Posts by Paul Crawford 5665 publicly visible posts • joined 15 Mar 2007
I doubt it now, the only two compulsory forms of insurance in the UK is for vehicles on public roads, and employee insurance.
But it is normally smart to have some cover for other things, assuming (unlike the MOD case) the exclusions are not going to render it useless. It is the same with some spacecraft launches, the premiums can be so high that it comes to "self insuring" the launch, especially in the case of a first real-world launch of a new rocket with real payload(s).
That's not particularly fast for your average stroll around the internet, but according to the paper 1,000bps would enable real-time keylogging, could transmit an entire 4096-bit RSA key in a little more than four seconds, and could steal private cryptocurrency keys in a quarter of a second.
If you already can run malware on the target machine to manipulate power draw and you can get close enough, then I would imagine you could get the key out by other means for more easily. If the machine really is air-gapped so no internet, then its private RSA key is not terribly useful to outsiders?!
So quite an interesting achievement, but I'm not sure how much sleep anyone needs to lose over it.
It is the same thing. You simulate what you think are the laws of physics at whatever scale and situation and see if they predict what you observe, and if that goes well you try to predict new stuff - and then you can turn up the hardon's to 11 and see if you find experimentally what the software predicted.
If you get a decent match then you have determined your theory is not wrong so far. You never really prove 'right' in anything other than maths, but if all of your predictions that are testable go well, you have a theory that is useful for predicting stuff within the region of tested hypothesis.
Step 1) Let Musk pack his toys and run away from anywhere that forces him to follow the rules others do. Let the cost of building lease termination come down on them. Hopefully the remaining employees say F-you and leave instead of relocating.
Step 2) Get your popcorn and see how long Twitter stays up.
My father has a Sharp "word processor" which was basically an electric typewriter but you could preview the text before it started hammering the paper, and save it to floppy. Eventually it died and he desperately wanted access to the saved files which, to be fair to him, he generally had saved two copies on different disks.
Unfortunately the floppies were oddly formatted, sort of MS-DOS but not quite, and any windows machines saw them as corrupt/unformatted so wanted to format them and so trash the data. Also the file format was something peculiar to Sharp and they did not have any information on it (presumably long lost code).
I was able to make an image of the floppy disks using Linux and the 'dd' utility, then I could mount a copy of that image as a virtual floppy on a VMware machine running DOS 6.22 that could chkdsk them without damage and so render the files readable without cross-links, and then copy all of the files off. All dated Jan 1980 as the typewriter had no clock, of course.
Finally I was able to write a small C utility that would extract the test from the odd .doc files and translate some of the special characters such as 1/2 or 3/4 into Unicode, etc, and render a version that could be printed on a modern computer in a manner that was tolerably close to the paper copies of some letter he had that I used to reverse-engineer the formatting of the files.
First nobody is being deprived of their information and second people freely choose if they wish to share it or not.
They are being deprived of their sovereign rights to privacy, and many cannot choose to opt out of this if it is some gov agency, employer, or key business that has gone with the lowest-bidding company that plays fast and loose with data reuse rules.
AWS ground services are odd, they really don't fit in to Amazon's business model of large scale and cheap to run as the nitty-gritty of operating a radio service has a lot of country by country rules along with the ITU oversight. What they probably hope to achieve is folks using AWS storage and servers once data comes down, but even there you might be better elsewhere.
There are many others offering ground stations as a service: ATLAS Space Operations, RBC Signals, Leaf Space, K-SAT, Swedish Space Corporation, Contec Space, etc, etc.
The reasons for central generation still apply, it is still more cost-effective than having lots of lower efficiency units everywhere.
The main 'advantage' of getting folks to do so is more of a voluntary taxation arrangement to reduce stress on the centrally managed system. In strict economic terms it does not pay.
During the Gulf war the US had to rely on civilian GPS in a hurry so they turned off the "selective availability" feature normally in place during peace time.
Yup, exactly the opposite of what you would expect (war = degraded accuracy). The Clinton administration realised this was pointless so changed policy:
https://www.gps.gov/systems/gps/modernization/sa/
Hmm, I seem to remember that mobile networks and digital TV depends on GPS (or system of choice) for correct operations, so at best this is to help navigation in dense areas and is in no way a usable alternative to GPS due to said dependency. Unless they totally rework it all to work without GPS and relying on optical timing and some other knowledge of the base station locations, all at huge cost and effort, which won't happen without a gov mandate and them being expected to pick up the cost...
However, if a power failure needs serious effort or hardware fixes to get it going, its a shit system.
Who here has not see a UPS fail and simply take out the supply instead of going to bypass? (Think of any unfortunate APC owners)
Or, less commonly, a local digger has JCB'd the local 11kV feed and your power is off for hours and UPS exhausted? (Generators are available, some of them might even work when needed)
In the case of Huawei the UK gov / GCHQ did not find any back doors, but they did fine plenty of piss-poor software process control and general bugginess. Nothing terribly surprising there, and indeed the likes of Cisco, Fortinet, SonicWall, etc, have plenty of critical CVE related to their products to suggest they are not much better.
Beyond the issue of deliberate back-doors to specific product, many devices now phone home and can do firmware updates "for security reasons" on their own. If you control the company that controls that process you can simply find products on a given IP range and push our special versions of the firmware to them. And that is the fancy way, simpler is world+dog using your cloud service that is available to your government of choice (not just China, but also USA Cloud Act).
Trust nobody really, keep crap off the outside world with your chosen combination of VLAN and firewall rules, etc. Not only for government spying but for other industrial espionage and general criminal hacking for fun or profit.
We use Vivotek which is Taiwanese and have been very good. Yes, the hardware is made in China (at least models i have used) but firmware is not under the immediate influence of the CCP, which really is the obvious political risk.
But no matter what, you should assume cameras and other IoT tat is insecure by design and have them isolated from both the internet at large and any critical systems.
It will break other things. Until now you could assume UTC and the Earth's rotation were aligned to 1s or less, so many astronomical or satellite software would use that knowing there is a bound on the error. Not any more, they will have to get the offset value from somewhere.
While means an internet connection and security implications.
It also means such systems will break subtly when some muppet changes a web site design or domain name and said offset file is no longer at the same URL, or if they disable some older version of TLS, etc.
And all because software is being created by people who do not bother to understand time-keeping nor test it.
Come now, by comparison Musk is an amateur! Truss cost £65B in intervention in half the time he has been screwing around with Twitter, and also a massive long-term cost to the UK's reputation (and thus international borrowing costs):
https://metro.co.uk/2022/11/04/uk-was-hours-away-from-potential-meltdown-after-trusss-mini-budget-17698497/
Both are excellent examples of hubris in action, sadly we all pay somehow.
Complete memory safety cannot be enforced in C/C++ in any practical manner.
Good programming practice goes a long way, and there are guides for C programming for safety critical systems such as cars (see MISRA guidance), etc, available that go through the sub-set of syntax you should use and things to avoid doing as they commonly result in bugs.
However, you (and others) can go a long, long way to avoiding problems by turning on the highest warnings and using various analysis tools, both static (e.g. lint, coverty scan, etc) and dynamic testing (e.g. the electric fence library, valgrind). I would be willing to be a large portion of security faults come from not listening to and correcting warning (possibly as legacy code had so much that developers wound back on the checks).
Beyond that, and for all languages, you can also use tools such as AppArmor for mandatory access control so software once executing is limited in what it can do by rules designed around what it should do.
Sadly try that with many programs like web browsers and its a complete mess of rules and requests for stuff you really, REALLY wonder wtf the developers thought they needed to poke around all sorts of places in the OS just to play cat videos and brows the web.
Indeed. It amazes me that something as basic as power steering would ever need a "calibration update" in the first place.
My father used to have a Citroen CX in the 80s and it had fancy self-centring hydraulic power steering (actual servo, not assist, and with fake centring feeling) but it also proved to be VERY reliable.
Heating bulk water by microwave has no energy advantage over a resistive element. Might even be worse if you don't completely capture the cooling/waste heat of the microwave device(s).
The only reason is it more efficient when cooking is you heat the water in the food quickly, not the whole oven for long periods.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
