* Posts by John Smith 19

16326 publicly visible posts • joined 10 Jun 2009

Flaws in web-connected, radiation-monitoring kit? What could go wrong?

John Smith 19 Gold badge
WTF?

Joking aside are these the most potentially seriousl vulnerabilies seen outside of Stuxnet?

Stuxnet was designed to seriously damage enrichment centrifuges loaded with Uranium Hexafluoride, which would be pretty nasty even if it wasn't radioactive (a dab of water vapor and you've got a cloud of Hydrofluoric acid in your face, which is best avoided if you want to have a face left).

Here we have the option to trigger site evacuations on demand, or conversely a no inspection pipeline to take nuclear material out of a plant. What's very disappointing is this kit looks like it costs serious money and is only installed by serious people who are worried about some very nasty s**t indeed. :-( .

Granted, outside of fiction actual real full on "nuclear terrorists" are virtually unknown but with IoT security this loose (plaintext data transmitted by wireless, and hence readily forged) how many of the regular sort of terrorist, or just general nut jobs, wouldn't be tempted to take a punt?

It seems it doesn't matter how expensive the IoT hardware is, the security level is still s**t.

John Smith 19 Gold badge
Unhappy

Still, not like it's doing anything important with life threatening implications

Oh, they do..

Strong and stable, my arse. UK wobbles when coping with ransomware

John Smith 19 Gold badge
Unhappy

"Strong and stable, my arse. "

But

<gollum>

We wants it

We needs it

We must have hard Brexit.

</gollum>

You and Rupert Murdoch, eh Golly?

John Smith 19 Gold badge
Unhappy

"Mandatory Access Control..is available on Windows...Why doesn't anyone use it?

Good questions.

Probably because

a) It either has, or is expected to have a massive performance hit

b) People don't think it will work, because it's Microsoft

c) It's defaults are too generous to users

d) It has too few levels to deliver adequate granularity of protection.

e) It requires actual management. IE someone has to decide this is needed, authorize someone to do it and see it gets done IE rolled out to all users.

Those are the obvious answers. Never having used it I cannot see what the real barrier is.

John Smith 19 Gold badge
Unhappy

You do wonder about the British response

Because until you've had an infection you don't really know how you'll cope. The question calls for a judgement call which on how it will be handled and on the day the team may just pull it together and stomp all over it.

Likewise 5 times in 1 year sounds very bad.

But does that mean "log shows another attempted entry. That's 5 this year" or "S**t have the ERP files have been hit again?"

I'd like to hope IRL it means the first time caused a fair bit of chaos but that was a wake up to get their s**t together, with the other 4 being easily fended off.

Attention British IT staff.

Yes, ransomware is a thing. Good standard procedures (listed earlier in the thread) will cut down your risks a lot.

If you are not using them, why not?

If you think "It can't happen to us, we're too small" think again.

On the internet everyone is the same size (to malware) and everyone is the same distance away. Infecting you is really no bother to them. They can infect a few dozen more while you're still deciding if you have been infected.

It took DEF CON hackers minutes to pwn these US voting machines

John Smith 19 Gold badge

Re: Argos. Shop and vote with ease.

There is only one true answer here

John Smith 19 Gold badge
Unhappy

"would have used up to date machines, but the manufacturers were too scared ro let them"

I don't know if this is true.

But if so it doesn't say anything good about any mfg.

John Smith 19 Gold badge
FAIL

Now watch the companies chaff clouds

"We take the security of the democratic process very seriously"

"Your vote is important to us"

"These were old machines which were retired because there were insecure"

Yadda, yadda.

"Voting machine" is the very definition of single purpose, embedded, niche system. It's got one key task to carry out. It's OS should be pretty stripped down to begin with and how big should the application it runs need to be FFS?

This is a story that deserves to be more widely reported.

Systemd wins top gong for 'lamest vendor' in Pwnie security awards

John Smith 19 Gold badge
Unhappy

"he's not even particularly good at it,..stitching together some kind of Frankenstein's monster."

"It's alive! Alive I tell you!"

Oh dear, this can only get worse until something quite bad happens.

John Smith 19 Gold badge
FAIL

Systemd...

I thought it was bad.

Didn't realize it was so epic a fail.

An award richly deserved.

Pre-order your early-bird pre-sale product today! (Oh did we mention the shipping date has slipped AGAIN?)

John Smith 19 Gold badge
Coat

Alaistair Dabbs. First tech journalist on the Moon,

It's one small step for man.

One small step for El Reg expense accounts?

It's a full pressure suit. The weather round here is murder.

UK waves £45m cheque, charges scientists with battery tech boffinry

John Smith 19 Gold badge
Unhappy

Re: Where do I apply?

"Related paper: (not mine alas).. https://www.nature.com/articles/srep16325"

Paper states

"Amongst a variety of materials, LiTi2O4 (LTO) is a unique candidate for our experiment with the use of a Li-ion battery structure because LTO exhibits superconductivity with a critical temperature as high as 13.7 K"

That's significantly below LH2, which is already viewed as a deep cryogen IE it's a massive PITA to handle and expensive.

You'll need a much higher temp material to make this work. But finding what that would be, and testing would probably be in scope for such a grant.

John Smith 19 Gold badge
Thumb Up

Re: Think "cold fusion" and ask why it hasn't happened yet...

"What do you mean it hasn't happened yet? It's real, it was published in 2005, it's inexpensive, it fits on your desktop and, unfortunately, it's completely useless for energy generation. "

Intriguing. I've always wondered what happens if instead of scaling up these things you scaled down, and saw the effects of field concentration on very small, very sharp electrodes.

IIRC there are a number of diagnostic systems that could be a lot more manageable with a "neutron generator" if it was productive enough.

The trouble is most people with an interest in such devices want to place inside a lump of fissile material, making it one of those difficult to discuss subjects.

Still, y'know, wow. Fusion, at room temp. On a desktop. Who saw that one coming?

John Smith 19 Gold badge
Unhappy

TBH I'd look at integrating PV panels into vehicles & improving regenerative braking.

Let's be real, there is no f**king way the UK is going to build (or afford to build) the staggeringly large amount of infrastructure needed to move to electric cars. That being the case something that does put some charge in the battery is better than nothing.

John Smith 19 Gold badge
Unhappy

So where would that leave developing a sugar solution fuel cell?

Innovative? Very

Needs improvement? Definitely

Potential? Huge for vehicles or other applications, as it's an easily made room temperature storable liquid

Sustainable? Blighty grows sugar beet, as does the rest of Europe. Sugar can can also be used and the UK has some of the worlds biggest sugar processing companies.

But it's not a battery. So while in principal it could practically replace petrol in the supply chain without the chain missing a beat what do you think's going to happen?

Hackers can turn web-connected car washes into horrible death traps

John Smith 19 Gold badge
Unhappy

"Probably give 'em a wide berth from now on."

Well that's the thing.

99% of the time going through a car wash will result in the outside of your car being cleaned and nothing else.

Unfortunately there is no sign on them that lights up saying "Now under remote control of homicidal nutjob, get out" for the other 1%.

Making the whole process a lot more "interesting" than most people would want it to be.

Depending on how widely this is reported in MSM this could do a lot of damage to the mfg reputation.

Which, given they had this information for 2 years, would be well deserved.

John Smith 19 Gold badge
Unhappy

They gave the mfg 2 years to do something about this and the mfg did FA

Until they finally looked like they were facing public exposure to people who could use the information.

No Mr Mfg, you didn't think this is your problem, but it became your problem the moment you decided to let your machine be connectable to the internet.

Personally I don't want them to go out of business, but I suspect they sub-contracted this to someone else, leaving them to do the clanky, electromechanical bits (which can still be a PITA to get right).

If I'm right they have no one in house who understood what a s**tstorm this could cause.

But now they are about to find out.

John Smith 19 Gold badge
Unhappy

Basic rule: just because you can do something doesn't mean it's a good idea.

"And the converse also applies: just because it's not a good idea it doesn't mean you can't do it."

Both equally sad.

And both equally true.

John Smith 19 Gold badge
FAIL

"We controlled all..machinery inside the car wash and could shut down the safety systems,”"

It's that last part that makes this an epic fail.

I can (sort of) see a "test" mode where safety cutout switches are disengaged, like for an industrial dryer so it can be watched spinning while the door is open. AFAIK this needs the service engineer to be physically present and to physically do something to make it happen.

But allowing that to be engaged remotely? Are you f**king kidding me?

Monitor status of safety systems, yes. Change them remotely, no.

At heart we have a lot of mfg with the attitude "Security is not important. No one cares about our stuff enough to hack it. There's no money inside it"

They really don't get that if there's a server on the internet someone somewhere will want to know what it does and they will file that information for mischief or money.

BTW In a spirit of fairness other no longer supported insecure embedded OSes do exist.

Should you stay awake at night worrying about hackers on the grid?

John Smith 19 Gold badge
Unhappy

"as well as disaster recovery and business continuity are addressed proactively."

And on the really big scale....

I hope you can segment your section of the grid if it becomes necessary.

But the really big one is wheather you're prepared to keep a stock of those big, high voltage transformers in storage.

They are slow to make and normally mfg using large electric are furnaces, fed by the same kind of transformer, so a sufficiently serious event could clobber the supply chain for them as well.

John Smith 19 Gold badge
Unhappy

"are these the same hackers..trying to abuse the smart meter I have..ensured will not be installed

No.

These guys are after much bigger game.

Shutting down whole sections of the power grid, or whole power plants, or both.

They want to play Tetris with whole counties..

Profits plunge 40% as BT coughs up £225m to avoid court battle

John Smith 19 Gold badge
Unhappy

Our brands will be BT, EE and PlusNet

So, British readers, you know who to avoid.

How's that transformation coming, Teradata? Numbers down as org morphs

John Smith 19 Gold badge
Unhappy

Umm. Because people think shoving a lot of data into "the cloud" and then chomping on it

is stupid?

Bezos' bonkers bank of bucks beats big Bill's brilliant billionaire bundle

John Smith 19 Gold badge
Unhappy

So Gates get's in a huff, shorts Amazon stock for the win?

Amusing, but unlikely.

Although when you've got the kind of wad you could beat s sperm whale to death with...

Cellphone kill switches kill cellphone snatchers

John Smith 19 Gold badge
WTF?

And elsewhere in the US?

Or do the phone companies only switch on this functionality in SF?

USA to screen tablets,
e-readers and handheld games before they fly

John Smith 19 Gold badge
Unhappy

Actually the TSA found about 60 handguns on planes last year.

Needless to say they were all brought on board by US citizens to internal flights.

But this BS sounds like another effort to make a government more repressive.

"Insisting on perfect safety is for people who don't have the balls to live in the real world" as Mary Shaefer put it.

Inside the ongoing fight to stamp out govt-grade Android spyware

John Smith 19 Gold badge
Unhappy

"to target older versions of Android that are no longer being patched "

Were they ever?

Isn't it decades past the time when it should be a legal requirement that if you put out something with an OS on that's network connect you're responsible for supporting that OS for reasonable period?

Not a nice thing to do, a legal requirement.

The opsec blunders that landed a Russian politician's fraudster son in the clink for 27 years

John Smith 19 Gold badge
Unhappy

For some $17m would have been enough.

But then if you're in a hotel suite at $20k a week it won't last long.

Amazing new algorithm makes fusion power slightly less incredibly inefficient

John Smith 19 Gold badge
Unhappy

"We've already got a huge fully functional, self-sustaining fission reactor 150m km away "

You might like to look up the difference between fission and fusion.

In fact concentrator solar arrays can hit 43%.

The problem is not the array.

It's getting a big enough array to orbit, and getting the power back.

'SambaCry' malware scum return with a Windows encore

John Smith 19 Gold badge
Terminator

"CASE NIGHTMARE GREEN " is being held in reserve.

For what Simon Peggs character in MI3 called "The Anti-God"

of malware.

I'll leave others to think about what that could mean.

John Smith 19 Gold badge
Unhappy

"Qt..so the creators..stick with familiar environments, save..the pain of learning..Windows APIs,"

And who hasn't done that?

Being a malware writer, eh? It's just work, work, work.

I think we all feel your pain.

That is if most of us didn't wish you would just die in screaming agony for all the chaos you cause.

Cloud-stitching startup pitches NVMe FPGAs for SSDs

John Smith 19 Gold badge
Coat

"Plus the sort of people who can program a finite state machine probably "

That's the thing about FSM's.

You don't program them.You implement them. In hardware. That's where you get the speed from.

Of course you can implement an FSM interpreter that navigates through a state table.

Which is what YACC or Bison are.

Mine's the one with the old digital design text with the chapter on "Mealy-Moore" systems.

John Smith 19 Gold badge
Unhappy

Gosh, CISC processors too slow for low level HW access so design RISC processor in FPGA

What is it about modern HW designers?

"I can't do it without a fully Turing complete processor in the chip. I might get into problems I can't solve."

Handy hint. Most low level protocols can be handled through Finite State Machines. The issues are error handling (which should be infrequent enough you can escalate to a higher level of processing) and the number of states, but state compression tools and design approaches have existed for decades.

Not really seeing the benefits here that scream "I need this in my life, NOW."

NASA lights humongous rocket that goes nowhere ... until 2019

John Smith 19 Gold badge
Unhappy

"(Saturn V or Atlas V?) The Block 2 SLS is targeting a 120,000kg payload."

Indeed. That's the Saturn V.

Atlas II (as the repurposed ICBM was called) was much smaller, and still used the pressure stabilized steel tanks developed by Karel Bosart.

Nothing will get within sniffing range of the Saturn V until FH actually flies, hopefully later this year.

John Smith 19 Gold badge
Unhappy

"And they're surprisingly low pressure, fuel goes up to 45 bar, oxidiser only up to 30 bar."

What you've missed is that each of those pairs of turbo pumps operates in series.

What you've listed is the output pressure from the Low Pressure Fuel & Oxdizer TP's.

The "High Pressure" TP's are driven by the flow from the Preburner and are more like 7000psi (around 470bar) (to feed the Preburner) feeding the Main Combustion Chamber operating with a back pressure around 2-3000psi.

Given that studies of engine costs suggest that development costs scale as the cube of maximum chamber pressure this may explain why SSME was such an expensive engine (it's also pretty big and uses liquid Hydrogen, neither of which help).

John Smith 19 Gold badge
Unhappy

"I'll put my money on a Skylon."

If only a few more companies would.

John Smith 19 Gold badge
IT Angle

Due to timing the controller uses 2 MC68k processors on the same chip.

Which were only mfg for NASA for this task.

So probably run out of chips.

The RS25 was one of the jewels of the Shuttle programme. There were a fair few mods that could have made it both higher T/W and more reliable. Using it in expendable mode is deeply stupid. Hopefully this time round they will use actual off the shelf chips.

Since it will operate no further than LEO they don't really need to be space rated either.

Disgraced Entatech founder Jason Tsai tossed in the clink for contempt of court

John Smith 19 Gold badge
Unhappy

Playing the old "deadly" Ernest Saunders defense.

The only known Alzheimer* case to ever recover.

Note the very smooth way he shifted straight into "criminal thinking" mode

How can I get out of the country?

How can I move my assets and who to?

I'd bet a closer look at his business shows a long history of some very creative accounting.

These guys do have one weakness (they've got plenty of flaws as human beings already). They absolutely believe there is no situation they cannot talk their way out of because people will believe them (It's quite simple. They think all humans are gullible, trusting and stupid. If anything that's their real "cognitive dysfunction").

Logically the smart move was to stay in Taiwan and live with what he got away with but I'd bet he came back because he's absolutely convinced he can talk the liquidators into letting him keep most of his assets.

It's really quite satisfying to put one of these Aholes in jail, even if it's for a (relatively) short time.

*Strictly speaking presenting with symptoms of an Alzheimer like nature which turned out to be caused by something else (the worry about going to jail for a long time for being part of a large scale share price fixing club, which he was, perhaps?)

OnePlus cash equals 5: Rebel flagship joins upmarket Android crew

John Smith 19 Gold badge
Unhappy

No microSD port?

No way.

One day I'll see a phone that manages to do all the obvious, simple, boring things right.

This is not it.

Fan of FBI cosplay? Enjoy freaking out your neighbors? Have we got the eBay auction for you

John Smith 19 Gold badge
Coat

Re: FBI cosplay? Had me thinking of J Edgar Hoover for a moment.

Now, now.

Pix, or it didn't happen.

ALIS in Blunderland: Lockheed says F-35 Block 3F software to be done by year's end

John Smith 19 Gold badge
Unhappy

" C/C++ lets you make errors faster (even with a 158 page style guide).

Ooops.

The coding standard is in fact only 140 pages long

It also turns out that quite a lot of the Flight Control System, ECM and EW and weapons system stuff is being written by Blighty's very own BAe.

I'm sure British readers hearts will be swelling with national pride at that thought.

I'll leave the C/C++ devs in the house to decide if they'd be comfortable with these sorts of rules, although I would expect that modern IDE's can be configured to enforce most of the simpler ones directly.

John Smith 19 Gold badge
Unhappy

"at least 75% of them can be solved by simply turning the F35 off and on again."

Unfortunately quite a lot of those will need you to do that while flying.

This may be quite tricky.

Astroboffins discover that half of the Milky Way's matter comes from other galaxies

John Smith 19 Gold badge
Go

It's one of those "I'm surprised this has not been tried sooner"

Obviously people have known that if the only way to make higher elements was fusion then we are all the remnants of supernovae explosions.

The (potential) surprise is how far away some of those explosions were. As a layman if I'd thought about it at all I'd have expected them to be within our own stellar "neighbourhood," definitely within out own galaxy due to needing to exceed galactic escape velocity otherwise.

Which apparently quite a lot of matter could.

The next challenge will be to see if you can prove the origin of those atoms, which I think will be difficult. Still an interesting idea.

Reminder: Spies, cops don't need to crack WhatsApp. They'll just hack your smartphone

John Smith 19 Gold badge
Unhappy

"Toss in court approved and we're good to go. In theory. "

Yes.

The difference between the theoretical control and deployment, and the actual, is what makes most people pretty nervous.

iRobot just banked a fat profit. And it knows how to make more: Sharing maps of your homes

John Smith 19 Gold badge
Headmaster

I..get a kick when FB users refer to themselves as customers,..in reality they're.. the product

They are users, not customers.

Product is what FB advertisers buy from FB.

Which is the data on habits of the users and access to them on their pages.

"Product" is exactly the correct word for them.

Revealed: 779 cases of data misuse across 34 British police forces

John Smith 19 Gold badge
Unhappy

OMG. It seems some of these forces actually have audit trails to track who runs queries.

And occasionally someone actually checks them for unauthorized activity.

Who'd have thought it?

I am of course joking. All sensitive data should be protected my multiple layers of control.

Starting with "Don't collect it in the first place."

BTW I don't think any ex UK plod who's been arrested for corruption has ever written an autobiography where they admit it.

Ever.

An 'AI' that can diagnose schizophrenia from a brain scan – here's how it works (or doesn't)

John Smith 19 Gold badge
Unhappy

Seems pretty low res.

27 000 is 30^3. Not exactly down to the neuron level, is it?

This is indeed "machine learning" in a very limited, highly mathematical way.

"Artificially Intelligent?" I don't think so.

Apart from false positives (or negatives) we also have the question of wheather the same results are part of other metal illnesses or disorders (illnesses are treatable, disorders have to be managed), of which there are a lot.

So it's a start, but there's a long way to go.

BTW all joking aside in most cases of schizophrenia the "split" is between the patients idea of reality and actual reality, often with the symptom of hearing voices.

Creepy tech tycoons Zuck and Musk clash over AI doomsday

John Smith 19 Gold badge
Unhappy

Re: That would be like hiring a Nobel Prize winner to mop your floor.

"You mean like this man?"

What an astonishing life, and what astonishing achievements.

He sounds like he should be as famous as the Tuskegee airmen.

Sadly I fear it's not the sort of story Hollywood will make a film of.

John Smith 19 Gold badge
Unhappy

" An algorithm..interlocking policies..insurance company uses to deny a melanoma-screening test, "

Indeed.

In fact insurance companies were one of the big users of "decision tables," to let them code the rules into software and let staff experts understand the rules they were going to use.

Very few people use DT's, probably because very few courses teach them. They are simple, allow non IT specialists to understand and review code logic and can be made Turing complete. Art Lew of the University of Hawaii probably did the most to develop them by improving optimizing techniques for them.

For one night only: Net neutrality punch-up between Big Cable, Big Web this September

John Smith 19 Gold badge
Unhappy

What will an oligopoly feel like with the end of net neutrality.

I don't know.

But the US is going to find out.

On the internet (being) big business is always better than being small and being biggest is best of all.