Posts by Down not across 1987 publicly visible posts • joined 21 Mar 2013
Ah those wonderful Turbo buttons with a 2 digit 7 segment display that was set just with a jumper board.
I used to (sometimes) wire those via a little homebrew logic to the ISA bus to watch POST codes as the machine was (or not, as often could be the case) coming up.
Given it was not particularly great deal of effort, I was somewhat surprised no case/computer manufacturer never (that I remeber) offered that as an option.
You say that as if Cisco etc have never had a stupid vulnerability or "feature" like being able to rewrite the firmware remotely without authentication...
Ok I bite.
I take you're referring to the Smart Install (yes, I agree in principle that most things named Smart something rarely are). Whilst I agree that the feature (I don't agree it being called a vulnerability since the behaviour and risk is well documented in Cisco's documentation) could no doubt benefit from additional security features, we are in the end talking about an enterprise feature which presumably is being used by qualified personnel.
Here is an excerpt from the doc linked to above:
The absence of an authorization or authentication mechanism in the Smart Install protocol between the client and the director can allow a client to process crafted Smart Install messages as if these messages were from the Smart Install Director. These include the following:
* Change the TFTP server address on Smart Install clients.
* Copy the startup configuration of client switches to the previously-changed and attacker-controlled TFTP server.
* Substitute the startup configuration of clients with a configuration created by the attacker, and forcing a reload of the clients after a configured time interval.
* Upgrade the IOS image on client switches to an image supplied by the attacker.
Execute arbitrary commands on client switches (applicable to Cisco IOS Release 15.2(2)E and later releases and Cisco IOS XE Release 3.6.0E and later releases.)
While designing a Smart Install architecture, care should be taken such that the infrastructure IP address space is not accessible to untrusted parties. Design considerations are listed in the Security Best Practices section of this document.
Let's face it, if you using this feature to provision kit into your network, why would you NOT add the no vstack into the config you push to new device?
Extra unneeded capability is not a benefit, no matter what iXSystem's roadmap says.
Quite.
After the splitTM, I was slightly torn as to which one to choose when it was time to upgrade from old trusty freenas 0.7.2. In the end, despite the lure of the plugins, I chose nas4free and it has performed impeccably. My old Microserver with 8GB RAM and intel pcie nic has not missed a beat. To my surprise it even imported old 0.7.2 mirrored volume, now of course long gone and copied over to new ZFS pool.
I think what iXSystems has done with FreeNAS is great and intend to give the new one a whirl to test, but for pure storage purposes nas4free has been flawless and I have no intention to retire that anytime soon.
And that is as it should be. If you don't like those companies, don't use their services (I only use Uber in that list).
If it only was that simple. However it is not always up to you. For example: I don't use WhatsApp, but if anyone, who has my contact details in their phone does, my information ends up in WhatsApp's trove. I don't get a choice, or get asked if I allow that.
The suit marks a grim but potentially important issue that will arise as more workplaces phase out manual labor in favor of robotic workers. When one of those units malfunctions and injures or kills human staff, just who should be considered liable?
Why, you call Elijah Baley of course. He will find out.
Manufacturers have more than one OUI
For example:
$ grep -i samsung ethercodes.dat | wc -l
463
$ grep -i apple ethercodes.dat | wc -l
531
So just for apple multiply your number by 531 (as of mid February's oui.txt).
Also the uniqueness is only really an issue with regards to the AP you're associating with (ok, yes DHCP server, switch/router comes to play as well)
I really enjoyed the "essay".
Martin was quite clear, and explained, why the questions were wrong whilst answering to the extent it made sense to. Interesting way to look at things.
To get an idea where this is heding just think of a simplistic step like Oracle's Exadata where the controllers on disk have understanding of where clauses and how that benefits performance. SCM of course would take it to another level entirely.
“I get concerned when there are server-side problems like this that go on for multiple days. I would be really pissed if I were on a road trip,” Made in CA added.
Why? AFAIK the car functions normally. Do you really need the app to use the car?
I'd be pissed off if the car depended on some flaky phone app to work.
<ObBritishEnglish>
I think highway patrol would be bit miffed is he was pissed while driving
</ObBritishEnglish>
So to put it another way: If the built in storage on phones was priced the same as an SD card, would there still be the same demand for an SD card slot?
Yes.
If phone makers didn't charge a mark-up on bigger built in storage, is there still any advantage to an SD card slot?
Yes.
From a page in the Libreboot project:
"ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include 'ME Ignition' firmware that performs some hardware initialization and power management. ... Due to the signature verification, developing free replacement firmware for the ME is basically impossible.
Since you quote Libreboot (as I have myself done in several posts), don't forget that Intel is not alone. AMD is equally evil with its equivalent PSP.
I had a gigabyte mother board with an on board NIC that hated Ubuntu. It would disconnect and reconnect to the network every 30 seconds.
Sounds like what the usual Realtek crap ones do if you actually try to push any real traffic through them. I've given up on them and always install intel NIC. They just work. The Realtek is fine for emergency ssh, bit of SNMP,etc but trying any heavier traffic locks (at least some of) the RTL NICs up.
Not to mention dual/quad Intel NICs are dirt cheap on tat bazaar so it is not worth fighting with the Realteks.
I'm sorry, but I don't see this as a vulnerability. It is well documented, and Cisco even warns about it in their documentation.Yes it could've been designed to be more secure, and yes perhaps IOS should automatically turn it off after having fetched initial config, but these are not consumer devices so it is not unreasonable to expect some competence of RTFM and configuration from the staff deploying the kit.
If this is being successfully exploited, then some network "admins/engineers" aren't up to their job. What else is wrong in their configs and ACLs?
I think this has been blown out of proportion. Yes, while the feature is intended for initial install, it could be used for re-install. Forgetting to turn it off sounds like someone not doing their job. Not to mention why on earth wouldn't the fetched configuration turn SMI off?
It's got notifications for calls and texts which is handier than you'd think (phone in pocket on vibrate and coat is on the back of a chair at work, for example).
I second that. Getting notification on calls and texts is the most useful feature. Obviously it also needs to be able to tell the time or it wouldn't be much of a watch.
I can also bitterly complain about how terrible the encryption tools are for TNS. It is *so much easier* to bolt an stunnel instance in front of the listener and never, ever, ever use an Oracle wallet - and safer too, since stunnel can sink itself into a chroot().
Wallet? Why are you still using COST instead of VNCR?
Oracle databases - wonderful software, until it's not.
That would be most of the time. It may have brief moments of something akin to wonderfulness, but they are very fleeting and definitely will not last.
They supply a media converter. I build my router out of an Atom and CentOS. :)
Ok, I'm curious. Did you try pfsense, and if you did what made you choose the way you did?
(yes, I'm aware Linux network stack has improved a lot and does support more obscure hardware better than FreeBSD)
I think prisons have fixed lines, just a guess. You know the world did function prior to the introduction of the mobile phone.
The OP listed more places than just prison. And you picked the only one where it would be expected not to have mobile phone coverage or where use would be prohibited even if turned silent.
Personally I'd want EPOC (ie. Symbian) based communicator (if Nokia decided to go there after 3110) or at least with just Linux without the Android crud on top. Or a choice, which brings us to your second wish. You may be able to get modern version of Psion 5.
Well well. Rather interesting. Ticks all the boxes. Except EPOC and stylus.
Even with 8Ah battery I have doubts about the standby time with Android. I guess if you slimmed down all the extras (as most vendors bundle in tons of bloatware (often a full suite of apps competing with Google) it might be possible. Standby clearly mean display-off, as 5.7" QHD screen is likely to be thirsty.
As for pricing. Backer prices on indiegogo look very tempting.
All it would need is an alternative connection to the proprietary one, so WiFi probably, rather than via IR to a modem.
Bluetooth. You're bound to have a phone with bluetooth anyway and would be more frugal on battery than running WiFi. If you were in a situation where you did need WiFi, then maybe if it supported something like this. Oh, and keep the IR, it has its uses.
Delivery companies would be far better off either committing to specific delivery in a one hour time slot (or less) one or several days ahead with, much as supermarkets book their deliveries.
DPD seems to manage that fine. Usually get first an SMS confirming delivery day, and in the morning of delivery day another SMS confirming one hour timeslot.
Agreed, you don't know the timeslot until on the day, unlike supermarkets where you book a specific slot. It's still excellent and means you can nip out knowing the driver is not hiding around the corner to rush to slip "Sorry we missed you" card (if they bother even that) when you step out for a minute.
Great, the worst of both worlds for no benefit at all.
They can be useful for design/debug purposes with simulated I/O. Having actual I/O would enable verifying if everything really works in real life as it does in simulation. After all not everything works to the specs in the datasheets all of the time. Some never do.
To actually use it to really run something instead of a PLC, shudder at the thought.
I quite like Windows 10 as it loads quicker and is more responsive for me than Windows 7 was, ignoring privacy concerns for a moment.
Are you sure about that? You do realise that "Shutdown" in 10 by default just hibernates it and doesn't actually shutdown properly.
Here is just one of many references to that.
During the process I was confronted with Cortana, which I attempted to remove or at least disable, only to find that in Win10 'Home' this is all but impossible.
I got a laptop which came with Win10 on it. I thought I'd take the opportunity to see what it was like before proceeding to wipe it (and enable to use it at least for some browsing while I work out which distro works best on it).
Cortana (and most of the bundled basic apps) seem to take a dim view to the fact that I have not supplied it with a Microsoft account. About 80-90% of the pre-installed stuff refuse to work without MS Account. Cortana occasionally whimpers but has so far suggested nothing.
So it appears that if you don't provide MS account and install applications the normal way (ie none of the MS cloudy stuff) it may hamper what they get. Don't use Edge either as I prefer Firefox and/or Palemoon.
Should probably have a look with wireshark to see how much it phones home, although I suspect the contents are likely to be encrypted.
I'd like to see a proper Linux on there. Perhaps MeeGo or one of its successors.
I am quite partial to EPOC, not least because it undoubtedly contributed to the frugal power consumption of the device. If the OS had to be anything else then perhaps MeeGo or something similar would work fairly well too.
I'm a bit worried about what you could do with the software as 50% of the brilliance of the original device was the OS and built-in apps (worried an updated model might have to run Android)
Android? No. Just no.
It has to be EPOC (guess I should call it Symbian now). Can't speak for others, but personally I don't need yet another Android device. EPOC/Symbian is perfect for the Psion 5.
And of course OPL. I whiled away many boring train journeys/flights by writing stuff in OPL (either on Psion 3 or 5 or Nokia Communicator).
"What do you think of 'Brand X' DAT?" - The response was brilliant - "Great for Backups - terrible for restores".
I concur. I've never had any issues, apart from occasional dirty heads, with QIC (the proper ones, not MC or Travan), 8mm (Exabyte) or LTO (or even old DECtape) tapes. DAT has always been lottery (about same chance of winning too...). Can't say the same for DAT at all, which is a lottery (and about same chance of winning) suggesting the 4mm tape being inadequate for the job.
Intel is not alone with its IME. AMD has equivalent PSP which is just as evil.
Libreboot FAQ is an interesting read. No, you don't really have much control over any recent technology and are at the mercy of the vendor.
(Yes I have posted this link before in another thread sometime ago.)
Ignoring the really obvious problem of being expected to unnecessarily translate between IPv6 and IPv4 on your network boundaries, why are IPv4 private address ranges preferable? The answer is they aren't.
I don't think you can speak for everyone on what is preferable to them.
I certainly would take issue if anyone felt they could decide what is preferable to me.
There is a lot you can do with dozens of connected, worldwide data centers without ever calling them an AOL or Yahoo! property again. It stands to reason. What say you?
Why would they want more datacenters when they've been busy selling them off as it is?
Did you read the article? Cisco said if you don't need it, turn it off.
Whilst I am all for making things secure, lets not forget that this feature is for new, unconfigured switches. Clue is in the name of the feature, install.
First paragraph from cisco:
Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. You can ship a switch to a location, place it in the network and power it on with no configuration required on the device.
So really the idea is you ship a pallet of new switches (or replace one an identical SKU one for example) to your DC and the director flashes correct IOS imagea and your pre-created config. Then you turn the feature off. As much as I like things secure, there is not really much need for authentication in this situation as the kit is effectively unprovisioned until Smart Install has done its bit.
Doesn't sound like a bad way at all to install bunch of new kit (or replace broken kit).
I'd like a slightly updated communicator thank you very much. I still have my trusty old 9500 but something bit more modern would be nice. They did get pretty close with E7-00 but I do prefer the clamshell approach of the original Communicators. Can we keep Symbian (it wasn't without its faults, but did the job pretty well) and OPL as well.
It doesn't matter to them that anyone with a job that requires some concentration is working at a tiny fraction of their potential.
Of course not. It's all about appearances. As is blatantly apparent from the current fad of open plan offices. I suppose not having so many internal walls also enables more people to be crammed up to the same space.
You are doubly cursed with a poor manager in these times. In addition to the drawbacks of working for them, they lose out to more politically savvy managers.
That is the one big problem with companies today. Politics. The bigger they are, the worse the internal politics. Almost invariably companies lose a lot due to all the politics in the mangement chain. Constant backstabbing and arsecovering is ripe. If even part of that effort was focused on getting the job done...
It becomes a pain in the ass when you have very restrictive licensing agreements with your vendors.
Like with EC2 where you pay full license per vCore (if hyperthreading is not enabled, and 0.5 license if it is) which is really just a Xeon thread. While running on your own hardware you need 0.5 licenses per Xeon core (the two threads counts as "1 core") according to Oracle's Core Factor Table
So effectively you pay double the licensing on EC2 compared to running on your own hardware.
Vizio harvested surveillance on people and their families so precise, it knew exactly what you were watching, second by second, and even took copies of the watched video, according to prosecutors.
As if the slurp of the what and when isn't bad enough, actually copying what was watched should really open them up to all kinds of lawsuits considering it is quite feasible some of the material watched could be private/personal (no, I don't mean porn).
It could also have cost the customer money if they were on any kind of metered connection.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
