Posts by Crazy Operations Guy

Such an analysis would be useless

The effects of hyperthreading vary quite a bit based on the workload you are feeding it. The simplest method would probably be to profile a day's worth of work, disable HT, the repeat the exact same workload to see if there is a performance difference.

The easiest way might be to build two systems exactly the same (Same hardware, OS, software, etc. but one has HT turned on and the other doesn't), then run some sort of mirroring device so that both machines get the exact same data and do the exact same work.

I've seen MySQL databases do everything from falling to pieces to flying like a speed demon with Hyperthreading in different states. I've seen it vary that much with the same data, but slightly different queries used to process the data. One of our web applications went from an application-based spin-lock structure to using MySQL's atomic operations, in this case disabling HT actually increased performance about 10-15% despite having half as many threads available.

Re: That's a problem with KDE

From my experience, the KDE team is primarily one-off developers that aren't dedicated to the project itself, but are avid users of KDE, so they'll scribble up a code patch, submit it, and it ends up in the tree. Since their code works well enough, the core developers end up ignoring the edge-case bugs and instead focus on the highly-visible bugs or working on features.

Not saying that it is only the KDE project that suffers from this, its becoming quite prevalent across pretty much all software projects, both Open and closed.

Re: Alternative?

ARM is probably going to be your best bet for a system without a crap management sub-system running on it.

@Orv Re: Over complicating things

If it was following the Unix philosophy they would have just updated /etc/magic with those file types and used 'file' to determine what icon to display. There is no need to re-invent the wheel, especially with this massive pile of shit.

Re: writing utter b*ll*cks on tabloid websites.

"never "censored" yourself with useless fucking ***s"

I am ashamed to admit that I spent longer than what is reasonable trying to decode what you were trying to say, but couldn't figure out what obscenity was 4-letters long and ended with an 's'...

Re: Grsecurity makes money out of Open Source

"You also are free to charge whatever you like for the software, but are unlikely to attract many buyers."

Red Hat seems to be doing alright...

Re: Chipotle hit by bank-card-stealing malware

Doesn't matter, any system can be infected. I've done a proof of concept malware for client with PoS systems that was just a bash script that would run tcpdump, filter for credit card numbers with grep, use a bit of sed to combine the information into a semi-structure format, then XOR'ed the data with a pre-shared key (Actually a DNS query to my domain then used the result as the key) then would query my DNS server for a host named <Encoded_CC_Data>.<subdomain>.<my_domain>.com.

The infection method was to just hi-jack the PoS terminals boot process. When the terminal boots up, it sends out a DHCP/BOOTP request, the server would then pass an IP address to client for a TFTP server to receive its configuration. All I had to do was to plug a small system into the network that would emulate a PoS terminal so that I'd get a copy of what the PoS terminals would. Next step was to modify the payload with my script added into it. Once that was prepared, the device would DoS the real DHCP server (Exhaust its addresses) then give out its own address for the TFTP server and give the poisoned package to those systems.

I was able to also a quick nmap and found that the boot server I was attacking was responsible for the entire region and that each store was connected to it by way of an L2TP VPN. With a slight modification of my attack, I was able to infect about 30 stores and about 120 PoS terminals.

The whole thing just used utilities that came pre-installed with the OS, so would avoid any and all anti-malware scans. The only signs of my attack were that the PoS terminals had an extra line in their crontab (the entire script could be condensed to a single line), the DHCP server seeing a little less traffic, and some odd DNS queries coming out of each store's network (Although my domain would, at first glance, look just like a legitimate domain). Hell, I didn't even attack the cash registers themselves, nor any other server, just exploited some weaknesses in the network.

Re: Yet another example

A better change would be to smash the parties so that no single party could gain a majority without cooperating with others. The current problem is that the government has devolved into "Us versus Them" where if you do not agree 100% with whoever is currently in charge of "Us", then you must be one of "Them" and should be crushed. Of course then, because you do not agree 100% with the leader of 'Them' then you are essentially without support, and without support from the parties, there is very, very little chance of getting elected.

Re: Supported processor revisions

Yeah, nothing deliberate but it seems they aren't exactly breaking a sweat to ensure compatibility...

Re: Suppressing prostitution never works

"The issue with that model is that most prostitutes aren't in it for a career, they just want to make a bit of money in the short term"

That would be part of the support network, providing former prostitutes a new identity (Or operate under a nom-de-whore, so to speak) where if they could put some generic-sounding customer service job on their resumes and have former coworkers able to vouch for them. Also, may offer re-location, so that they don;t end up running into someone they knew while working. But I figure that providing safe and secure work spaces, paying a fair wage, and giving them a bit more agency over their bodies, there may be quite a few people wanting to make it into a career, or at least a long-term side-gig.

"Actors, musicians and artists often have agents to take care of their legal, accounting, and marketing needs. Why not also prostitutes?"

Well, the idea of what a pimp does isn't the bad part, its what happens in practice that is the issue. Even in places like Amsterdam or Nevada, the brothel owners tend to go quite abusive on their employees. They're out to make a profit and tend to lack the ability to understand the position they are putting their employees in (forcing them to service terrible clients that otherwise pay quite a lot, in some cases getting away with everything short of murder). In areas where prostitution is illegal, the prostitutes are almost always emotionally abused quite regularly, physically abused in the vast majority of cases, and in many cases, repeatedly sexually abused by the pimp, if not by the client (In many cases, they end up in a situation where if they don't do heinous things for the client, they'll have those same things performed upon them by their pimp).

Re: One of the factors I'd be interested in

"One issue with EVs is the load they will put on the electric grid and is the grid resilient enough to handle it."

That is sort of my primary concern. Of course that would be highly variable. In a place like Shanghai where most of the electrons come from burning dinosaurs, the conversion losses from fuel-heat-steam-turbine-transformers-power lines-transforms-batteries-motor may actually make that EV require twice as carbon to be tossed in the air to move the same distance as a petrol-guzzling car. But then you might have a place like Reykjavik where the electrons are going to be from Hydro, so that EV is going to put a trivial amount of CO2 in the air compared to a standard car.

What I'd really like to see is some kind of map done up that would show "Here are the areas that using an EV would produce more pollution than a standard car". Figure in all the energy costs and pollution generated from every step of a vehicle's life cycle (EG, manufacturing, shipping costs, daily use costs, disposal, maintenance, etc).

I want to avoid a situation where I am not really helping the environment but rather just moving my pollution to some poor nation on the other side of the globe. Similar to the whole early hydrogen cell issue in that while the vehicle produces less pollution, the energy required to produce and transport the hydrogen in the cell ends up producing almost twice as much pollution.

Re: Easy to prevent

@ Networc

Ah, that makes sense. In that case, I assume they are just grabbing an I-Frame + associated P-Frames, waiting for confirmation of reception, then sending the next I-Frame + its P-Frames. I thought they'd be sending based on portions of the video file as stored on the filesystem versus portions of video as stored in its container. Makes sense architecturally since the client would track state rather than being dependent on the server to do so.

Perhaps the solution may be to re-encode the videos with a format that determines the placement of I-Frames on the total number of bytes changed since last I-Frame, rather than number of P-Frames since last I-Frame. Although that would mess with video seeking (although if nothing much is really changing, wouldn't you want to skip to beginning or end of that scene directly? Like if the scene is a new caster sitting still and addressing the audience, so really only the pixels making up their mouth would change from one frame to the next and you would either want to see it in its entirety or skip it in its entirety).

Re: Hats off to them...

"yep and your little system fails on 2 counts:

1. Mac spoofing

2. Current trend for devices to randomize the MAC."

I take it you don;t know how 802.1x actually works... Reason 1 would be prohibitively difficult to pull off without anyone noticing. As for the second one, if a device pops up on a network that doesn't possess a valid token, the device will be quarantined until the device receives a new token by way of an Authentication back-end. Granting of the token by the authenticator can be done on something as basic as mac address (by far the most common on wired networks) but can be based on any authentication mechanism that the connecting OS has a supplicant for and the switch is able to relay back to the authentication server. I've implemented 802.1x using everything from basic mac address to usernames/password to certificates to manual approval by an authorized admin.

The switch doesn't care what is used to authenticate the conencting client, so long as the authentication server responds back with an AUTHORIZED packet, and expiration for the authorization, and an optional VLAN assignment that the client belongs on. Otherwise the systems is just left on a quarantine VLAN that, usually, doesn't route to anything (Some places allow packets to route out on that VLAN to build a 'guest network' without allowing the system to see packets from secured networks, obviously a prison wouldn't allow that). So if they do implement something a little more than mac based auth, then the system will be sitting there with nothing to do but talk to the authentication server (until an admin notices a weird machine on the network and kills the system).

A place like a prison, where security is key, it would be likely that they'd use the mac to authenticate the system to the network, but would only get them access to the authentication network until their system can convince the authentication server to grant them greater access.

Re: Tsk, tsk

Pricing on aircraft is highly variable. The price can go from anywhere between $60 million to $120 million depending on features. On one you have RyanAir's "the luggage is treated better than the passengers" air-borne cattle-cars. On the other, you have Emirates' "Even Caligula would think its too decadent" flying palaces.

Re: WiFi in a device inside pussy, a really bad idea!

*Sigh* how many times do I have to tell people that battery powered devices like this are completely incapable of generating ionizing radiation since they lack the high-voltage components to do so. You'd need to figure out some way of dumping an entire battery's energy into a burst of a few nanoseconds to get any ionizing radiation, and even then, that radiation is no where near harmful to organic matter.

Being within a meter of another human is going to generate an infinitely larger amount of ionizing radiation (Due to the natural break-down of carbon-18 into carbon-16 as part of life) than a cell phone would produce, much less something like Bluetooth.

Re: Don't use your ISP's DNS

No, no it would not. Logging DNS traffic is trivial, at best, to grab from users' streams. I am doing it right now for 250,000 people (My employer). I'm just using some old servers to do it while an ISP will have access to much larger and more efficient systems (If they aren't already doing it).

I'm just picking up all port 53 traffic going in and out of the network, and correlating it with the http and https traffic. I have the ability to see what websites everyone is viewing and how much traffic is going back and forth (I can only see domain when it comes to https). For the most part, its a simple matter of matching an http steam's destination IP to the DNS responses the user's system recently received. All of it is done with open-source tools and a little know-how.

ISP would have an incentive to produce much higher quality tools and invest in higher-end equipment since they'd make so much off of selling that data. I'm just tracking this data to identify malware activity and web traffic is very much against company policy (The policy violating traffic is really only because HR is requiring me to do so, personally, I couldn't care less about it).

"So the backups were accessible to such a degree remotely? They had zero offline backups?"

The system processed orders, so even if they had backed up the system 5 minutes before hand, the system still would have information, such as new orders and orders ready to ship, that isn't in the backup.

Depending on volume, the number of orders lost could easily become more valuable than the cost of a new server. This would especially be true if they are customer-focused; If you were a customer that had paid for merchandise and received a confirmation email detailing the same, would you stand for the company telling you "Sorry, we lost your order"? On the other hand, a customer's order may have completed processing and shipped so a full manual search of which orders are still in the shipping dock, which have had shipping labels applied, which labels are on a truck, etc.

Re: There's your problem...

At least they weren't a Jehovah's Witness. That religion is completely incompatible with the medical profession as the religion forbids Blood Transfusions of any sort.

Or there are the "Christian Scientists" that believe that people only become sick because they aren't praying to god hard enough. They reject medicine in all its forms because they believe it to be an attempt to thwart god's will.

Re: Only one?

I wouldn't be surprised if all nations didn't just end up contracting with the same group of black-hats that are playing all sides. Telling the Americans that Russia has a new tool, and they have their own tools for detecting it, and then telling the Russians that the US has discovered their attack vector, but their group can make something the Americans can't detect.

Reminds me of a story I read about scientists during the Cold War that set up "Think Tanks" in both the US and Russia. They'd communicate between each other claiming the other group is their spies so they can build something that would defeat the other sides' new toys. Then they'd also need access to both sides' current toys so they can evaluate them for weaknesses and areas for improvement. They'd go to the governments of either side with something the other team built, claim the other side is building it, and then ask for money to design something to counter it (which they'd send that new project to the other team for them to present it to the other government). Can't remember if it was fiction, but I'm pessimistic enough to believe that something like that could happen...

Re: "...and an endpoint exploitation kit called Scaramouche."

Probably written by a poor boy, from a poor family... But, please, spare his life from this monstrosity.