Re: I am enough of a naval history buff...
We're a small country who has one of the longest coastlines in europe.
Just 20% of that of Norway, though.
Blame Slartibartfast
5951 publicly visible posts • joined 8 Oct 2009
"Introducing computers at the command stage – deciding where the aircraft should go as well as the precise mechanics of how it gets there" .
So, once these systems are introduced on commercial flights, you can suddenly find yourself on Svalbard because the computer decided it wanted to view the northern lights, instead of your planned Mediterranean holiday?
And your luggage will end up somewhere else entirely, but that's nothing new.
Some cases, like when using pointers in copying operations, can be handled and made safe(ish) by the compiler: it can determine the size of the target structure (because at some point it has been allocated, and if not it's error time already), and limit the pointer frobbing to that allocated area.
I managed to stay away from that kind of problems (without compiler support) 30 years ago already; it just takes a few minutes of thinking, coding and testing, but you have to realise there's a potential problem in the first place.
Some twenty racks, with assorted servers, disk shelves, tape drives and comms stuff, all reasonably orderly. Not at the 'neat' level, but I've seen worse.
The problem was with the aircon. One of the two units had a leak, and they had already used up their quotum of CFC-based coolant so it was out of action, with the other running flat out. It had to: the room was in a 'temporary' wooden single storey building, knocked up in the 1950's or maybe early 1960's (this was 2003, so ...) with a low, tarpaper-covered roof. Temps in the adjoining offices could easily reach 35C on a moderately sunny day. To increase aircon performance they had installed a pair of garden sprinklers underneath the heat exchanger, which fortunately happened to be mostly in the shadow for a large part of the day. Around 10 o'clock someone would have to open the tap, and the last person to leave had to turn it off again. On warmer days this required staying overtime, occasionally until 20:00. Even hotter days required the back door to be opened and half a dozen floor-standing fans adding a feeble breeze to the existing airflow.
My suggestion to visit the nearest hardware store and drop a couple of buckets of white paint on the relevant section of roof, or, even better, deploy a few rolls of reflective bubblewrap foil, was dismissed with "this is a temporary building". Which was a) actually the root cause of the problem, and b) had been its status for the past four decades.
Yes, this was a (semi-) government department
And as for the "China has nukes" angle, it boils down to saying it's no use trying to dictate terms to China. They have 1 1/2 billion people, plenty of goods, plenty of know-how, and the means and mentality to force the issue if necessary
China wants to make money. If that takes certifying tat to be able to sell it in Europe, they will. Of course, they'll prefer to "certify" it, but sooner or later that stuff will get largely weeded out. Also, uncertified grey market stuff will only be part of total idIoT sales anyway.
And about those 1.5 billion Chinese, maybe the more relevant metric is the purchasing power they have, compared to 450 million Europeans.
Your point, as you're stating it now, is not particularly strong, and expressing it as you did as "China has nukes" is utterly opaque. Someone who until recently visited China regularly, overseeing the manufacturing of electronics, considered it totally ludicrous.
As for enforcement, eBay may be in Luxembourg NOW, but they have PLENTY of other locations.
For various reasons, eBay, Amazon and their ilk will want to have a presence within the EU. Luxemburg is one of the preferred locations for such a presence, for tax reasons. Moving out of Luxemburg to another EU member doesn't make much sense, and moving their EU presence out of the EU is out of the question, obviously.
Did you ever answer my question in another thread about these grey markets you keep going on about?
I don't expect you'll get one. Charles9 just sticks to various incantations of "regulation won't work" combined with utterances of "China has nukes". As if turning your target market into a radioactive wasteland will somehow not affect your trade balance.
Either a troll or a dimwit And maybe both..
Although potentially very satisfying, hitting a manufacturer or the various governments involved with a hammer can be quite time-consuming if you want to achieve noticeable results; especially governments tend to have a vogon-like impact resistance. The venerable автомат Калашникова 47 with a sufficient supply of ammo tends to bring more immediate results.
All communication to the "mothership" should go through a mobile phone which is on the same wifi network
And this is going to mitigate the problem, exactly how?
I'm pretty sure this is the most practical, scalable, solution for this.
Oh, yes. Sure. If you say so.
"... more than 99% of what people see is authentic"
Surely the relevant statistic for this discussion would be what percentage of new posts that related to the election were "authentic"?
Even more relevant is the size of the audience for that 1%*. If even 0.1% of a particular category of news is read more than 10 times as often, or rather influences more than 10 times as many readers than any other category on average, then it's (tadaah) more influential. Which is what actually matters.
* taking that number to represent whatever portion of "news" on farcebook is not rooted in verifiable real-world events.
You mean apart from San Marino, The Netherlands, Switzerland and (for a short period) England?
Eh? Oh wait, the Dutch Republic, 1581-1795. Which turns out to be less than the age of the US as a democracy, as well as it having some differences with an actual democratic republic (it was close enough though if you squint a bit). And England's run as a republic was quite short, actually. 1649-1660; they did start earlier, but that was not what the original poster stated.
I mean, how do you do percussive maintenance on something that is hosted in the cloud, i.e. in a bit barn on another smeggin' continent?
Having a thunderstorm at the right place and time appears to be the closest equivalent, but that option doesn't appear to be available to many of us.
Perhaps he is referring the whole combined tram weight, about six cars, by any chance? 8 metric tons, or a bit over 8000 kg per car, total 50 metric tons, is more on the tram scale of things...
As the problem, from the POV (or rather, lack of view) of an average traffic participant, is the energy present in the moving vehicles involved, the total mass is what matters, hence the 50 tons.
But there are two additional factors: I expect that a tram can and does reach higher velocities than a skateboarding rhino, and as kinetic energy goes up with the square of the speed, a tram at twice the speed of a skateboarding rhino already has four times the energy, so you'd then be up to 120 rhinos. Plus, getting those rhinos to form one near-rigid tram-like entity will be a problem in itself, never mind that rhinos* are somewhat more squishy than trams anyway.
* and other mammals except the wombat, once described to me as a bad-tempered moving furry tree trunk.
Question: How do you bury a country with more people than any other, nukes, and a not-so-nice attitude toward you?
You keep blabbing about China having nukes.
However, "Keep buying our shit or we'll turn you into a barren radioactive wasteland" does appear to be somewhat self-defeating as a strategy, because in order to keep a particular export market you have to actually HAVE that export market..
What we need is for CE marking to be extended to cover IoT security
Nope. We need a second UL mark, or to disambiguate, the UL-6FU mark. Which will stand not for Underwriters Lab but for Undertaker's Lab, with the remit to FSCKING BURY any vendor (and their products) that don't conform to the security standards set by a panel of international security experts.
I haven't seen you suggest it.
Oh, I found this:
The only solution for this particular issue is a protocol that can stop traffic towards victim at originating ISP level. Not that hard to do really.
Yeah, that totally doesn't require just about every* ISP on the planet to sign up for that, agreeing to some extension of a couple of very basic network protocols, upgrading their software and maybe even their equipment to accommodate that protocol, and figuring out a way to reliably determine which of those millions of network packets are actually malicious.
And never mind that, next to China being a major source of idIoT junk, there's also a lot of networking and telco gear manufactured there.
* If you can't get South American and Asian providers on board you'll have the same problem as with those countries not banning (and enforcing that ban) IoT stuff that essentially hollers "Pwn me!"
the reality is, its a single manufacturer (XiongMai Technologies) that had a default password and login.
That's a definition of 'reality' of which I was not previously aware.
The Mirai code contains a list of default username/password combos for a number of devices of varying functionality, not just IP cams.
I don't agree with you on concept of Internet of trust where only allowed devices can access it as implications of that are too far fetched.
Trust, to the extent that "this device is configured with reasonable protection against remote attacks, which includes [list of security 101 measures]". This needs to be done to mitigate proliferation of Mirai c.s., and is by no means the one single solution required.
TLDR There is solution but it's not even remotely close to what you're rallying for.
I haven't seen any details of YOUR plan yet. Care to provide some, instead of muttering defaitist boilerplate?
Problem is, sovereignty gets in the way. How can you regulate devices when they can just be shipped direct from companies who don't care?
When I try to buy a laser device from Alidealgoodbest, I get a notice that "due to regulations, we can't sell lasers over $smallnum mW to @countries", probably followed by "Kthxbye" if that laser is over $smallnum mW and I'm in one of @countries. So that part of international regulation enforcement works, more or less, and I don't see why it can't be extended to cruddy IoT stuff*. There's also your country's customs between China and you, and while your individual shipment may or may not get caught, a container full of uncertified idIoT tat is unlikely to reach $shadydealer.
* once appropriate regulation is in force, which will quite likely take a while.
Do you really want to live in communist utopia where government can control which device you can use to connect to Internet ?
Proposals to certify idIoT devices are nothing new, and equivalent regulations concerning wireless comms have been around for eight decades. This is to try to reduce the number of devices that are actively disturbing a particular communication medium, so not at all unlike the FCC and other agencies clamping down on inappropriate radio airwave use with bans and fines for using devices that lack certification.
You can hold anyone to any standard you want but you can't make a company that sold million routers with exploitable vulnerability and went out of business year later to fix anything.
However, once the regulating bodies declare non-conforming* devices to be illegal and requiring them to be taken offline, the next step should be to legitimise ISPs using the Mirai code (and other means) to identify vulnerable devices. If end users don't respond to notifications that they're using uncertified crap, they need to be sandboxed or taken offline entirely.
Drastic, yes, and needs law and regulation changes, as well as secure processes for upgrading certified devices, so it won't happen tomorrow, but to me it looks to be the only way to get rid of IoT shit that's vulnerable and can't/won't be upgraded.
* certification includes having a way to patch in case new vulnerabilities are found.