firmware is signed.

Worrying Windows 10 wrecking-ball weapon weirdly wanders wildly on worldwide web


new Microsoft slogan

"We're not happy until you're not happy."

"Borrowed" from Air Canada.

Forgotten that Chinese spy chip story? We haven't – it's still wrong, Super Micro tells SEC


Latest from Amazon...

Amazon announces their latest book, by Xi Jinping:

"If I Did It"

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

Thumb Up

A couple of other points

...because similar motherboards were in use "in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships."

Uhhhh, nope. Chinese-manufactured motherboards cannot be sold to US governement agencies, especially military or intelligence. Stuff has to come from one of a trusted list of countries called TAA (Trade Agreements Act, FAR 52.225-5). China is not on this list.

Just try to find a disk drive not made in China. Thailand maybe? Been there, had to find that. Did.

..."the middlemen would organize delivery of the chips to the factories."

Wow. Just wow. This is classic misdirection. The Intelligence folks are trying (and largely succeeding with Bloomberg, el Reg, WaPo, etc) to focus attention on one vulnerability, namely surreptitious factory modifications. But there are more, so many more. A few hints:

o Connectors. Yes, those boring black thingies with wires going in, and out. Embedding a chip within a connector requires no BMC changes, is difficult to check even with Xray, and completely unobservable. And since there is exactly one connector model that fits in exactly one place, no wastage. Profit!

o Firmware "adjustments" as many others have suggested. But where? Not just SMI flash but ... power supply flash. RAM controller firmware. CPU firmware. Or simply radio transcievers embedded in the board (or connector) that introduce firmware changes at boot time. (Where is the transmitter? Hmmm...maybe power supply RF emissions?)

o Known zero-day vulnerability in....CPU (obviously), BMC firmware (also obviously), but: Ethernet chips, memory controller chips (like RowHammer), PCI bridge chips, etc

o NSA black bag ops. However, at the scale of Amazon, Apple, etc, probably not cost effective. Except see my next point.

One thing not mentioned by El Reg, is the scale of procurement by Amazon, Apple, etc. Unless merely for development purposes, these companies purchase servers by the container-load (where the container is pre-loaded with racking, switches, power, servers, etc). Thousands of servers per container. The assembler might be persuaded to mung things up. It seems a remote possibility but the supply chain risks at this point (well after the motherboard factory) have not been addressed in the press that I can see.

+1 for El Reg and very well reported. Thanks.

UKIP doubled price of condoms for sale at party conference


Not for me

I wouldn't stand for it.

Database ballsup: NHS under pressure over fresh patient record error


Only two sources of truth?

Surely this can't be right. Dig a little deeper and there should be another ten or twenty databases and applications with patient or medical or facility data. NHS is an old bureaucracy.

Trio indicted after police SWAT prank call leads to cops killing bloke


Re: Officer could still face charges

Umm. Violation of his civil rights.

Even the 4 cops that assaulted Rodney King got charged with that one. And King didn't die of the beating.

Brit Attorney General: Nation state cyber attack is an act of war


Imminent threats

"or present an imminent threat of"

Well. Google "phases of cyber" and you will find 5, 6 or even 7 phases. Let's take the shortest:

1. Reconnaissance

2. Scan

3. Exploit

4. Persist

5. Exfiltration

Item 6 would be "echo 1 > /sys/dev/reactor/meltdown/begin"

Item 4 would be evidence of an imminent threat. Would the Minister nuke the russkies for installing a backdoor?

The difference between cyber espionage and active cyber ops is a keystroke. Deal with it.

Wah, encryption makes policing hard, cries UK's National Crime Agency


Re: Ridiculous!

I see that you included


On your ban list.

But TSB....never mind...

Symantec shares slump after revealing internal investigation


"Revenue reached US$1.222 billion, up ten per cent year-over-year.

CEO Greg Clark was pleased that the company’s annual enterprise sales crept up one per cent and happier still that consumer sales grew by six points..."

Ummmmm....if two segments are up 1 and 6, how does the total come up 10 percent?

I think some arithmetic is amiss.

How 'parasitic' Google's 'We're journalists!' court defence was stamped into oblivion

Paris Hilton

So there you have it

Google is officially parasitic.

SpaceX's Falcon 9 poised to fling 350kg planet-sniffing satellite into Earth orbit


"NASA boffins hope Musk's firm doesn't make a mess of TESS"

I see El Reg still has its headline writing AI in beta. Deep beta.

Sysadmin wiped two servers, left the country to escape the shame


Re: Incremental backups?

"ISO 9001 only specifies that you have a process and follow that process in a documented fashion. It doesn't specify that the process has to be any good or have any value."

We are ISO 9001 registered. We can repeat our mistakes exactly.

If you've got $1m+ to blow on AI, meet Pure, Nvidia's AIRI fairy: A hyperconverged beast



$3,000 for an Arista 100G switch? Think again.

Citizen Lab says Sandvine network gear aids government spyware



The report is a useful example of attribution. Can't blame the Russkies or Norks here.

Blame Canada: "Ontario-based networking equipment company Sandvine".

Slingshot malware uses cunning plan to find a route to sysadmins


State-sponsored and only a few hundred infections?

Seems like a typical govt mess: $ per victim is huuuuge just huuuuge.

On the other hand, six years under the radar and only found accidentally.

Seems like there are varying degrees of sophistication even from the "same" "actors".

Arista almost done with Cisco workarounds as revenue and profit soar


Stock price bounce

Arista's stock price has been bouncing +/- 20 percent the last few days. A day-traders dream.

Arista is basically eating Juniper's lunch.

Pour yourself a tall one, Juniper investors. It's lost money again


Arista is eating their lunch.

STOP! It's dangerous to upgrade to VMware 6.5 alone. Read this


I remember VMS

Back in the days before rtfm was a word....

The boys in the project down the hall paid several kilobucks for an in-field upgrade of the VAX-11/780 to a dual processor '782. Downtime was about 4 or 5 days while the extra cabinet was bolted on.

And then came time to boot up. It didn't.

After a couple of days on the phone, tech support asked what version of VMS was installed. Oops, should have upgraded the software before doing the hardware! VMS 4.1 [iirc] doesn't support SMP! Meanwhile 10 programmers were stuck reading magazines and wandering the hallways.

[In those days, one CPU at 0.005 GHz could support 10 coders on their VT100s.]

NASA is pretty pleased with its pulsar-sniffing intergalactic GPS tech


Re: Any benefit

The current tech can only precisely determine the distance to earth. The are 2 more dimensions needing to be measured. Instead, a few x-ray pulsars across the sky allow eventual precise determination of position. It might take a few days each (pulsar) to be sure of the timing.

And the detectors are only a few kg and half a metre across. Much smaller than the current antenna for comms back to earth. The AE-35 is not required.

On a higher level, this enables, or requires, a more autonomous spacecraft. AI, you know.

Remember those holy tech wars we used to have? Heh, good times


Theo vs Linus


And of course it's all about security. And m10g m5s.

Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row


More humor

This was obvious in hindsight ... come to think of it, I'll put that on my tombstone.

In hindsight, won't you be dead? How, then, do you put it on your tombstone?

Re- they don't employ morons in the NSA.

[Citation needed]

Does an axiom need a citation?


TAO is official

Is this the first official acknowledgement that TAO exists?

Car trouble: Keyless and lockless is no match for brainless


"I dread replacing my 25 year old Volvo with a current model. Too much technology for technology's sake."

The battery on my early 1990s BMW 535 lasted...12 years. It was quite the surprise at the dealership when they told me it was a factory original.

A friend with a recent X5 had to surf YouTube to find out how to log into his car's firmware to tell it that he was changing the battery.

YMMV. Your patience will vary too.

Equifax CEO falls on his sword weeks after credit biz admits mega-breach


Ethics statements fell very very flat

Have a read of the Equifax employee ethics standards (page 21 and page 22). A lot of corporate fluff about preserving IP and being careful not to expose confidential data and care with relations with customers. Paying customers, that is.

Absolutely nothing about the care and protection of personally-identifying-information. PII. Which is their whole business.



Re: Not going to receive his bonus

Bonus? Why? He gets $USD 18,477,100 for retirement. (According to the company 2017 proxy statement.) That is almost the least they can give him (it's $100k less if they actually terminated him but that is probably chump change compared to litigation costs).

There are also vested stock awards; unlikely, I think, that he will get much out of those.

El Reg is hiring an intern. Apply now before it closes



>We pride ourselves on Biting The Hand That Feeds IT.

First task should be to rewrite the slogan. Some suggestions to get them started:

- Slighting the bland that gives two fleas

- Blaming the blight on B2B

- Making the slight seem all too wee

And so forth.

If the quality doesn't impress, pay them something.

Biting the hand that feeds IT © 1998–2018