Posts by Voland's right hand 5759 publicly visible posts • joined 18 Aug 2011
The government love the encrypted group chat provided by Facebook. All they need is to compromise one member and voila - the whole group is compromised.
For an example of how people tried to use encrypted group chat and how the government went to leverage it against them see the analysis of the recent Turkish coup. It was on el reg somewhere, too lazy to search.
I don't really see why they would have gone to all the trouble of building a bomb release system
1. If they are using an off-the-shelf autopilot package it is likely to have objections to being flown into the ground.
2. They are using an off-the-shelf bomblet from a cluster munition. That has to hit the ground at a reasonable speed and the correct angle for the detonator to work. If you just crash the drone into the ground you may not get the correct result. This type of model aircraft is SLOW. In addition to that the bomb has to be mounted near the centre of gravity so its front and propeller serve as a crumple zone.
3. The other alternative - integrating an high explosive package into the drone itself including detonator, etc requires significantly more effort and facilities you simply do not get in a Al Qaeda workshop (under whatever name they call themselves today so we can sponsor them) - for that you need a testing range and some proper explosives handling facilities. The result is also likely to be less reliable compared to an off-the-shelf munition.
So whoever built it actually knew what they were doing. That is the scary part here.
reports give me this nagging feeling
That nagging feeling will become even more nagging when they start flying those things into malls, Jewish (or "wrong muslim") kindergartens in your own city. Which if we continue funding them they will. It is not a matter of if, it is a matter of when. There is a saying around those parts of the world - you do not feed a rabid pariah dog. It will still bite you.
The sole difference will be that the kindergarten will not have an electronic warfare specialist at hand or a Kashtan CIWS to deal with it.
By the way, the bomb is an off the shelf one (probably a bomblet from a cluster munition), someone welded a hook to it in a workshop. It is significantly LOWER tech than the drone itself. It is also the reason why they picked 'em. The drone itself is mostly plastic and wood - minimal radar footprint. It was the bomb and/or active communication that gave it away.
It is also technically the right approach. I find it quite funny when idiots rant about the dangers of someone putting something on an off-the-shelf quadcopter. They really have no clue of how little range and carrying capacity does one of those have compared to a model aircraft with a proper petrol engine.
It was that to a greater degree than men women choose other fields
That is unfortunately true in both USA and UK. It is significantly less true elsewhere. The gender ratios in STEM in continental Europe with the notable exception of physics are reasonably sane.
However, what you missed is the list of anecdotal bollocks like "women could not take stress" which were attached as a flawed reasoning to this statement while at the same time ignoring the main reason - antisocial PFYs like himself.
That is one area where women are better than men - we get that from our simian ancestry. Women are significantly more adept in maneuvering a social situation so that they do not need to deal with an arsehole. Especially an arsehole with ideas on what they are incapable of.
That is the real reason for low number of ladies in UK and USA STEM - the arsehole numbers are too high.
Too much of it, and stupid plots and storylines.
What stupid plots?
There are no plots - just copying a couple of lines from a 2nd rate comic. If that fails, multiple 2nd rate comics until Abominations Assemble.
80-es was the golden decade of SciFi because the directors used story-lines from real books, not plot ideas borrowed from pulp print material geared to cater for the people with "unfinished childhood" syndrome.
Aim higher. Not 3.5.
4.4.
I assembled a machine with one for testing 5 years ago in my previous job. At the time that was the only thing which I could silence sufficiently to run under my desk while still being able to do interesting stuff at 10Gbit line rate in Linux userspace. I had to down-clock it to 3.7 because even the top end Asus motherboards at the time had issues delivering the required power. If you tried to run it at 4.7 it ran, but the board lit the red "power unstable" LED.
It doubled up as a nice heater for the office in winter too.
That, however, is not the model MSFT screwed up. They screwed up on the 2007-ish one. I find it surprising that there are beasts like that out there which run Win10 though as most of the motherboards from that time do not fully support UEFI and secure boot.
It is not THEM (as WD). They are just shopping from the lowest bidder.
That is "consumer device manufacturers" these days. It is all ODM by someone working to a minimal budget somewhere in South East Asia. So any expectations of bug fixes, etc are pretty far fetched as well.
It cannot be fixed in the current economic environment as it is the minimal cost model. The only way it can be fixed is if the seller (the one who stuck the brand sticker on it) will be made responsible at a FTC/Eu level to supply fixes for a reasonable amount of time. IMHO 5 years of security and safety fixes for software with penalties for non-delivering in the range of 5-10% of global turnover should do the job.
Who needs to fire off events at precise _times_?
A lot of people funnily enough. You would be surprised how much timer activity is involved in inter-process communications and messaging.
Most software does not touch the high resolution timers at all,
As someone who has written a significant portion of the code for the high-res timers in one of the architectures in the kernel I can tell you that you are talking out of your arse.
The moment you go into the land of multi-threading and AIO libc will start using them even if your app is not. On average a nearly empty embedded linux system which has nothing besides a busybox instance with a shell will have 4-8 high res timers active at all times. The moment you load an average desktop environment and open a web browser you are looking at hundreds. F.e. my desktop which is doing bugger all at the moment is showing 228 active ones.
now in a race to implement this?
For general purpose systems - do not think so.
It is extremely hard on a real system which does an ungodly amount of stuff at the same time.
There are plenty of easier ways left for them to try.
It will remain an attack of last resort for GENERAL purpose systems. Now, on an embedded system during an attack on a high value target - that is a different matter. If the machine is doing just one well determined function, it may be worth trying it. So we may see it in let's say StuxNet v 8. Or higher. In something else - not likely.
AMD is exempt from the mandatory address space separation in the Linux tree as of now. Linus merged the patches.
Based on the way the code stands (when code speaks marketing and PR hack should shut the f*** up), AMD is not vulnerable.
Ryzen looked good prior to that anyway. It now does not just look good, it looks stunning. My guess is that AMD is about to get a serious inventory issue with not being able to print enough of them.
but damn those Russians love dire, moribund lyrics!
Matter of attitude to war. War is not fun. That is why nearly all Slavic war marches are set to a minor key which is quite different from the "inspirational" drivel like the "Halls of Montesuma" which is set to a major key and is supposed to "motivate" you to fight.
It is not just Russians too. The same music with different (but on a similar topic) verses was used by Armia Kraiova in WW2. This is the music to which the Polish died in the Warsaw uprising. The same music with yet another set of lyrics (but once again similar meaning) was used by Israeli. This song saw the 6 day war. The same music with several other (again similar semantically) sets of lyrics was also used in the Russian civil war. To just to top it up it was not written about a Russian woman. It was written during the Balkan wars based on impressions from Bulgarians and Serbians.
In any case, I stand by my initial opinion. NATO is a military organization - its hymn is supposed to motivate one way or another. It does not matter if it is the Slavic (we are going to die, but by god we will take you f***ers with us) or the Anglo-Saxon (We are going to kill 'em all, gung-ho, gung-ho) way. A funeral march is not fitting.
A hymn is supposed to inspire. The only thing this piece of tripe inspires is dread. The PR idiots who commissioned it should face the music for grand treason under the respective NATO member country legislation (pun intended).
Just compare that to the (unofficial) ditty of the enemy du jour. The one they put on the tannoy before they get into "if you value your life be somewhere else" mode: https://www.youtube.com/watch?v=r7avPl6jB5w
Make your own conclusions...
You sir a full of sh***.
The best ISP sysadmin I have worked with is woman. The best QAs I have worked with are women. Some of the best embedded C++ developers I have worked with are women too. Some of the best DBAs, etc.
This reminds me a legendary dialogue between a US Bank and a well known high end outsourcing/development shop in Bulgaria (*). The shop in question specializes in fraud detection and analysis systems for banking, elections, etc and is used by quite a few Tier 1 banks and some western governments including projects that are not usually spoken of (unless you want to be run over by an unmarked van).
So the US Bank exec looks at the staff roll which is 30%+ women and at the benefits package which contains things like 1 year fully paid maternity leave and blows a gasket about broads and not paying for something which is the fault of the broad who should not have gone pear-shaped. At that point the owner of the shop looks at him and says: "You sir have no clue what is required to do this stuff. Software developers with university degrees and appropriate level of knowledge in statistics, AI and domain knowledge do not grow on trees. In any case, it is quite clear we will not get along, please leave the building".
(*)I am omitting the actual names to protect the guilty - they are well known.
They are all in a world of hurt.
1. They write to disk synchronously in order to maintain integrity. There is little or no IO merging.
2. You talk to them via network (even if it is local - then it is just unix domain socket).
You are looking at 10s of syscalls per SQL DB query with the corresponding penalty.
Ditto the rather daft comment about joe casual user.
While he will not notice things slowing down (the CPU has grunt to spare), he will notice a 30%+ battery hit. Some of it from cost of IO (cpu burning more), some of it from cost of idling (going into idle and out now costs more too).
First of all, amazingly coherent post for a man from Mars
All the way to the bank, AC, is far enough for them to be able to take over and make over lead.
Second, you are 100% correct. I listened for 15 minutes to one of their talk shows on Boxing day before finally locating the remote at my mom's place to shut the GoggleBox. It was not RT, it was one of their proper channels and in Russian.
One of their commentators put it very bluntly - there is f*** all USA, UK or anyone else can do at this point short of an action which will be equivalent to a declaration of war. We are out of peaceful means to deal with their "interference". So are they by the way - they have tightened the bolts on us being able to pay for "independent" politicians staging "grassroot" "anticorruption" campaigns as far as they are willing to and there is very little they can do beyond that.
Next stage is we either figure out a way to de-escalate and have a proper adult conversation or we start the Tomahawk for Kalibr exchange.
It is a very scary angle for the current Valley Business model.
So far authorities have looked at data slurping alone where they are pre-GDPR practically toothless. They have looked at competition aspects from market access, bundling, pricing, etc perspective. There, they have some teeth - up 10% of global turnover.
They have not looked at data as a monopoly tool. This is probably the first and if it picks up it will get very interesting - 10% of global turnover does hurt. It is not like the DPA fines which plenty of companies pay as "cost of doing business".;
Is an individual making 250,000 per annum a high earner? Or 10,000,000?
Aim higher than 10M and make sure said individual does not do anything particularly productive like run/own companies that provide services or build goods. Think real estate scum or people whose entire investment portfolio is run by someone else on their behalf. The Golfogarchy. They can all declare themselves pass-through entities and pay < 5% effective tax rate.
Anyone who actually does something economically productive benefits very little.
As far as company funds repatriation, the current standard arrangements for loans, payments for IPR, etc are still more tax efficient so any funds to come this route will be for PR purposes. Majority will stay abroad.
It was Microsoft themselves who imposed the arbitration clause on their employees,
Calm down in your righteous anger. Your average high tech (and not only high tech) USA contract is a gigantic pile of cut-n-paste drivel with 90% of it originating from the HR dept + lawyers copying someone's else "solution to a potential problem" without giving it a proper consideration. What can be and should be 2-3 pages is instead 60-70 pages of odious crap half of which is illegal in half of the jurisdictions the company operates. From a legal perspective it can be summarized in one word: bullshit.
I strongly suspect that Microsoft's arbitration clauses were not put there out of malice. It was a cut-n-paste + "everyone's doing it, it is industry standard".
By the way, the really evil part of forced arbitration is not the fact that the employee is forced into arbitration. It is the fact that the most evil versions of contracts (I can name the actual Silly Valley companies with those) specify that while the employee CANNOT avoid forced arbitration, the company can. So it can hit the employee with a standard "bankrupt by lawyer fees" gambit without the employee being able to retaliate. There are in fact also a couple of law firms in the valley which specialize in servicing the companies which use these contracts. You can look up either one of them yourself (good idea - to know where not to apply for job).
WANNACRY wasn't "ransomware". In ransomware you can pay money and get your data back.
Not necessarily. The reality is: "You pay your money and you pray you get your data back". It is a basic hostage situation, just your data instead of your daughter. Sounds similar, possibilities of getting something back are similar, but spelled differently.
Or blaming a hospital for starting open-heart surgery in the middle of a hurricane knowing that you didn't pay for the backup generator
Sort-a. You are mistaking "middle of hurricane" with "agents of foreign country blowing up the power supply". Now, if you had a backup generator that would have helped. Or maybe not - it can be blown up too.
The stupid part is elsewhere. The rule of thumb when dealing with lunatics is "if you are not going to act on it, keep your mouth shut". Empty talk only makes them do it again.
In fact, from this perspective, we have LOTS to learn from both Russian and the French. They are significantly more restrained on the talking front and significantly less restrained on the "deploy marines backed up by an aircraft carrier and execute the little shit on the spot" front.
Oh sorry, forgot. We do not have a viable aircraft carrier, do we? We have a leaky tin can which has no planes to fly from it. Oh well, how fortunate. We can continue empty posturing then I guess. It is easier when you have an excuse for not putting your money where your mouth is.
Article quote: The decision to publicly attribute this incident sends a clear message that the UK and its allies will not tolerate malicious cyber activity, the Foreign Office said.
You are not alone here. My first thought was also: Since it impacted the NHS in a big way is it akin to dropping a bomb on a hospital? An attack against civilians? Don't people usualy go to war over stuff like that?
The Foreign office reaction is a first degree idiocy. If you attribute what is a WAR CRIME AGAINST OUR CIVILLIANS to a FOREIGN STATE and YOU CAN PROVE it, that is a valid casus belli to start a war. You can even get the Security Council to agree on it. The Chinese Ambassador is not Nicky Halley and if the proof is irrefutable will most likely abstain. Now, the fact that we cannot even scrape 3 ships worth of an expeditionary force with zero aircraft is a different story, but let's not get there shall we?
If you cannot provide a proper response to a foreign state against an aggression against a civilian hospital on our soil, shut the f*** up and do not attribute it to them. Especially if you happen to be a nuclear power. This is the worst of all possible options - you show you have no teeth and you give a precedent where we do fuck all after someone has attacked civilians and out of all places a hospital.
While previous gems by the hair-disorganized quasi-idiot could be laughed at as most of them did not have possible consequences in the form of a bodycount, this one isn't. He should be sacked (in fact that will be too kind for him).
It can still be used a helicopter carrier. UK still has some left of those.
It is one hell of an expensive helicopter carrier. The most expensive one in the world in fact.
This is especially when compared to what that other countries which used to operate Harriers and now are in line for the F32B have bought for a fraction of that money: https://en.wikipedia.org/wiki/Spanish_ship_Juan_Carlos_I_(L61)
In fact, if you look at it, UK could have built ~ 8? ships of the same class for the same amount of money. ~1.5 more "power projection" bang for the same buck even before we take the landing craft launch capability into account. Unfortunately, someone in the Admiralty probably had an issue with the size of his anatomy and needed to order something BIG to prove himself. As a result the really simple idea that "If you build an aircraft carrier that big you might as well order proper planes, not VTOLs for it" did not compute.
what, like Google?
Yes. Like Google. Or Apple for the Apple-centric households.
The issue with both is that while they are not angels, they have never tried to engage into outright criminal sh*t targeting specific individuals.
I am not aware of Google hiring PIs, hacking into people's systems to get their private data, getting illegally their medical information and violating laws and regs in every jurisdiction it operates. In all the years it has been the "eye in the sky" for a large chunk of human population there was just one case of an employee abusing site engineering access to target someone personally if memory serves me right. Apple has an even better record - afaik their record so far is practically spotless.
Now, shall we compare that with Uber?
The only person in a better position to spy on you than your driver is the housemaid.
What people fail to understand is that Uber is not amorphous, anonymous like a taxi you hail in the middle of a street. All data on you has been collated by the company. That data is anything but amorphous and anonymous. They know where you live. Where you go. Where you take your kids. When you take your kids. When you pick them up. Minimal correlation also yields whom do you meet, when and where.
That would have been worrying In the hands of a fit and proper company.
Now think for a second about all that data being in the hands of a company with their track record, their governance and their management.
How did a carpenter catch two tyrannosaurus Rex, transport them to his boat, and keep them calm and captive for 40 days?
By giving them the same cool drugs as smoked by whoever built that madness in Kentucky. I bet they were quite content chillaxing while having some really cool drugs for 40 days. The only issue is - while I have no objection to people smoking cool stuff, not sharing it is criminal.
that momentary contact with skin wouldn't do any harm due to the insulating effect of the gas
Concur - wearing gloves is a risk in itself. If it gets into the glove you are royally screwed. You are better off to use a trivial towel if the handles are too cold. No gloves unless they are at least elbow length ones.
Oh, come on, lighten up. I was fortunate enough to go to the local equivalent of what in Britain call grammar schools which specialized in sciences (in fact attached at the hip to the local Uni) in the days before H&S and political correctness spoiled everything.
We had the first year physics profile (equivalent of UK year 10) get hold of liquid nitrogen on regular basis and sneak it into the canteen. You DID NOT leave your meal unattended. If you did you could find it in a state where you could break a knife trying to cut a meatball or the spoon was sticking out straight up out of the soup with ice forming on it.
That was one of the more harmless pranks. The chemistry profile the year after me did things like drilling carefully chalk with a compass or the cartridge of a ball point pen, filling it with silver acetylenide and leaving it at the blackboard amidst other chalks and lighting a fuse. A few mg make a relatively harmless bang which will at most bruise a palm if you blow it up in the middle. Lots of noise, little damage. Putting it in the middle of a chalk, however... if done right... You could get a cloud one third the size of the classroom. Hydrogen baloons with lit fuses floating at the ceiling - you name it.
Those were the days... Me coat, the one draped over the zimmer frame.
So it was just a harmless flask sitting somewhere. Not like it was poured into your coffee or something (that one is fun).
AES is a result of an open competition and was not designed in USA. It was designed in Belgium. While it is theoretically possible that the two cryptography researchers who came up with it are a NSA plant and it has an existing hole, I find this idea a bit too far fetched. Very far fetched. In fact so far fetched that whoever came up with needs to share what they are smoking.
AES and its standardization process, however, are one of the exceptions on the cryptography scene. It happened during a short lull in-between the insanity storms. We have regressed since and quite a bit almost back to the days of the Clipper chip adn 40 bit export level DES.
I suspect the next candidate will be purely USA-based and will follow the same design pattern as the elliptic RNG and several other interesting NSA-advised NIST ideas which appeared after AES.
vRealize are vastly more suitable for the NFV-I and NFV-O
No, they are not. VMware closed the API for the vm-to-vm switching so your only choice for networking is vmware distributed switch and whatever it offers. You are fully dependent on what they ship and that's it. So let's look at basic things you need for NFV-i and NFV-O:
- service chaining? nope, never heard of it,
- layer 3 functionality? at the level of a GCSE project
- interface to overlays and L2/L3 VPNs used in the edge (cable labs existing standards are mostly GRE) - nope you will be force fed the VXLAN diet like it or not
Vmware has ensured that it will not be considered for any such deployments in the long terms the moment it closed the switch and vNIC APIs 2 years ago. Even if it decides to reopen them now nobody will believe that this is a long term strategy and nobody will be their house on developing for it.
Compared to that Openstack networking is pluggable. The base reference implementation is as lame as vmware (if not more lame). There are, however more than enough alternatives floating around to do the job.
Psssst! Don't tell anyone, but all our communications links with that there Yrup are also via under-sea cables....
Nope, they are not.
If my memory from my telco days are right, most of the capacity from the UK to the continent is dual route. One route is ALWAYS under the sea - North Sea or Channel. The other route is USUALLY the Channel Tunnel (sometimes an alternative sea route). So on that side usually only one is under sea.
"Can you imagine a scenario where those cables are cut or disrupted?"
Yes, this means that the traffic goes the backup route around the UK into the North Sea landing in Europe north of Rotterdam (if we assume the optical level backup of the same links). As a result UK can no longer snoop on them and we have to ask the Dutch for a favour. Oh my god the world just ended.
To put it bluntly, if the hostilities reach a point where cables will be cut physically there will be P800 Onix and Kalibr going one way, Tomahawks the other shortly followed by nuclear tipped Khs Radugas and AG-86M exchanges and culminating with a Bulava vs Minuteman handshake.
Simply, the navy and the military need more toys. The threat of Russia doing this does not exist. At the point where they do it, undersea cables will be the least of our worries. There will be no traffic on them anyway with the EMP knocking out all Internet exchanges and transmission huts on the cable routes.
Now, there is a very clear threat of fringe groups, terrorists, self-declared states led by bearded lunatics, etc. That is different - it is the threat of them hijacking two trawlers or just buying them on the cheap (last time I checked - under 20 grand a piece for a couple of decommissioned ones) and having an excursion around Cornwall and around the Dutch coast north of Hook of Holland on the same day. All they need is a couple of AK47s on board - the only thing the UK coast guard has nowdays are inflatables. Not sure what the Dutch have (probably nothing much better either).
That is different though - you cannot get any cool toys to deal with this. Nothing like the toys BAE will concoct to deal with an imaginary Russian threat in mid-atlantic (*).
(*)Do not even get me started about ex-Generals getting consluttant positions in companies like BAE after they have "served their country". Everywhere - Russia too.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
