Posts by just_me

>Hi everyone. So the reason I wanted us all here was to…

>Well, last week, as you know, I gave an interview to some Harvard Law professor.

>So we all thought this was a good idea because he's not a journalist and wouldn't ask precise questions.

Seriously? Wow.. Attorney types particularly Law Professors tend to be very precise. If you don't feel their question is precise, they probably already got out of you what they wanted(particularly in court). This is why a person representing themselves in court is often considered a fool. Looks like Zuckerburg is a bit disconnected from reality here.

This transcript 'leak' must be a joke.. just couldn't be this 'choice'!

To allow the auto industry to have robo-cars without built-in override controls is plain stupid. The auto industry has come up with brain dead fobs that allow replay attacks to open your car, even potentially start your engine. They allow global lookups of VIN vs fob-code which allows thieves at compromised dealerships to steal cars (See "Mexico Jeep dealership san diego vehicle theft" using Google), you can attack your cars CAN bus through the entertainment system as well as vehicle monitoring ie OnStar.

Fine; if they want to do this, they must abide by FAA (Federal Aviation Administration) guidance and requirements on software for mission critical applications. After all, the software is mission and safety critical and a software bug can result in death. To build software to FAA requirements might make them think twice. The car manufacturers are too worried about 'reducing' their costs.

I think I might need to contact my state senator and house representative about this and make the above suggestion. Someone has to bring some sense into this.

The article was pretty good until this point: "There are two groups happy with the effort to rescind the rules however: cable companies and Trump advocates." Really? Troll much as an author? Not all of those who voted for Trump agree with the reduction in Net Neutrality as well as the increased invasiveness of ISPs into our internet access records.

Instead of considering that there may be people on the other side of the isle that disagree with Pai's actions, you decided to play wedge politics and split everyone into your vision of good and bad. Trump bad everyone else good. Remember that Trump does not control all the minds in his cabinet. He trusts them to know what they are doing and delegates the responsibility to them. That also means that it may be possible to push Trump to dismiss Pai. If people from both sides of the isle voice their displeasure to Trump, he may take action to remove Pai, the quicker the better. It will take the voices of his supporters to accomplish this because that it his support base that got him into office and if he sees that it is eroding, he will take action to protect it.

So what do you want to do? Protect Network neutrality or continue to find causes to gripe about the election? Choose.

Someone forgetting how https actually works?

While it may not be sinister, and has the opportunity to make communication more secure, there is also another problem buried in how https works. Part of setting up a secure connection requires your browser to send its public key to the server to use to send back the symmetric encryption key to your browser. This key does not change except sometimes when your browser gets 'updated'. That public key is the same key used when setting up https connections to all other browsers. This information allows those tapping networks to track where connections are being made and by whom without having to be directly attached to your connection. Just look at the key being used to set up the SSL connection - See Diffie-Helman key exchange of example.

I hope browsers are going to start using a different public key for each website.

Firmware - Driver relation

While Linus Torvalds' actions may seem childish, sometimes one must embarrass those who keep resurrecting stupid ideas. Sometimes it is the only way to get someone to stop pushing a pet idea that just doesn't work right.

Firmware defines the interface a driver must work with. They are intimately connected. If the firmware goes through a rev, it is possible that an interface that the kernel driver has to work with changes.

Figure this: A board using an FPGA as the interface controller sitting on the edge with the PCI-E bus. The firmware gets downloaded to the FPGA (sometimes flashed locally onto the card, sometimes going into video ram that loads the FPGA on a reset). If I change the code for the FPGA, I can easily change how the card interfaces with the PCI-E bus, where controller registers are located, how the card's memory is mapped to the bus, etc.. and therefore changes how the kernel driver talks to the card.

If I don't tie them together, it is possible to have a disconnect with the firmware version and the driver version that is supposed to work with it... causing hard to diagnose breakages. Who and how would the 'magic' combinations of firmware rev and driver rev be tracked?

SGI (when it was a real company) would keep the firmware drivers for the graphics cards with the OS builds (the ole Onyx and Onyx2 RE series). Several other large companies have done the same.

WTF? because separating the two is really a face-plant moment.

A slight thing that is not mentioned, but is incredibly important. According to the article, the modem's MAC address is the closest thing to the POTS telephone number for Internet communication, not IP addresses. They use that to conclude that ISPS don't have greater visibility and control over user web information. This is absolutely and categorically incorrect. Who has the mapping between the IP address and the modem's MAC address? The ISP does. It has to know to which modem to route the IP traffic to the last 'mile', so it maintains a map between home modem MAC addresses and network IP addresses. On top of that, the ISP also needs that table so that people don't connect some old modem and get service without paying for it, as well as controlling the network speed the user gets based upon what network access tier they are paying for. On top of that, all traffic from the ISP's network goes out through their routers (and any sniffers, filters etc that they apply).

Steganography

The nom-de-plum "Captain DaFt".. more appropriately "Captain Daft".

Even if the FBI/CIA/NSA looked.. they could not detect the steganographic data. That is because the data being hidden is encrypted FIRST before being hidden in the low order bits of the image data/video frames. Encrypting data causes the data to look completely random (if using good encryption). If the FBI doesn't have the key, they can't see the data and it looks like low order bit noise in imagery data that normally has low order bit noise. Being nearly 'white noise' in characteristic after encryption, statistical analysis may fail. (though the FBI might take the approach of comparing the porn to the noise behavior of commercial encoding systems for video/jpgs, which may NOT be white in their behavior - maybe more like pink noise. This could mean that the existence of 'white' noise in the low order bits might flag that steganography was being employed to hide something.)

This was accomplished over 10 years ago

This is definitely not new. I know of at least one company who did work on this over 10 years ago. There are also many articles about using Inertial (gyro + accelerometer) aided tracking with GPS. One company that I know of is Cubic Defense Applications Inc. Look up "GPS denied tracking" on Google. The inertial devices being used were not high cost/expensive. They were MEMS devices...

Babbage difference engine, better example

While Babbage was never able to build the complete engine, there are two in existence. They were built from Babbage's drawings. One is currently located near Silicon Valley @ Computer History Museum (http://www.computerhistory.org/babbage/). It is a bit noisy, but it does run. Much more interesting than the segment thereg showed.. which is basically two digits of the machine (probably one of his prototypes Babbage was using to try to get money to build the full machine)

The other one (full machine) should be at the Science Museum in London.

The keys are not controlled by the owner.

If UEFI was intended to protect from malware, the user could enter their own keys for what they want to have boot. This is not the current approach.

"This is dangerous misinformation and you are plainly not someone who has current knowledge of malware. There is malware active and in the wild that works by altering the boot process and which would be protected against by Secure Boot. For example, look at the Alureon family of Malware which infects device drivers and the disks MBR. A significant and widespread piecce of malware."

So how did the malware get into the machine in the first place. It didn't get in through the boot process. The boot process is altered as part of the infection. What will happen is that the machine that gets infected will turn into a 'brick' and won't boot. You will not even be able to run anti-virus on the machine to fix it, if you shut down before detecting the infection. How did that prevent the malware infection? I can now see a large number of really pissed of 'brick' owners. True, you could try to re-install the OS and everything that was installed.. but how many people out there have OS install disks as opposed to the vendor 'fix' disks?

The way to prevent malware infection is at the point of infection. Fix the programs that are running, use qualified knowledgeable programmers instead of cheap off-shore labor. Take the time to test. Run boundary checking and fuzzing software against critical CIs..

Looking up the drive itself: IBM TS1140..

It looks like the good old TK50 drive.. and same drive size (double height 5 1/4).

Spec per drive: 800MBps burst (yea, nice.. what is continuous rate)..

http://public.dhe.ibm.com/common/ssi/ecm/en/tsd03127usen/TSD03127USEN.PDF

ah.. native transfer rate 250MBps on the actual data sheet. WORM cartridge?(Write Once Read Many) 600Watts?? (bottom of spec sheet)??

It does make you wonder. The size of the drive does not take into account size of tape media storage and size of the the jukebox to load and unload tape. Ok.. so compare numbers... lets say against the Iomega Prestige USB 3.0 hard drive 1.5TB available for just over $200 @ frys (and includes hardware encryption - data throughput is at least 200Mbit/sec - interface is 5Gbit. The size is 1/2 of a TK50.. but 1/10th of the IBM TS1140.. and gets power from USB interface-- much less than 600 watts).

The highest density media for the IBM TS1140 comes in at $406/tape for JY media, $246/tape on JC media (4TB - media).

To me, it doesn't make sense. I can place 10x1.5TB drives in the space of that tape drive alone. I can also place 2x1.5 TB drives in the space for each tape cartridge. I don't need a jukebox for the hard drives. Power footprint will probably be lower on the hard drives (can power down/spin down modern drives). Massive RAID will easily dwarf the bandwidth and access times available from a tape system. Space footprint for equivalent storage will also be lower with hard drives - don't have the jukeboxes, and the cabling and controllers using hard drives will roughly equal the cabling and controllers needed for the jukeboxes and tape drives.

Need I also mention, 1 IBM TS1140 has a list price of $42,995? Yes that is about 43 thousand dollars. I haven't even priced in the jukeboxes. Considering that the tape media roughly matches the price of the hard drive of the same capacity... pricewise, spacewise, powerwise, capacitywise, speedwise -- it doesn't make sense.

"Here's the rub: how on Earth can you pay your quarterly taxes on your profits before you've reached the end of the accounting year and totted up your expenditure and actual winnings? Well, quite, you cannot. So, one answer is that the taxes that Apple paid, actually coughed up the cash for, in 2011 are based on the profits that they made in 2010."

I suggest the author stay away from discussing anything financial. All corporations in the United States are required to pay estimated taxes through the year. The estimated taxes are NOT based upon last years taxes paid. They are based upon most recent quarter revenues and expenses. Calculations are run quarterly if not more often. This is why they often have large expensive software systems to track financial accounting. (see Costpoint for example) It allows a company to see what their outstanding tax liability is during the year. There is also a penalty in the United States, if you estimated tax payments are under actual by a percentage ( I think the number is something like underpayment by 10%). Small businesses and self-employed individuals often have similar rules.

Lightsquared = Dillusional

Lightsquared License was for satellite - low power.. now they want to change their license to allow higher powered ground systems - with the associated problems filtering out the signal. They complain that it is against their constitutional right?? what right? To change the license by litigation?

GPS systems allow a wider band than needed for multiple reasons.. primary one is Doppler. If you are moving, the GPS frequency is shifted proportionately to your velocity (Doppler shift). Some GPS receivers are mounted on devices traveling more than 600mph/960kph. The other reason is the tighter you make a band pass, the more you attenuate the signal you are interested. There is no 'perfect' bandpass filter - particularly at the frequencies involved.