Posts by Voland's right hand

And where you will store function call parameters?

Stack is not only for addressing, it is for function call params too.

What Intel is proposing is not far off - it is two separate stacks - one legacy - params and returns, and one only for return addresses. The so called shadow stack is very similar to what you are describing - a program can manipulate it solely via subroutine calls and returns.

By the way, this still leaves a large exploit category not covered - it is of little or no help with heap exploits.

Re: Embrace, Extend, Extinguish...

Actually I think a BSD-derived TCP/IP stack first appeared in NT 3.5.

Correct. Then it slowly MSFT-bit-rotted to be refreshed again in the early Win2K development cycle. And a again a few times later. TCP fingerprinting knows no mercy - it shows exactly what you are doing and whose stack did you cut-n-paste when yours was not delivering.

In the case of BSD it is permitted by license and Windows has always complied with it - if you dig around you can find the relevant "copyrights" and mentioning of BSD in their licensing info.

Re: Location, location, location

L4 and L5 - yes. They are stable and even if you shove something a bit out of it, it tends to try to go back there.

While unstable, L2 is interesting because it is in perpetual shade with the smaller body providing it as it orbits the larger. L3 and L1 - not so much. They are both not stable and solar wind will probably push you out of them at the end of the day. So a long term competition for "real estate" at these locations is highly unlikely.

Re: News at 10

Farenheit... 451...

Re: @Gray ... Military aggression

So what makes you think it cannot be programmed to use the classic cruise missile guidance methods such as TerCon? Laser distance to ground measurement can be done using 20$ parts from ebay nodays and jamming it is nearly impossible.

Re: Huh?

You are not familiar with the "smart metering" attack.

It is sufficient to turn 2-4% on/off at once with no prior notice for the grid to start shedding connections. If this is not calculated correctly (or in the case of an attack if the sequence of on/offs is malicious) the whole grid can collapse completely (*).

So all it takes is one monkey - either at a big enough power plant or one high enough in relevant government department. There is little difference between failing to protect the grid feed transformer and deciding to install smart meters with uploadable firmware into every house (and someone backdooring it with a trigger sequence).

The result is all the same.

(*)_{It is now 20+ years since I last helped my dad with computations in optimal control of grid load "management" so the 2-4% number is off the top of my head.}

Re: I just say no

but for personal banking, not worth the security hassle

Try spending a few months a year abroad and/or having any or all of the following:

1. Assets abroad (real estate, car, whatever).

2. Relatives in need of regular financial support abroad.

3. Having to pay tax in more than one jurisdiction

That is not as uncommon as one would think - there are 2 million Brits according to official statistics who are in this position. In reality, the offiicial stats are probably an underestimate by at least 50%, because quite a few British pensioners pretend to be still living in Britain so they can continue drawing their state pension and benefits in Britain instead of having it transferred (to a net financial loss) to a Eu country.

Why not

This idea is only slightly less delusional than the idea that Berlin and Paris will allow Europe financial affairs to be run from outside the Eu.

If we for one second assume that delusion to be in the realm of reality (very far fetched), yeah, sure, UK will be able to negotiate good terms with anyone. In fact, it can, in theory, negotiate better therms as the Eu cannot keep it on a short leash while it runs a "good terms or your assets get it" gambit.

The issue is that the idea of the London City after a Leave to be anything more than a glorified version of Virgin Islands corporate registry is exactly that - in the realm of "WTF are these guys smoking". Paris and Berlin will not allow that for a split second. That automatically removes any UK negotiating leverage in any trade negotiations.

When the City gets "nuked", some smaller hedge funds may survive (for a short time, then move). All larger financial entities including 99% of stock trade activity will move to Frankfurt within less than 2 years. With the relevant consequences for everything else (thank you Maggie for making the whole UK economy being wholly dependent on the City fortunes).

Re: It seems

Giving people who have spent their career working in closed protected environments related mostly to system and process control (ECUs, controllers, etc) the task to write something which is exposed to the outer world and can be attacked at the protocol/message level.

The end results is that 99% of IoT and I-connected gadgets there are hackable with ease. Cars, smart meters, internet connected alarms and cctv - you name it.

Close

Now you know why Theresa May agreed to A review,

Fixed that for ya - that is her standard Harkonnen modus operandi. Plan within plan within plan.

Re: Southpark

One more option.

A man with some issues in the "fingers" department: http://www.theguardian.com/us-news/2016/may/07/donald-trump-penis-painting-ilma-gore

I am surprised Ilma Gore is not the first person on the list. Out of all Trump lawsuit threats, the threat to sue her and any auction selling her painting is possibly the most ridiculous.

Re: Broken expectations

This means you never had to work on an "adult" unix.

Unless your friendly local sysadmin turned job control off, SCO, AIX and other full spec Sys V + Posix implementations would all kill your processes on logout.

Re: Not enough room in comment

Concur. Not a proof as such.

Proof of something in math should hold to rules of formal logic and be specified as a logical sequence.

What is being waved about is a dataset, not a proof.

it seems bofh.ntk.net no longer resolves

Indeed - as a result we do not have access to some of the best (actually better than BOFH) Simon's early rants like "Departmental Scapegoat Required" and the spoofs on Startrek Enterprise, etc.

Re: Oracle should be grateful

Dead no. Become a niche language - yes, definitely.

Re: Happy to be held accountable once...

The reality is that:

Bank will specify hardware: PC

Bank will specify software: Windows with bank sponsored malware (sorry, security software) installed via a bank affiliated download so that the bank gets its marketing cut. The favorite is some crapware named after some mutt variety.

Bank will specify development methods: Bangalore

Bank will specify location of operations: Bangalore

And you will have the responsibility. HSBC already tried that. More than once.

I tried to raise with them the fact that the way the have redirected to the co-sponsored download was open to cross-site scripting so _ANYONE_ could shovel a download to a customer PC through that hole and the customer would have accepted it as verified by the bank. This gives you the idea of the competence involved.

After spending 10 minutes trying to parse Bangalorian into English I gave up, close the account and moved to Nationwide.

Re: the endless blame-game opportunities

Amazon, who outsources

Dude, what are you smoking?

It is the real success secret in cloud. It is called DIY and Eat Your Own DogFood. Down to the last nut and bolt in the power distribution unit of the bitbarn and last line of software. Even if it looks more expensive at one particular level it cost saves elsewhere.

That is why Google, Amazon and Facebook (with Azure catching up) have been so ridiculously successful from an infrastructure perspective. This is also why all vendor w*nkfests like HPs and Dell's miserable attempts at cloud have been miserable failures. When you outsource a blame game you also outsource the margin with it. You also now pay for the vendor ensuring that the blame is least likely. Example - do you see a vendor slotting a MB on a pizza tray without an enclosure in your bitbarn? F*** no - their own risk control will not allow it. And the cost adds up. At every level. So when Uncle Jeff comes around for your bacon you suddenly realize - your "cloud" built out of boxes which you outsourced to Quanta, Foxconn and Asus running software which you outsourced god knows where else, connected via routers and switches you bought from Cisco and built inside barns you hired and leased instead of owning (and so on) cannot compete.

Outsourcing for a customer works only at _SMALL_ scales. The moment you get into the Amazon and Co territory the economies come from in-sourcing the whole stack. And owning it - all the way to the land under it (inclusive of the f*** mineral rights).

Re: Check this out:-)

How the f*** did this get granted in the first place?

This is just a boilerplate design for a generic gateway which has been produced by various manufacturers for years. Sagem was shipping such a device 7+ years ago (with a slightly different protocol set, but pretty much identical designwise).

There is absolutely _NOTHING_ inventive here. It fails the novelty test, it fails the prior art test, which f**** cretin has granted this and why are our fees (and for USAisians - taxes) being used to pay his salary.

Oh... I geddit... Search and replace with software defined - same as it was done by plugging mobile everywhere 5 years ago and Internet everywhere 10 years ago. In any case - a Eu patent examiner will laugh his arse off if you submit this as an application and slap you on the head with it.

Re: Programming skills .NE. programming languages

Exhibit A.

You got the wrong reference. Should have pointed here. Syntax is about the same, so is readability.

It is either that or going in an origami.

When you compare origami and balloon in terms of technical complexity, the origami definitely looks like something more likely to go wrong.

Re: I buy golf clubs all the time because I think they will improve my game

Typical Silicon Valley CEO - total inability to measure ROI.

That is normal, your stock or unicorn horn value in the valley is not proportional to ROI or any of your financials for that matter. For that you have to STOP being a Silicon valley company and become a global company. Sun never made that transition - it was born as a silicon valley company, it grew as a valley company and it died as a valley company somewhere inside the bowels of Oracle. While it sold stuff around the globe, its mentality never grew beyond the valley borders.

Re: " will have to to beat off stiff competition"

Pierce Brosnan's "I thought Christmas

That was quite tame compared to Roger Moore's "Miss Godnight is coming up" and Q's comment in Moonraker "He is attempting reentry".

Re: @Voland

Err what???

Exactly that. It was a more than once a month flight for several years by the way.

After the incident at which she called them c*nts and refused to provide said c*nts with low altitude forecast for Air America style weapon smuggling in the North Caucasus, the airport authorities had a more "compliant" met officer given the task to supply those flights with forecasts and NOTAMs and she was re-assigned to back-office duties until retirement.

In any case, based on this (and other) first hand documentary evidence, we have to thank the Russians for their patience.

If someone shipped 100+ transport aircraft flights of heavy weapons as a "donation" to IRA UK would have probably used Trident on them 10 times by now. USA under similar circumstances - not probably, definitely.

Re: Why would they?

Why would they?

The whole DRM on oculus has nothing to do with games. Oculus is being bolted down so it cannot be used for porn. From that perspective, they do not care a lot if their DRM was broken so that their content is played on another device. Now playing non-DRM-ed content on their device - different story.

This is not something Oculus originally intended by the way. It came after they were Tzukerborged. I guess that the droid boy is more prudish than we thought.

Re: Disaster Waiting to happen

Maybe this will (at long last) kick the japanese bankers...

This is still small change

It will take this happening on a daily basis for them to fix it.

In addition to that, reporting such losses up the command chain and reflecting them on the accounting sheet in that particular location can be career detrimental. Cough, Cough... Olympus... Cough, Cough... Toshiba... Cough... Cough...

They do not

All CPU architectures out there when running flat out (as a well spec-ed server farm generally does) have very little advantages over each other. The rumors of Power being err more powerful (pun intended), arm consuming less power, etc end up being very exaggerated.

Arm's "less power" comes to play when it is idle. Same MIPS at full flat out Intel will use times more power in idle. That is a mode of operation which you will see in consumer equipment, media boxes, house server, etc. You will not see it in most datacenters nowdays. VMs, Cloud and Big Data have changed the way they are run. 10 years ago, servers were run at a fraction of their capacity to ensure they have enough spare grunt to handle incoming requests. Now they are run in an almost mainframe fashion where there is a low priority VM set with a batch processing job always crunching something in the background.

Re: What an utter load of tripe

So, without 100%, 24/7 connectivity, a notification system has the value of tripe?

You missed one important adjective. REALTIME. So that should be: So, without 100%, 24/7 connectivity, a REALTIME notification system has the value of tripe?. Actually, not even that - tripe makes for a fine soup (works well on hangovers).

Example - I am severely allergic to half of the plants out there including "peanut level" intolerance to wheat, barley, rye and even rice. When I need to whack that epipen needle into my thigh and call an ambulance I on average have less than 5 minutes to do so. If that notification is not there within a minute or two, it arrives to an unconscious body which cannot whack the eipipen. If it arrives past the 5 minutes mark it would arrive to a phone attached onto a dead body.

Thankfully, I do not rely on notifications from the cloud for stuff like that. If I was, my SWMBO would have cached my life insurance already.

That was a company started by a couple of college dropouts.

That works (or used to work) in computer science and computer engineering. You could start that with two blokes in a garage.

As someone who is officially a Molecular Biology dropout (I never completed my second degree in that) and has a SWMBO with 20+ patents in diagnostics using ultra-small samples and at some point held the position of a CSO in a diagnostics company, I can tell you that there is no way in hell, on earth or otherwise it can work out in molecular biology or diagnostics.

You cannot start that with two blokes and a garage - the amount of up-front technological and scientific investment to start a successful biotech startup is of orders of magnitude larger than for CS.

You missed MIT in 5th place. US is actually quite well represented (which is not surprising).

The surprise for me was the number of Polish Universities in the top 50 as well as the presence of the two Egyptian and one Syrian university in the top 100.

Re: Incognito Mode

Surely that's for online banking?

I think you spelled that wrong. One letter difference...