Who would have guessed that the stupid complexity of your typical UEFI start-up code, along with little on no peer review, would have lead to security holes?
Posts by Paul Crawford
5636 publicly visible posts • joined 15 Mar 2007
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- Next →
UEFI flaws allow bootkits to pwn potentially hundreds of devices using images
Brit borough council apologizes for telling website users to disable HTTPS
China's Loongson debuts processor that 'matches Intel silicon circa 2020'
X/Twitter booted out of Australia's disinformation-fighting club
Re: False premise
Not an issue. Now that major ISPs have site blocking systems in place, it is only a court order away.
Yes, there are several ways to circumvent it and probably small ISPs don't support it, but if it blocks 80-90% of typical twits than it has done its job as far as a financial penalty (i.e. loss of advertising opportunity) goes.
Re: False premise
Fines are not much of a deterrent if you're not around to pay them.
Blocking of any advertiser revenue is the deterrent.
Blocking the web site might seem a bit far, but they do that for The Pirate Bay and similar who ignore copyright laws, so I don't see why not here. Again, less eyes, less revenue, and shows the world you are prepared to enforce things against those that take the piss.
Logitech's Wave Keys tries to bend ergonomics without breaking tradition
Japanese tech startups testing cash incentives for office return
Data-destroying defect found after OpenZFS 2.2.0 release
Re: ZFS here we go again
I would not simply pull a hot-swap disk out of RAID and hope for the best. Normally you would identify the failing/faulted disk and remove it from the RAID set first (if not already automatically managed by some NAS appliance with flashing LED to show you it is ready to be pulled, etc).
The main point of "hot swap" is you don't need to reboot the controller to see the new disk.
Re: ZFS here we go again
ext4 might be "dependable" in terms of mature code and no bleeding-edge features, but it lacks a lot of the data integrity checks that ZFS has. AFIK it only checksums the journal by default, and lacks some of the atomicity guarantees on file replacement (other than a few hacks to detect a move-rename and flush the recently updated file, etc, to keep it in line with the ext3 behaviour).
Re: Checksums
The insidious problem here is the corrupted data from the bug is then check-summed, written elsewhere, and then appears good on disk.
You can get the same issue from ZFS and the likes if you don't have ECC memory - the block in memory gets corrupted and nobody knows, it then ends up of disk with a "good checksum" afterwards, and has been whitewashed.
Bottom line is it is incredibly hard to write a safe file system, even simple designs have had serious bugs in them.
Re: ZFS here we go again
ZFS on the other hand only has one single issue: it doesn't support removable devices very well.
To be fair for a FS designed to include RAID as part of its mass storage operation then "removable device" is not a typical use-case.
It's a shame Linux doesn't have a single, decent in-tree file system.
Sadly that is true of most OS (other than the dead-man-walking Solaris, and FreeBSD).
Singapore to deter crypto investors with tactics like those used on smokers, gamblers
The most dedicated fools will always find a way, but it will reduce the total amount of trouble to society and those friends who sadly are a bit jelly-brained when it comes to these things.
Based on your comments, do you really think that stopping advertising and promotion of cigarettes was a bad thing? That is has not reduced smoking overall and so the health troubles from it?
USB Cart of Death: The wheeled scourge that drove Windows devs to despair
In the mid-2000s I was involved in developing a USB powered radio peripheral that was using the generic MS USB driver for XP to talk to it. One day I managed, via the peripheral's firmware, to crash the XP box so badly it screwed the MBR. Yes, that serious a flaw in their own driver's code. The IT department had to re-image to box. So much for post-Win98 USB support being OK!
Maybe I should have got in to penetration testing instead?
Taxing times: UK missed out on £1.75B because of digitization delays
FFmpeg 6.1 drops a Heaviside dose of codec magic
How to give Windows Hello the finger and login as someone on their stolen laptop
Will anybody save Linux on Itanium? Absolutely not
Re: for well over ten years
On related project work, there were Windows NT machines running on Alpha machines, at the time throttled to just below 300MHz (limit for US export control then) and then MS dropped support it along with other non-x86 architectures was a serious wake-up call that MS can't be trusted on new technologies. In fact, on anything...
Texas Instruments had a VLIW family of DSP processors around the late 1990s that I had the sad misfortune of working on. Again the promise was 1GIPS of performance from a 200MHz or so clock rate (which seems nothing now, but then was seriously impressive), but that was only possible on very specific code segments when the various internal units (integer cores, MACs, loop counters/index, etc) could all run code in parallel. Which was rare. What made it worse was the piss-poor compiler tools that hardly managed to optimise C-code for that sort of a situation, a life way too short to learn its assembly rules, and to cap it off a long instruction pipeline that was dropped, with a serious performance hit, any time there was an instruction branch (i.e. an if statement or break in a loop).
End result was a mediocre performance in reality, and a few years on it was beaten on performance by x86 style chips that had OOE and branch-prediction capabilities. Not to mention far better compilers for PCs, many of which were also free, and greater ease of debugging.
NASA's Psyche spacecraft beams back a 'Hello' from 10 million miles away
Re: Great work!
Also you might note that the article in El Reg, or indeed the press release, is not say what speeds were actually achieved. Just woolly words about being faster:
“DSOC was designed to demonstrate 10 to 100 times the data-return capacity of state-of-the-art radio systems used in space today”
What makes of radio systems? At what distances? FFS just tell us what speeds?
Re: Impressive.
You can deliberately diverge the beam to make pointing less critical, but that of course negates the link advantage of using light (wavelength in the um range) instead of radio (in the cm range) for any low rate missions.
And no, at that distance it is not "high rate" by near-Earth standards. For near-Earth use laser comms promises a lot higher data rate than radio as you can have many, many, GHz of modulation bandwidth that is simply not available in most of the usable radio spectrum, here the advantage is the sharp focus of the laser in delivering enough power where (hopefully) you are listening and not elsewhere.
Windows users can soon ditch Bing, Edge, other bundleware – but only in the EU
BOFH: Monitor mount moans end in Beancounter beatdown
Child psychiatrist jailed after making pornographic AI deep-fakes of kids
Late Qualcomm cofounder teleports $200M into SETI to bankroll hunt for alien life
Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections
I'm guessing if it came to it, most browser companies will produce an EU version that meets this law, and a World version that has trusted/vetted CA certificates. Perhaps just a configuration setting apart (assuming web browser designers grasp there is more than a google search box needed)?
No sir, not identifying any secret certificates. But sure, if you are outside the EU only use these ones that we trust...oh what is that Skippy? Those EU CA companies are being dropped world-wide due to a lack of trust? Oh dear, how sad, never mind!
Android VPNs to get audit badges in Google Play Store if they aren't comically crap
Re: There is no "safe" VPN
It comes down to who and what you are defending against. I often use a VPN just to make it that bit harder for advertisers and busybodies in local authority (not necessarily TLAs) to follow me, and also to have a relatively fixed IP address when travelling so I don't get pestered with 2FA and other annoyances to prove who I am every time.
We're getting that fry-day feeling... US Army gets hold of drone-cooking microwave rig
Re: Hmmmm..
Indeed you can design a drone to resist frying tonight, but then you are not getting the cheap off-the-shelf parts to build from and suddenly thay are $M+ a pop, not $1-10k a pop and that makes a massive difference to the tactics and options to supply. That alone makes this sort of defence valuable.
Cybercrooks amp up attacks via macro-enabled XLL files
Microsoft's 11-year itch: The uncelebrated anniversary of Windows 8
I just don't really see the point getting my panties all in a wad over something that I stopped noticing in a week. That seems like a very unhealthy fixation if you ask me.
So you are happy to spend whatever time it takes to support employees, friends & family who do see problems introduced by pointless changes?
You are happy to re-write documented processes to keep up with the whims of some idiot who decided to break things for the sake of a "modern" look?
Clearly it's so easy, and all Microsoft had to do was just consult someone like you, so...
They could have kept the old options, just like XP allowed "classic look" to keep win2000 look and feel. Just how hard would that have been? After all if you tried doing anything with w8 and similar sooner or later you would find the jarring change to an old control panel menu, etc.
Intel dumps its silicon photonics bells and whistles into Jabil's lap
Boston Dynamics teaches robo-dog to recognise speech, respond using ChatGPT
Re: "This illusion was enhanced by adding silly costumes to the gripper and googly eyes"
I should have ignored the siren's call to search for that, almost the first hit was "6 Best Robot Sex Dolls In 2023" suggesting not just that they existing in more than one guise, but this is not the first year they have run such a review.
Well, obvious really =>
Just one in ten UK orgs have significant AI investment plan
Re: Plan for ... what?
I suppose some companies could be figuring out how to use AI to provide (even more) atrocious customer service very cheaply. AI may well be able to do that .... in a few years ... probably.
Most likely.
Sadly even when you get a human after some utterly useless voice-operated call screening (that only works for a small set of voices), you often find they are also ones who fail the Turing test.
Boffins find AI stumbles when quizzed on the tough stuff
Re: GPT-4 model managed to score 700 out of 800 on the SAT maths exam
That is a truer test, like getting it to write, debug and test a program instead of copy/paste stack-exchange, etc.
But the reality is most humans 'train' on past paper examples, etc, and most academic institutes keep the same approach as making the exam harder more realistic in terms of problem-solving would cause an unacceptable drop in pass rates. And skulls mean money, not brains...
Microsoft seeks EU Digital Market Acts exemption for underdog apps like Edge
On-by-default video calls come to X, disable to retain your sanity
Boffins say their thin film solar cells make space farms viable
It is 20 years since the last commercial flight of Concorde
I was fortunate to fly once as I bought a ticket when they announced its withdrawal as I realised it was never going to happen again. It was a marvel of engineering and I feel that BA was rather spiteful in ensuring no flyable craft were left, at the very least it could have flown at air shows like Spitfires, etc, even if not flying commercially due to the withdrawal of manufacturer support.
Comfort-wise it was fine, and while not as luxurious as first/business class flights today, it was only 3 and bit hours, not the gruelling 8+ hours if cattle class most of us endure if we need to get to the states.
A toast to the numerous engineers and scientists that made it work, really it was the UK/France equivalent of the Apollo program =>
GNOME Foundation's new executive director sparks witch hunt
Shucks Chuck, how many employees pay = one Cisco CEO?
Progress towards 'Gigabit Europe' is slow, with UK also lagging
Wi-Fi in practice* is never going to be as fast as Gigabit ethernet. Also in my area of UK you get FTTP with a choice of speed/costs so in my case I went with "up to" 300Mbit rather than "up to" 900Mbit as more than enough and half the cost. So far I see close to max speeds most of the time, suggesting fairly low uptake of the contended segments.
[*] As in through walls and with every other bugger in your (and neighbouring) block of flats also running Wi-Fi.
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- Next →