Posts by Crazy Operations Guy 2513 publicly visible posts • joined 29 Jun 2009
I love the premise and really want to play it but, really, only ios and Android? Even if I had a compatible phone, I still couldn't play it as I have no cell signal at work, and when I'm not at work, I'm either flying to/from work, or at home where I have no desire to play games.
Real journalist get the perspective of every involved party when writing an article in order to get the clearest and fairest view of events. The fact that Apple hasn't responded mus be included into the article to indicate that Apple had a chance to rebut the text in the article but refused to do so (With the benefit that it protects the Register from potential charges of libel or bias).
For the most part, its 'Neutralized a terrorist threat'. No need to make it even sound like a human was involved, much less killed. You also have the option of just saying "Terrorist plot foiled" and the public will just picture some turban-wearing, faceless guys in a cave full of AK-47s and suicide vests getting shot by a heroic square-jawed group of Gi-Joe style Marines.
Its fun to run things on other ports. I run ssh on a high-numbered port and run a dummy version of ssh on 22, it just grabs the username / password and the IP of the machine into a csv file and then respond with 'access denied', (Its actually just OpenSSH compiled with an authentication library that does nothing but writes out the data given to it). Now I have a nice big list of usernames and passwords from the bots, and since its coming from multiple bot-networks, I get a wide variety and can sort on the most common to get a very efficient list that I then use for pen testing. That list has greatly reduced my time-to-compromise for my pen tests.
Only our IT staff are allowed to log in via SSH, and they use key-based authentication and are given files that specific distrust the public keys given out by my fake ssh server (That key happens to be 00:11:22:33:44....).
Worked with some software like that (boss bought it because he wanted to bang the sales lady). The software at one point went through and decided "No one has touched this "/etc" directory in a long time, must not be important. Also clobbered the /backup on the file server I created (Since it had the same 'last modified' time as the /etc directory). Spent all night with duplicated of that disk trying to rebuild fstab (System had about 40 some-odd mount points, most of which had similar filesystem contents) and its Sendmail config...
Lucky for me, it wasn't too long after that happened that the sales lady finally, and completely, shot down my boss, so he became embittered and wanted any software that she sold to be deleted (he was a very emotional guy. The type that would buy an attractive woman a house if she went on a date with him).
It'll be a long time before companies will want to move over to ARM systems. Companies don't care about long-term cost savings when there is the risk that everything will just fall apart. The two biggest costs for a company with a large server real-estate are: maintenance costs of the hardware and development costs of the software that goes on it; the power cost for the systems and initial purchase of the hardware is minuscule. Even if the code itself doesn't need any re-work, you still need to do months and months worth of QA testing before management even considers moving over to a new platform.
While companies love money, they aren't willing to save 5% on operational costs if it means risking the entire things collapsing for even an hour or two. Repayment to clients due to SLAs and lost business, not to mention the bad PR will cost a business far more than the cost savings of going with a different platform.
For the past 15 years, I've been trying to get a client to replace their HP 9000 dinosaurs with x86 hardware and the above have been their counter-arguments. And if I can't get a fairly dynamic company to move away from a completely dead platform and would create close to 85-90% cost savings, what hope does ARM have when trying to get companies to move away from x86?
Worked for two years in Upstate New York in the city 10 miles west of Elmira (I am under an NDA to not mention the company name, which is also happens to be the name of the town its headquartered in), I could barely get 16 Mbps with TWC. The only other option was satellite, the phone lines were so poor that not even dial-up would work right, let alone DSL...
After working in NYC for the two years before that, I am fully in support of upstate split just north of White Plains and either becoming a state unto itself or absorbed into one of the neighboring states.
No, its clearly a hardware issue. The MMU being used seems to not be doing its job. A proper MMU should, at the very least, clear the contents of any memory that is to be assigned for use. Nowadays, it should be clearing memory as soon as its been freed. At the very least, it should be part of routine house-keeping on the part of the MMU.
Although a part of me suspects that there isn't even an MMU present at all, which is quite troubling...
Try OpenBSD, no polkit, no consolekit, no pulseaudio. I've been running a full desktop (XFCE, firefox, and LibreOffice) on a Sun pizzabox for more than a decade now, all the Linux distros I've tried on it just crawl for a while and then die. I also have an old Lenovo L410 laptop running OpenBSD and it just flies.
"Any good stories for, say, 'On Call' or the bootnotes section?"
I have a few. Here is the one I remember the most:
With our computer-controlled prototype, the programmer didn't see my note about a change to the motor control chips, we also received the wrong motors (I misread the order-number decoding table in the manufacturer's catalog). The newer controllers could handle quite a lot more load than the older ones, plus had finer-grained control over each motor (which used a different byte format, more on that later). We were also using a different motor configuration to improve efficiency.
Test day came around, a dozen motor clusters taped into place on our test rig (A silicone anatomically and proportionally correct model of a woman). System is booted up, all tests come back successfully. The motors are turned on to their lowest settings and all is going as planned. Next comes time to to bump the motors up one, at which point three things became clear to me: one, the programmer hadn't changed the endianness of the data going to the motor controllers; and two, the motors are orders of magnitude more efficient than my calculations would have suggested; and three, the motors that I got were, in fact, capable of handling the level of energy I was pumping into them. The motors started going crazy and started pulling up the tape while I was trying to shut the system down (and finding out that ctrl-C does not clear the motor controllers, but keeps them at the last state...). Before I could unplug everything, the motor clusters had successfully released themselves and now there were about a dozen metal eggs flying about, tethered to a control box and its power supply (Which also had its power outlet right next to it). I had to crawl being my chair, using it as a shield, to get over to the workbench and unplug the thing. Even with the shield, I still ended up quite a few bruises on my body and my office / lab ended up trashed.
The lesson here, I suppose, is to always, always double check your numbers. The motor part numbers were made up of a force ID, plus number of brushes and a lifetime factor. So intended to buy motors with an ID of 200, 6 brushes, and lifetime of 9, so ordered motor part 20069, when I should've gotten 269 and thus ended up with motors of a force/load of 20 times as large.
Although that wouldn't have been too much of a problem if I had confirmed the numbers coming from the output: The initial test should have outputted 0x1000 0000 0000 0001 (-1) with the second test giving me 0x1000 0000 0000 0010, rather the endian change didn't happen so the motor controller received 0x1000 0000 0000 0001 (-1) for the first test and 0x0100 0000 0000 0001 (16,385) for the second test.
Even at power levels of the intended motors, that value would be deep into our "for the most-experienced masochists and only with proper supervision" territory and normal safe limits being in the 1024-1536 range, but with the power being 20 times as much...
"could have been worse..."
I loved that job, $15k per year (in 1984 money), and it gave me access to all sorts of interesting equipment, such as equipment for soldering dies directly to PCBs; a thermal camera; and many, many cabinets of parts. The company was riding the wave of semiconductor miniaturization along with the increase of social acceptance of sex toys, so they were pouring piles of money into R&D.
I had enough resources to build a prototype that used PulseOx sensors and EEG/EKG probes to determine the current state of arousal and act accordingly. The problem of the sensors and computational power required would be solved now, we ran into problems during testing, apparently it was too effective and caused some of our test subjects to go into cardiac arrest or seize (turns out it is possible to overdose on serotonin and dopamine from only neurological production), not that they minded it too much, too bad the FDA sure minded it...
The company was bought by shortly after that by some massive Japanese manufacturing concern and then stripped apart and the pieces sold to dozens of different companies after the Japanese Stock Market crashed.
It's pretty much a Ben-Wa ball with speaker built into it, so there is no reason it wouldn't work. Kind of pointless to spend that much money though when there are other cheaper and more 'efficient' products on the market.
*I paid for school by working as an electrical engineer for a sex toy company
That's been happening a lot with refugees coming out of Syria. She'll find a someone that is claiming to help her get out of the country, and for all she knows, that is what is happening. Once the target is bled dry, she is told that they backed out and she'll have to try again. If she starts catching on or making trouble, she'll be threatened with having her children given to ISIS fighters as a reward (8 year old girls are ISIS's equivalent to medals) or sold as slaves.
*I volunteer for a charity that helps to free women from the above, and similar, situations.
The person running the scam pays the staff center fees. Charging the sucker at this point is more than likely to kill the ruse right there. It only makes good business sense for the call center to do it that way, the scammer isn't going to rat them out and there is no risk of the charge being reversed and losing out on the cash. If they don't try to scam the target, they can claim that they are just a phone-sex type service (relationship fantasy rather than sexual fantasy, but otherwise similar) and the scammer is just a payment processor; giving them plausible deniability and prevents the operation from being shut down in case the police come calling. Plus they'd be killing their source of business as reputation is everything in the black-market in exchange for a very short-term gain.
And that would be the point of cloud services. On Windows 8 and beyond, if you log in with a Microsoft Account, the default location to open and save files is reset to OneDrive rather than the Documents folder. While users should be doing regular backups for their data, OneDrive is a workable substitute for the average user.
That seems to be what Microsoft is going for: build things to be sufficient for the vast majority of home users but allow people with other needs to add things in to supplement or replace the built-in stuff.
Because why should they? Would I have to credit CNN if I read a story about a terrorist attack then right my own digest of the situation using a different point of view?
This article deals with the actual ramifications of uploading the recovery key in a rational matter. The Intercept article said that the encryption key (Which is technically false) was being uploaded to Microsoft and was attempting to play on the reader's fears to infer the ramifications.
Really, I'd have a stronger complaint as this article more closely resembles my digest of The Intercept's article rather than the article itself. ( https://forums.theregister.co.uk/forum/containing/2733126 )
Some of the more common messes I see:
* Attempts to 'optimize' the registry resulting in corrupted files
* removal of 'temp files' that were still in use
* old update files that were removed, but a later rollback needed them (Particularly with beta versions of the .net framework as needed for some beta versions of games)
* sometimes the load order of drivers will change causing systems with 3rd party disk encryption software to fail to load properly
Most of the messes just cause applications to fail to load properly (Or put them into a loop of 'This application isn't installed, install now?' 'This application is already installed, installation failed' because it can't find specific registry keys but finds its files.
IMHO, even the most remote risk isn't worth the possibility of increasing boot times by a few seconds or freeing up a even a few gigabytes of disk space.
I can't tell you how many times I've had to fix a machine because someone tried to optimize something or other. Most of the time, these optimization programs only have negligible effects on the performance, but more often than not, will just prevent the machine from booting now, or a few weeks down the line. I've made so much money off of undoing CCleaner's messes that I might jsut be able to quite my day job...
Good luck to anyone wanting to hack into my car, the most advanced piece of technology in it is the automatic transmission... I've even stripped out the AM radio and just use a speaker/microphone with a 4-pin 3.5mm connector and plug it into my phone.
I have no idea why no one in the auto industry hasn't stepped back and thought "Do we -really- need to cram yet another entertainment system onto the thing?"
Well, JongUn seems to be executing enough people already, and is all but demanding a military coup. Executing generals who had served under the leadership of Il-Sung and remember all the positive things he had done for the country vs the massive damage that the last two regimes have done.
The article is correct in spirit, but not in actual practice. Microsoft doesn't actually have your encryption key, just a passkey to access the encryption key that is stored on the encrypted device. Its stored on a system-reserved area of the disk. If those sectors where the key is actually were inaccessible for one reason or another, the files on the disk would be unreadable. It also fails to points out that that key only controls access to decrypt the boot volume of the machine. The keys used for NTFS file-encryption are left on the local system, as well as the keys used for any other purpose.
Of course "Microsoft might have the key to recover the encryption key to your boot volume" isn't quite as alarmist, so I understand why they went with that particular headline.
The point of the device encryption is to protect the information on the system from being accessed after it was lost or stolen, not to protect the user from elaborate state-sponsored attacks or corrupt governments. And for that purpose it works quite well for the average consumer. Anyone that has a need to protect the data even further would already have another, specialized piece of software for that purpose, or really should.
Licenses are contracts, not laws. Countries are under no obligation to respect civil agreements within other countries (This is the whole point of the world-wide copyright legislation, like TPP). Besides, North Korea is by far the largest counterfeiter of currency in the world, which is an international crime, yet nothing can be done about that, a little software license doesn't even appear on their radar. Beside, there are several western companies that regularly violate the GPL without repercussions as it is.
If I were you, I'd destroy the machine the VM was hosted on afterwards. An obviously malicious piece of software like this would be able to detect that its running in a VM and would be able to attack the hyper-visor and the underlying hardware. Given the strong cooperation between North Korea's and China's cyber-warfare organizations, I would be surprised if Red Star didn't contain any currently unknown exploits. Hell, I wouldn't be surprised if it attempted to install malicious firmware on your network equipment and every other machine on your network. Its a full OS that doesn't need to hide its malicious intentions and given that it weighs in at 2.5 GB for the install media, it can hide masses of exploit code.
So I would purchase an old machine from a repair shop to test that OS on, then turn everything that ever touched the machine into scrap as the firmwares would be riddled with malware the second the OS started. A cheap machine would probably work better anyway as older hardware rules in the area and the OS would be optimized for it.
As far as connecting to the internet, please don't. Unless you have a fully equipped lab set up to study botnets and the like, you shouldn't subject innocent internet users to the potential danger of your machine becoming a botnet slave. Much like how studying deadly diseases must be done in a highly secured lab and not done by getting yourself infected and continuing to walk among the public.
Just make your country one in which people don't want to commit terrorist acts.
Look at the list of countries with the fewest acts of terrorism committed and then look at a lists of countries sorted by freedom of the press / speech, willingness to assist refugees, level of government transparency, and general trust in the justice system. Interestingly enough, those lists look quite similar...
Well, in the case of Washington State, anyone who was going to vote would've already done so in advance as the state has gotten rid of all polling stations and switched to purely mail-in ballots. Of course that doesn't rally matter all that much in national elections anyway with the electoral college system where the race ends up getting called well before votes are even counted (Since there aren't enough electoral college votes to matter despite there being more than enough voters)
Things like this are why I replaced the edge appliances at work with commodity boxes running OpenBSD and decommissioned the old Checkpoints and Cisco ASAs / edge routers. I trust publicly released by a bunch of highly paranoid programmers a lot more than a multi-billion dollar company nowadays, and things like this just help make my case for doing so.
What bothers me is the dismal options of certificate management that browsers give you. Wouldn't be so bad if they at least gave you columns to sort by algorithm used, signing authority, and country of origin (Or any of the other fields in the certificate such as usage, date of validity, etc.)
As for an old version of Firefox, I'd recommend using SeaMonkey. Its based on 3.5 with patches added and some of Firefox's new features added in, but still behaves like Firefox from before they started treating version numbers like its an arms race (Which is a rant for a different time).
Every generation has been called privileged by the generation before it. I'm sure that the first generation of tool-users was called privileged because they no longer had to kill animals with just their hands.
Really, the complaint means "I hate youths because I did such a good job participating in society that their lives are better than my own" and "Just because they ensured that life would better for us, doesn't mean that grandpa deserves a piece of the pie". Each new generation will be better-off and the previous generation will insist on some kind of reward for their work.
That four letter acronym has surpassed YOLO on my list of phrases that allow me to ignore people while knowing that nothing of value has been lost. The phrase is very insulting and condescending as well as showing that the user doesn't have enough intelligence to come up with their own rational, or original, thought.
Of course, with your comment, I am doubly assured that you have nothing to contribute to the conversation because you are parroting the demonstrably-false myth that only Windows machines have coding errors.
"Privilege escalation as a class of error have no place in a video or image fornat"
Except that most OSes pass video decoding to the processor, which could be susceptible to a buffer overflow. All a malicious video would need is a couple of extra bits to hijack the CPU (just needs to get the CPU to execute a JMP to whatever memory address the video's payload has been dropped into)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
