Posts by Crazy Operations Guy

As bad as Cisco for the naming

I hate it when the models numbers / names of devices imply a certain number of slots for network cards in the things, but then you find out that two are being used for the management blades.

I wonder what will cause the next launch to be scrubbed

Would be pretty ironic if a solar storm came by and caused the 4th attempt to be scrubbed...

A law is the wrong way to go

They should be bringing this up to the US Supreme Court. A state law does nothing to prevent the Federal Government from grabbing the data . Besides, all those companies are technically registered in Vermont and/or Ireland so a judge could declare that the law doesn't apply to them. Plus they could just wander over to the datacenter outside of the sate to grab the same information.

All that being said, getting a Federal precedent in front of the SCOTUS will do a hell of a lot more for the privacy of the people (EG, sue the US Federal Government / local police on the grounds of violating the Sixth Amendment and just keep appealing until they get to the US Supreme Court) Hell they could even get a local police department and the ACLU/EFF to cooperate and purposefully manipulate the case to reach that high up.

Illico shouldn't refuse

They should just pad the hell out of the bill (Yep, its going to cost 100,000 euros per customer per block request, we'll need to install a firewall for each of them).

What exactly is being exploited here?

Is this a bug in sshd? In which case, what versions of sshd? What can be done to mitigate the threat?

The Linux ecosystem is pretty large and there are many different ssh and ssl daemons out there. Hell, there are many different branches of the Linux Kernel itself out in the wild, the part that makes it Linux in the first place...

So what will they be considering as "Terrorism"?

And how long will it be before that definition include anything that is critical of the current administration?

"The discs were password-protected but unencrypted"

What? Are you telling me that the data was in plain text? And how does the password come into play?

When will the NSA do their damn jobs?

The NSA was set up to protect the United State's infrastructure from foreigners, so why do we still see millions of infected systems reporting to foreign countries? They have the funding and skillset to stop such things, which are a far bigger threat to our economy and safety than terrorists ever were... SO why aren't they even lifting a finger to stop it?

I'm all for audits

I think that any government that cares about its citizens[1] should demand code audits for everything being imported. A proper[2] audit would reveal any backdoors that other countries have demanded to be put in place.

As for forcing backdoors, that reveals the true nature of a Government in that they only care about staying in power, keeping its citizens safe is a side effect (need someone to rule over)...

[1] If anyone knows of one, let me know.

[2] meaning transparent and uncorrupted

There is a big difference between the two incidents:

Something related to Charlie Hebdo will gain a lot of attention; something related to a Middle Eastern country will not.

It's not about free speech, it's about publicity and profits.

Death by Super Intelligences: it'll be the personal assistants

I've always figured that rather than military hardware going wrong that'll kill us, it'll be all the personal assistant programs and robots. A military robot would be chock-full of safeguards and fail-safes where a PA bot would have none (those things cost a lot of money) and are more likely to glitch in a way to kill us: tell you to take more medication than normal, convince us to walk through dangerous neighborhoods, or even just sending the wrong commends to our appliances. Hell they'd be far more susceptible to getting hacked by a malicious human since consumer electronics never have anywhere near the security that they need and they'd be so prevalent that research on them is trivial.

Mutual Authentication?

Te best solution to prevent this sort of thing might be to have the drone and the controller authenticate themselves at the beginning of the flight and then to ignore commands from anything else until its safely on the ground and powered off.

Or better yet not actually ave firmware on the drone and instead have it on the controller, you'd then plug in a cable to the drone form the controller, it'd copy the code into the drone's RAM and then proceed with startup. Part of this code would be a long symmetrical encryption key from the controller.

Management protocol?

Going forward, I think the best option would be to build something like SNMP for IoT into wireless routers / modems. You'd register the device to the modem and give it a certain amount of data (Device name/type, update URL, version info, data that it sends out) The router would then do basic management of the IoT devices that report to it (comparing the device's version info with what the website offers, see which devices are operating / responding, etc).

I wish they'd change their update method

Why can't they use the update mechanism built into the browser, similar to how normal extensions / add-ons update?

I loathe updating flash since it requires to use a separate executable to check for an update, then you have to go to their website (and uncheck the box to download whatever piece of shovelware they are offering this week)and download a full executable, then when the executable is done running, you have to restart your browsers whether or not flash was running at the time or not.

Although its not nearly as bad as the JRE... But that's like saying getting kicked in the leg isn't as bad as getting kicked in the face.

Every time I see a "Selfie Stick" being used

I always feel a strong desire to use it to give them an impromptu colonoscopy.

That is where their head is firmly planted after all, so perhaps they'd be able to see how idiotic they look.

Problems with landing on the barge

Even if they fail again, at least they're much closer to doing it than ULA...

"too difficult for local and federal police."

That's just what they want you to think...

Skipping tests?

On a $110+ Million dollar piece of hardware? And one that can carry a 340 Kiloton nuke? Are they goddam suicidal? Hopefully they do a better job testing the software (when they get around to it) than they did for the F-22 Raptor where they lost Avionics by crossing the International Date Line and had to get to dry land using only their eyes and dead reckoning...

We can't even get by with skipping a single test on a $1 million dollar project at work, how in the hell are they allowing tests to be skipped on a $1 Trillion project?

Why induction charging?

Are they just trying to check off another item on the "Useless new feature"? Or do they not understand that portable means not having to carry around the mouse pad and a power adapter.

Although I don't understand how this is an different than taking a smart phone that was built with a Micro-HDMI connector and stripping off the screen, speakers/mic, and cellular radio while re-wiring some buttons to make it a mouse. Oh and making it much more difficult to carry around.

Only $10,000

No wonder the Justice department just let it go. It'd probably cost twice that in labor to fill out the forms to receive the applications for consideration of intention to potentially perform an auction.

Penetrated doesn't seem like the right word

I think that 'Intercepted' would be more accurate as the attack only compromised sessions out in the wild rather than gaining access to the internal workings of either end.

People still buy travel insurance?

I'd thought that independent Travel Insurance had gone the way of Travel Agent once all the major credit card players started offering it for free on the Airline-branded and other loyalty cards... Not to mention that a lot of Insurance companies also offer this as part of their standard packages.

Recycle the smoke?

Couldn't they build some sort of system that just pumps the smoke right back in and circulates it until its nearly air? From what I understand about the smoking process is that the additional flavor comes form the particulate matter in the smoke itself, so why not use all that you can?