* Posts by gnwiii

11 posts • joined 6 Nov 2018

Not exactly the kind of housekeeping you want when it means the hotel's server uptime is scrubbed clean

gnwiii

Re: The cleaner did it.

Years ago my workplace had a satellite ground station that needed to run 7x24. The various bits were all plugged in to a wall-mounted power bar that was connected to a hefty Ferrups UPS. About once a week the UPS log would report an "overload". Checking the times of the shutdowns we found it correlated with the cleaning schedule. The regular outlets in the room were all under the equipment tables, so the UPS-supplied power bar was the most readily accessible place to plug in a vacuum cleaner. The cleaners were told to use outlets in the hallway outside the room.

Why worry about cost of banning certain Chinese comms providers? Fire Huawei, says analyst

gnwiii

The US was not like China

Historically, the US presented a very different threat profile compared to China. US spying targeted governments and terrorist organizations, not industry. US taxpayers paid the bills, so the US government didn't need hacking for profit. The US has a history of cooperating with other countries to combat hacking for profit. The US once had effective whistle-blower mechanisms (intended to provide a way for someone like Snowden to pass information to overseers), Congressional oversight, and an independent court system. Before the Trump administration, a US entity found hacking for profit would have been shut down and faced legal proceedings. In

practice, many such hacks come from jurisdictions beyond the reach of US and EC authorities.

Today, the biggest security problem for individuals is the potential for leaks from data compiled by the "internet giants" and large corporations. These data are used in a variety of ways that involve internet access, and there have been many examples where "for profit" hackers have stolen data.

We should be focusing on internet infrastructure without examining mechanisms (whistleblower protection, independent oversight and courts) to ensure that bad behavior can't be hidden and that bad actors are punished.

German ministry hellbent on taking back control of 'digital sovereignty', cutting dependency on Microsoft

gnwiii

Consider liability

In the past, large organizations have often favored commercial options because, in the event of trouble, they could blame the supplier. Now, however, many risks have ambiguous chains of responsibility. Did an employee click on a link that installed malware? Should the vendor have provide software that didn't have as many security issues? Does it benefit anyone to blame unknown and/or untouchable perpetrators? Suppliers of proprietary IT kit are use licenses and contracts that shield them from liability and require dubious arbitration mechanisms to resolve disputes.

An instructive example occurred in Nova Scotia this week after a construction crane fell across several buildings (one under construction). Tenants of two occupied buildings were require to evacuate until the crane was removed, but the construction company could not arrange insurance in a reasonable time frame, so the province (e.g., taxpayers) had to exercise its sovereignty to declare a state of emergency and assume liability so the work could start immediately. Note that delay increases risks of further damage and added delays if another storm occurs.

Mission critical IT systems in large organizations should never have been allowed to reach a state where the organization can't assume effective control if something (ransomware, loss of a data centre to acts of nature or war, etc. ) goes bad. At present, however, expertise is in short supply because security has been pushed to the edge instead of being baked in during development. This means it will be painful for many organizations to reach a position where they could assume control, and they are exposed to elevated risks until they improve their position.

The Year Of Linux On The Desktop – at last! Windows Subsystem for Linux 2 brings the Linux kernel into Windows

gnwiii

Re: But why?

It is a fact of life that large enterprises have IT bureaucracies that seek to have someone else to blame when things go bad. For linux, this makes RHEL the "corporate standard" for large enterprises in N. America.

Here are some use cases:

I recently retired from a job in the Government of Canada (GoC), which, along with many other large enterprises, uses Windows as the "Enterprise Desktop Standard". GoC has large-scale linux clusters for remote sensing, atmosphere and ocean modelling, etc. These tasks makes heavy use of linux shell scripts, so the GoC groups using linux have Cygwin or Msys64 on desktop PC's. Such practices are common for large enterprises, but without a vendor, users have an uphill battle justifying the use of these tools. WSL gives users access to bash scripting and IT someone (M$) to blame if WSL causes problems.

In the USA, there are major software systems developed over decades by the US Government that would be difficult to port to Windows. There is also constant pressure to make the software available on Windows, due either to political support of M$ or perhaps because it would allow the software to be used in university teaching labs. One way to do this is to use the linux software in a network service and then develop a native Windows client. WSL allows users to run simple processing jobs using the Windows client (e.g., while developing large scale workflows or for use in student labs) without the need for a separate linux system.

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

gnwiii

Re: Fed up with these nonstop security issues

"Nowadays, every time I see another (alleged) major security issue splashed all over the Internet I just chuckle and carry on with life."

This is dangerous thinking. Some of these nonstop security issues can be used to disrupt essential services such as utilities (power, water, internet), large facilities (airports, refineries, food distribution warehouses). Some security issues have been in the toolkits of nation-state and criminal enterprises long before they became public. With increased attention to the social media activities of nation-state and criminal enterprises, the use of stolen accounts for such activities is increasing. The US Government is so busy denying that nation-state hacking contributed to the current post-turtle president's election victory and distractions such as the "border emergency" that it has neglected cyber security for essential services. A key element in the US elections was use of social media to enhance existing divisions. Europe too is dealing with divisions between left, center, and right wing elements, separatists (Spain), racism, etc.

It is quite possible that the only reason we haven't seen more large scale attacks is competition among nation-states and criminal enterprises for control of key assets.

Security is hard, and requires ongoing diligence. Too many businesses have been given a free pass due to lack of penalties for peddling shoddy implementations. Cell phone batteries that catch fire are recognized as a danger to the public. Mistakes in widely used encryption tools have the potential to be used for crippling attacks. This is a clear and present danger and nothing to chuckle at.

So, that's cheerio the nou to Dundee Satellite Receiving Station: Over 40 years of service axed for the sake of £338,000

gnwiii

images are all available elsewhere -- until something breaks

No ground station is 100% reliable. The NASA direct download mailing list sometimes has requests for missed data.

Windows Subsystem for Linux distro gets a preening, updated version waddles into Microsoft's app store

gnwiii

Re: Price

"... I'm pretty neutral when it comes to Linux distros other than preferring ones that don't come with SystemD."

I'm using WSL for Ubuntu and Debian. Although both use systemd for bare metal installs, neither WSL configuration uses systemd.

Don't be too shocked, but it looks as though these politicians have actually got their act together on IoT security

gnwiii

US industry should support standards for IoT security

In the auto industry, many vehicles available outside North America don't meet safety standards, so competion for US manufacturers is reduced. At present, consumers have few ways to judge the quality of IoT devices, but they know how much they are paying, so cheaper mostly wins. With credible standards many consumers will pay more for compliant devices. Local governments are heavy users of IoT building management and security cameras. With credible standards, it will be much easier to justify spending more on a better class of devices. For US industry, the standards will be a barrier to cheap imports from vendors who lack the expertise to build standards compliant gear. A big question will be how much influence US law enforcement can exert to have standards mandate back-doors.

Surface Studio 2: The Vulture rakes a talon over Microsoft's latest box of desktop delight

gnwiii

Re: Hmmmmm!

Space is at premium in cubicle farms. Every watt the gear consumes adds to the A/C bill. Noise from desktop cooling fans and rotating storage mean that mass storage and compute-intensive processing is done in server rooms. Small form factor PC's with external monitors need extra power outlets and clutter tiny workspaces with cables. All-in-one has one or two cables (power and perhaps network). Desktops with external monitors need 3 or 4 cables (2x power, monitor, and perhaps network), which means you need more cleaners. IT time to set up and relocate desktops costs more than all-in-one systems and could be significant if worker turnover is high. The retail pricing for all-in-one systems seems inflated. Bulk purchases all-in-one should come in below the cost of similar spec desktop+monitor configurations.

I'm just not sure the computer works here – the energy is all wrong

gnwiii

Re: on a similar note ...

At my work we had just received one of the original IBM PC's. The PC crashed every afternoon at 4PM, so I put a multimeter on the outlet. Sure enough, at 4PM the outlet dropped to 90 volts and the PC crashed. The problem was traced to faulty wiring for a huge ventilation fan controlled by a timer and set to go on a 4PM.

Macs to Linux fans: Stop right there, Penguinista scum, that's not macOS. Go on, git outta here

gnwiii

Re: Why Linux on Apple Hardware?

In the past, Apple hardware has generally been reliable and there is a large community of linux on Apple hardware users so linux bugs affecting Apple hardware get more attention. If your livelihood depends on having a reliable linux laptop, paying extra for top quality makes good business sense. Thinkpads are also popular with linux professionals for the same reason. In general, the reliability of high-end systems from major vendors has been catching up with Apple's laptops, so I would be surprised if fewer people are running linux on Apple hardware in the future.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020