* Posts by STZ

41 publicly visible posts • joined 20 Jun 2011

Tesla hit by class action sueball over autopilot software updates

STZ

Blinded by the light ...

... that's one of the major risks that Tesly took for a long time, relying solely on optical sensors and some dubious software trying to make sense of their output.

There are experienced car manufacturers and related subsystem suppliers around, who always knew by heart that optical sensors can get blinded by direct sunlight and other conditions, and therefore are not good enough as the sole source of information about the driving environment. So they are using radar sensors too, since many years. And they don't promote their driving asssistance systems as "Autopilots" ...

Tesla caught up only recently to the use of radar sensors. And there are a few other things they still have to learn.

Leaked NSA point-and-pwn hack tools menace Win2k to Windows 8

STZ

Re: Let's stop pretending... server vs. MF

Even those venerable mainframes were built to serve some purposes, and hence could be called servers.

By the way, the term "server" to be used for some machine/device to run programs and processing data became popular at those ancient times when pennypinchers had the great idea to turn PC's by 90 degrees, remove their monitors and keyboards and put many of those side by side into some shelves initially bought at IKEA, calling the result very appropriately a "server farm". For some reason this now has become the dominating form of IT, real computer systems had to retract into niches.

To be honest, nowadays those shelves do not come from IKEA any longer and those vast conglomerates of PC's are now wonderfully disguised by multicores, virtualization and fancy hyperconverged boxes - but essentially, the art of IT today is still trying to manage server farms.

Sneaking into a farm isn't very difficult ...

Evil ISPs could disrupt Bitcoin's blockchain

STZ

Bitcoin is just one blockchain implementation ...

... although it is certainly the most popular blockchain implementation these days. However, it is going to fade away at some point as it can't support the volumes and latency requirements needed for global mass payments systems (until this becomes general concensus, Bitcoin owners are in for some significant volatility risks, while speculators will have a lot of thrill, fun and the opportunity of their lifetime ...).

Many other blockchains for a lot of different purposes are under development right now, chances are that those might also be affected by vulnerabilities in the Internet routing Infrastructure.

'Clearance sale' shows Apple's iPad is over. It's done

STZ

46 million iPads

Apple certainly makes good profit on iPads still, and is nowhere near to chapter 11.

But the iPad hype is over - selling 46 million of those last year means a 19% decline versus the previous year ...

Same about iPhones, in the long run their market share is declining while the Android market share has grown to over 80%.

iWatch (and other smart watches) did not create too much impact so far.

Apple needs to come up with something new and spectacular, or shift their focus to boring lowtech iTune cards.

STZ

So, what are tablets actually good for ?

Tablets are great for *consuming* digital content. Such as for sitting on the couch and watching some film, or showing family pictures at tea time. There is certainly a market for this, but it is near saturation in the developed countries.

A couple of years ago when this tablet trend started, many tourists would run around in sightseeing places actually blocking their view by big devices with an Apple logo on it, which they abused for taking pictures. Not a very clever idea, this caused some avoidable accidents and also at that time there were already smaller, better and cheaper alternatives around (so-called "cameras"). But at least it served the purpose of demonstrating that its owner had enough funding or credit limit to buy such a gadget.

But when creating or editing digital content, having a keyboard and a mouse (or similar pointing device) makes a big difference ...

Spammy Google Home spouts audio ads without warning – now throw yours in the trash

STZ
Thumb Down

No talking and listening machines in my home !

Except for an oldfashioned phone answering machine - anything else is banned.

I'm talking to people, not to machines. And I don't want machines to talk to me, either. Except for some reasonable alerts, eg. the car nav reminding me to take the next exit - and even for that function, I want a clearly marked button for switching it off. And I certainly don't want to be alerted about any special offers for buying something ...

It should become part of the Human Rights to fend off unwanted machine listening and talking, or other snooping and interfering.

White-box slingers, Chinese server makers now neck-and-neck with US tech giants

STZ

Re: The long game

Not entirely true - the German machinery manufacturers are very well alive and kicking. Labour cost isn't much of a problem, the real issue is IP theft and how to protect against hackers and cloning ...

STZ

Who's century ?

The 20th century was quite rightly called the "American Century". It's history now, and the 21st century will most likely be called the "Chinese Century". The big Donald won't be able to do anything about that (assuming he can keep his fingers off at least from that particular red button).

Why is this development logical ? Because we in the first world decided to be greedy, and to take advantage of dirt cheap Chinese labour which is/was hard to destinguish from slavery. We gave the Chinese rulers (both in the political/business sectors) all the huge money piles they are now sitting on - in return for dirt cheap products that soon went to our garbage dumps. Using that money and the talent of their people, the Chinese are now coming up with better products they can sell at higher prices, thus further improving their economy and general working/living conditions. Welcome to the Club - and it will be interesting to see how the Chinese society develops.

In this context, Brexit is just a tiny minor issue - at least to the non-Brits ...

Cattle that fail, not pets that purr – the future of servers

STZ

About layers and lawyers

Add more layers, and you are going to need more lawyers ... (;-))

Probe President Trump and his crappy Samsung Twitter-o-phone, demand angry congressfolk

STZ
Happy

Why the POTUS uses an old Samsung S3 ...

... is quite easy to understand. He can operate it. Learning how to operate a new smartphone would probably take him weeks or months, during which time the world would experience a serious lack of leadership ...

Next Superdome CPU chips amble into HPE

STZ

Re: Opteron killed Itanium

"Non-Stop supposedly has Xeon-based hardware available, but I haven't seen any roadmaps for a couple of years."

HPE's NonStop Division has successfully migrated the NonStop OS to x86. They call this new server line NonStop X and are delivering those systems since quite some time now, meanwhile having moved into the second generation of NonStop X. Roadmaps are available but seldom shown, as the typical HPE person does not know much about those systems ...

Wow, look out, hackers: Trump to order 60-day cybersecurity probe

STZ

Re: Time for a Great Firewall

"Pence's puppet is probably thinking that he can turn the Internet off so that only Christian Americans can use it. I expect the next executive order will be to remove support for Arabic character sets from the Internet."

How about also banning numerics written in arabic figures ? (;-))

'It will go wrong. There's no question of time... on safety or security side'

STZ

When talking industry, forget IoT

Back in 2011 at the Hannover Industrial Fair, the term "Industrie 4.0" was coined for a common effort of German government, industry and research institutions to further advance industrial production and automation - and was widely adopted internationally, now slightly modified to "Industry 4.0". Subsequently, some people suffering from the "Not invented here" syndrome invented the "Industrial Internet" which means essentially the same, but scares some production people as they mostly prefer to keep their plants apart from the Internet.

The previous industrial revolution was to introduce electronic controls into the production process, which in the 70's brought PLC's (programmable logic controllers) and similar automation gear - that stuff is definitely not cheap but typically works very reliable, a few commenters have already referred to that technology, now often called OT (Operations Technology) to distinguish it from typically less reliable IT. The Germans retrospectively coined the term "Industry 3.0" for this development which started some decades ago but still has quite some potential for growth.

That same kind of automation gear is also widely used in retail (eg. automated warehouses), transportation and logistics (eg. container ports) and other places that need sturdy and reliable technology. On the other hand, there is lots of mostly consumer-oriented cheap stuff like Amazon's Dash Buttons and other so-called "Smart Home" gear where people might think twice about whether it is indeed a smart idea to have such items in their homes ... (;-))

What's big and red and needs 270 security patches?

STZ

Re: Windows vulnerabilities ...

@Pascal Monett: Thanks for reminding us on the obvious, Windows is of course a very scary example for poor IT security. It was originally devised for a single-seat offline computer system ,,,

Windows is heavily competing with Linux for leadership in number of registeres vulnerabilities in the NIST NVD database. As of today, Windows has now regained leadership with 5115 vulnerabilities vs. close follow-up Linux with 5051 vulnerabilities. Sorry, I'm not participating in those Windows vs. Linux wars, and when mentioning "proprietary" I was certainly not thinking Windows - which is indeed proprietary, but also more widely used and with much more Windows skills (or semi-skills) lurking around. Not the best choice for running critical systems ...

STZ

Re: Open source based vulnerabilities

@Spudley: You are of course right, Oracle's way of sitting on a big pile of patches for a pretty long time has disadvantages, as it leaves known holes open for exploitation longer than necessary. On the other hand this approach minimizes the operational impact of security patching, which helps the bottom line.

You are also right in that there is no software without flaws.

The big difference between proprietary software and open source is that with the latter, every hacker can look at it and craft his attacks accordingly. As you did point out, this becomes particularly dangerous when a vulnerability fix for open source code gets published, but major ISV's using that open source code are slow in adopting that fix - a clear invitation for hackers to exploit that vulnerability ...

Proprietary code may contain a comparable or even higher number of vulnerabilities, but at least those are not obvious and do not invite for exploitation. Many IT security folks will now start to scream and shout about "security by obscurity" which appears as about the worst insult one can make in this field (a term originally coined by cryptographers for helping with their job security). But in practice, that proprietary approach does work reasonably well ... (;-))

STZ

Open source based vulnerabilities

"Plenty of the bugs aren't Oracle's fault: like most sensible software houses Big Red uses open source code and flaws in those projects account for plenty of the 270 recommended patches."

If the above is true, one must ask whether using open source code is - or ever was - sensible ...

Once upon a time there was the widespread belief that open source code is intrinsically secure - because gazillions of highly motivated highly skilled hobby coders would surely wipe out any security flaw within microseconds ...

Trump's cyber-guru Giuliani runs ancient 'easily hackable website'

STZ

Re: "Let's make America reasonable again !"

Roosevelt's New Deal policy is said to have been pretty reasonable (very few of us will have direct experience, as this was back in the 1933 to 1938 timeframe). But I'm sure some more recent examples of reasonable US politics can be found as well, eg. protecting West Berlin during the cold war.

STZ

A great slogan for the next election ...

Let's make America reasonable again !

Reg man howls over HPE Moonshot IoT box

STZ

Nice idea about some kind of microblades ...

... that would slip into such a small (1U high) enclosure, with four cartridges side by side that could be hot-swapped via the front panel without using any tool ...

But that would mean quite some extra efforts, starting from mundane things like additional connectors, wiring and brackets that aren't rocket science but nonetheless need precision engineering - and would be quite costly.

If there is a market for that, someone will probably pick up the idea. But I'm not holding my breath ...

Epic snafu takes Australian Securities Exchange offline

STZ

reliability vs. big data

Trading Systems like the ASX aren't doing big data, they are doing high volume, high value OLTP - that's a significant difference. Running such workloads would justify mission-critical systems, and in the past such systems were typically used by exchanges. But then came the big move towards plain vanilla systems, and nobody should be surprised when reliability suffers. Just adding HA clustering and mirrored disks isn't always sufficient ...

Tesla to stop killing drivers: Software update beamed to leccy cars

STZ

Re: Confidence-to-Competence Ratios

Driving assistance systems like adaptive cruise control are certainly ranked below A.I., actually that's a special case of process control technology - just like the autopilot and anti-collision warning systems found in airliners since decades.

Agreed, blasting such systems into the market without very intensive testing and QA is really stupid. An attitude adjustment is necessary for those companies that don't do it yet, and also for consumers who do believe marketing BS too easily.

STZ

Re: Radar is well proven, why has it been ignored by Tesla ?

Maybe we should keep technology and the personal behaviour of drivers and their preference for diffferent car brands in different countries a bit separate ?

Seems that in the UK there might be a certain preference by aggressive drivers for car brand A, whereas in Germany those type of drivers were typically more inclined towards car brand B. Gradually the situation improves, you'll now find less aggressive driving and also less drunk driving than in earlier years.

Driving assistant systems seem to help here. The German government is now also mulling over alcohol sensing devices to prevent drunk drivers from starting their car.

STZ

Re: Radar is well proven, why has it been ignored by Tesla ?

Can we please refrain from untenable statements ? That particular adaptive cruise control has actually three settings for different driving styles. Even the most "dynamic" one has much more safety margin than those idiot drivers who actually drive up to just a few metres, even at more than 200 km/h - without using any assistant systems, and their biochemical brain either ...

STZ

Radar is well proven, why has it been ignored by Tesla ?

My Audi is now more than five years old, and it has a driving assistance system which the manufacturer does not market as an "Autopilot", rather they call it Adaptive Cruise Control. It relies mainly on two Radar antennas mounted at the front of the car beneath the headlights, in addition it leverages a front-looking camera which keeps track of the road markings - the radar adapts to that camera view and looks along the current lane which prevents unnecessary braking when there is a road bend and another car on a neighboring lane.

The system is very reliable and really convenient when being stuck in a stop-and-go traffic jam, also helps greatly during normal traffic situations, for instance when another driver unexpectedly pulls over into my lane. The system reacts properly also to smaller vehicles on the road (eg. bicycles) and no doubt would detect a big truck crossing the lane ahead. However, I still keep watching the street rather than watching Harry Potter videos while driving.

I simply can't understand why Tesla did not do proper market research and did not find out how experienced car makers are helping their customers with advanced car assistance systems. Again, my car is more than five years old. How come that Tesla started to build radar antennas into their cars only as late as 2014, and only now starts to take radar somewhat more serious ?

UK nuke warhead builders shift IT gear into public cloud

STZ

Just checked my calendar ...

... and no, it is not April 1st.

Hacking into a cloud-based HR System like Workday is a great way to learn all about the organisation, the personality and skills of its people, and finding out who of those might be susceptible to what kind of spy recruitment. A great idea indeed - could well have been brought up by a foreign secret service ...

Hey, Intel and Micron: XPoint is phase-change memory, right? Or is it? Yes. No. Yes

STZ

Phase change or not ...

.. is probably going to be decided in court, and patent lawyers are going to make lots of money on that issue.

Kaspersky launches its own OS on Russian routers

STZ

Secure router, vulnerable SCADA & ICS behind ?

Having a secure router OS is great, but does it help against routing malware-laden content to other boxes running Windows or Linux ?

Storage array firmware bug caused Salesforce data loss

STZ

Firmware bug - or cost pressure ?

Question remains why moving a processing instance to a backup data center also required to move the affected data. That data should have been already there, and there are data replication products from various vendors serving exactly that purpose. This would have prevented the database overload.

However, such a strategy comes at higher cost as you need to allocate additional resources in preparation for failure. Optimizing resource utilization and the SLA fine print is cheaper ...

Whew! How to tell if a DevOps biz is peddling a load of manure

STZ

"..optimised for reducing Mean Time Between Failure [MBTF] " ...

... equates to having failures more often. A good descripting of current IT trends ...

(;-))

However, you would need to increase MTBF if you want better quality. Just another example where BS detection failed ...

Ready for DevOps? Time to brush up on The Office and practise 'culture'

STZ

DevOps is a very rare type of person ...

... living within a small company. As an IT superhero, that kind of person will actually be able to create a service, run that service properly and keep adapting/improving it at the same time.

Don't expect to find many superheros of that kind, don't expect them not to realize how precious they are, and don't expect to have them very long - you will lose them either to higher paying companies or due to burnout.

And don't expect that DevOps could be a suitable working model for large organizations.

HSBC online customers still in the cold after hours-long lockout

STZ

Re: There might be an app :- But

Great that you managed to withdraw some cash via an ATM. But this is not too surprising: ATM's are typically served via a separate channel - which is running on older, but more reliable infrastructure ...

Now, many folks want to get rid of good old cash and want to go for mobile payments only. Good luck - even when your bank's website is working fine, you may feel very poor when the battery in your mobile is dead ...

FORKING BitcoinXT: Is it really a coup or just more crypto-FUD?

STZ

Bitcoin and blockchain - not necessarily the same ...

As has been pointed out, the current blockchain mechanism has severe bandwidth limitations (only a few transactions per second) and hence, is pretty unusable for a cryptocurrency meant to serve the masses - at least as long as many millions of end users need to be informed about each and every single transaction happening in the system. A cryptocurrency like Bitcoin could only work on a large scale if based on trusted intermediataries - so again, you would have to trust the banker.

It has also been pointed out that a currency needs to represent something of value. Most people would be reluctant to see anything of value in a bunch of moot calculations and used-up electric energy. Furthermore, the average person would want a currency to be pretty stable - only speculators would want such high volatility as Bitcoin has shown in the past. But the average person would not want to be at the mercy of speculators ...

However, the blockchain technology seems to have significant potential in other financial application areas, such as international money transfers between banks or clearing and settlement of stock transactions. These are applications serving smaller communities where bandwidth requirements and data volumes are moderate, hence blockchain could be a feasable technology.

Attackers planting banking Trojans in industrial systems

STZ

Why use Windows ?

When trying to cause widespread harm, attacking a nation's power grid is much more effective - darkness for everyone, no more production or transportation, gas stations might still have fuel but the pumps are not working ...

One might assume that critical infrastructure is controlled by some very robust industrial IT gear that isn't susceptible to common PC malware. But no, there is Windows to be found everywhere - and replacing it by Linux wouldn't be such a good idea either. There are even more Linux than Windows vulnerabilities ...

Rather than now calling in many thousands of those security consultants into industrial IT who have already failed to make commercial and consumer IT reasonably secure, it might be better to go for some proprietary IT gear that is not within easy reach of everybody and his brother. Security by obscurity is often condemned by cryptographers, but usually works pretty well in the real world.

NSA collects up to FIVE BILLION mobile phone locations daily

STZ

No, the Germans aren't doing this any more, Tracking mobiles and keeping the related location data without an order issued by a judge ("Vorratsdatenspeicherung") has been declared illegal in 2010 by Germany's high court of constitution.

Blighty's top moneymen: Hackers are SLURPING CASH direct from banks

STZ

Barking up the wrong tree (legacy)

While it sounds so common and reasonable that most people will accept it as truth without further thinking about it, blaming legacy systems for vulnerabilities is actually pretty absurd. Whatever else can be said against legacy systems, at least they are pretty secure against outside hacker attacks. What's highly vulnerable is the contemporary Windows and Linux stuff running on X86 servers (PC technology), over the recent years many tons of such stuff have been bolted onto the legacy systems and it is exactly here where the hackers come in.

Got a mobile phone? Then you've got a Trojan problem too

STZ

Only dumb devices are secure ...

Simple fact of life: Any device that accepts downloaded code is of course threatened by malicious code downloads. That's why no smartphone/tablet/laptop/PC will ever be really secure.

If you want real security, you need to get back to something like dumb terminals. Not necessarily those 3270 or VT100 character-oriented terminals of the past, but to dumb phones or hardcoded browser terminals that don't accept any code downloads. Updates only by inserting new ROM modules supplied by your trusted dealer or IT support staff ...

Less flexibility ? Yes. More security ? Yes. More stability and lower support cost ? Definitely yes ...

And dumb terminals are ideal for cloud computing ...

Good Tech: Windows is as secure as a rooted Android mobe

STZ

Secure end user devices ?

That applied to dumb terminals like 3270 or VT100, but these days are long gone. Today, all end user devices (desktops, laptops, tablets, smartphones etc.) are fundamentally insecure as they accept and execute downloaded code - which of course makes them vulnerable to downloaded malicious code.

Not sure about the smartphone to SCADA comparison in this context, these are entirely different environments. But of course there are issues too - the most effective way to boost SCADA security would be to painstakingly avoid Windows in those critical environments. This would block the majority of potential hackers. However, Linux isn't any better, there are even more vulnerabilities - it's only that there are fewer people able to exploit those. For best protection, you would have to avaoid anything running on X86 and go to proprietary gear.

Deutsche Telekom launches 'NSA-busting' encrypted email service

STZ

Re: Can they export *that* ?

--- and pay for it ?

You can sign up to web.de or gmx for free...

Forget hackers - storms and snafus are bigger threat, say infosec bods

STZ

Untypical survey ...

The ENISA survey is certainly valueable, but it should be kept in mind that the scope was very focussed - they looked specifically at fixed and mobile telephony and Internet services supplied by telecommunication providers. In no way did they look at conventional IT and typical data centers, where the results would be quite different and availability in general is worse. Telco's are a special breed and operate very reliable, they do very intense testing and do use specially hardened gear ("carrier grade").

Drawing conclusions from that ENISA telco survey for other ("plain vanilla") IT operations might be somewhat misleading ...

Forget the word 'cyberwar' says Marcus Ranum

STZ
Stop

Ivory tower: "Cyberwar is no war ..."

To the promoters of funny thougths from the ivory tower:

If an enemy suceeds in blocking/destroying most of the infrastructure of a nation, then that nation cannot go to war. Does this mean that then there will be no war ? No.

Quite contrary, it means that then war comes to that nation, and it also means that this nation has already lost that war.

How can a nation survive and defend itself without electricity ?

And how come that we have so much Windows and plain vanilla Linux, each having thousands of known vulnerabilities, in our most critical IT infrastructures ? Are we just fools ?

Time to say goodbye to Risc / Itanium Unix?

STZ
Childcatcher

Anybody thinking about the business users ?

Great discussion going on here - all driven by hardcore IT experts with their respective OS preferences and a deep desire for even higher clockspeeds, combined with a remarkable pennypinching mentality ...

Anybody asking about the concerns of those stupid business users - those who just understand their business but have no clue about the latest trends in IT ? Are they really screaming about more bang for the buck, sophisticated virtualization and cloud computing ... or wouldn't they come up with other priorities if they only were asked ?

Things like I don't need even more complexity and I can do without the latest fancy stuff. Rather, I want my application to run reliable, I don't want my database to get corrupted, I don't want to get hacked, and I don't like hunting for even more of those expensive experts in pursuit of those rather simple goals.