1436 posts • joined 15 Aug 2013
Too complex to be true
I stated in the comments to the earlier article - if you have the resources to make a custom chip, then you would create a lookalike of a suitable chip that is *already used* on the MB, and substitute the bogus chip for the real one anywhere along the supply chain to the MB manufacturer. No board modifications needed, and nobody associated with the server manufacture will know a thing. The bogus chip would work correctly, but have extra functionality. Then there would be no outward difference in the motherboard and it could only be discovered by observing the unauthorised behaviour. Not even examination of the silicon would make it immediately apparent, because the bogus silicon could be marked with the correct chip ID and a bogus "new revision" number.
Extraordinary claims require extraordinary proof. Embedding a chip in a PCB would require a completely new PCB fabrication process so is inherently unlikely (Everyone working in the PCB fab would have noticed all the new machinery and a complete change to the process flow). Unless the news agency can produce a PCB modified in the way claimed, I do not believe a word of it.
I think the point is that regardless of "I didn't know it was against the law" excuses, you are likely to still know what you are doing is likely to be with bad intentions regardless of your knowledge of the law.
Not in this day of 1000 new laws passed every month. If you were working in a charity shop for example, would you know that it is against the law to sell a pencil sharpener to a 15 year old? (It is a "Bladed article" which may not be sold to children - you'll see it has to be approved if you scan one at a self-service till).
Yet in the UK it is often said that "Ignorance of a law is no defence".
Ignorance *of the law* is no defence, but ignorance *of the facts* certainly is. e.g. it is no defence to say, "I did not know that it is illegal to possess cocaine." But it is a defence to say, "I did not know that the substance in my possession was cocaine."
The converse is also true. You can be convicted of being in possession of talcum powder if it can be proven that you thought it was cocaine.
In this case, the fact that the cleaners believed that they were in the correct house certainly is a defence.
"This is complete utter nonsense. A quick back-of-envelop calculation: The sun has an angular diameter of 0.0093 radians, so "focusing" the sun's rays from a distance is optically impossible"
Hmmm - never heard of parabolic reflectors???
It is perfectly possible to make a parabolic reflector that has a focal distance of several hundred kilometres. Besides, it has already been done - see the earlier reference in these comments to the Russian experiment.
Re: Global warming!!!!
"So, at a time the entire planet is trying to cool off here comes a geezer with a plan to redirect energy that was bypassing the Earth."
It would be perfectly possible for the mirror to reflect predominately the visible part of the spectrum, which would most probably generate less heat at the Earth's surface than is generated by the street lights (which generate heat themselves, and require electricity generated by a power station that gives off heat).
You sums are wronger than a wrong thing.
You completely neglect the fact that the Moon's reflected light is beamed out over a very wide angle, covering a far greater area than a complete hemisphere of the Earth. The mirror would be focussed to an angle of far less than 1 degree, designed to illuminate only a tiny fraction of the Earth's surface (so requiring many orders of magnitude less light than the Moon to do so).
Comparison with a telescope mirror is comparing apples to elephants. Telescope mirrors must be rigid to keep a precise shape, and so are thick & heavy. An illuminating mirror would not need to hold a precise shape, and would be made of extremely thin and light flexible sheets that are unfurled when in position.
Re: Eight times brighter than the Moon?
"and there's no way this could come anywhere near the amount of light you get from a full Moon."
Of course it can, and the article states that it will be 8 times brighter. The Moon is not only much further away, but most of the light it reflects does not hit the Earth. The mirror would focus 100% of the light it reflects onto a tiny fraction of the Earth's surface. (In fact the Moon, being convex, is exactly the *wrong* shape for an efficient light-mirror).
"So what happens to that radiation pressure? In order for the satellite to remain in its orbit, something has to counteract it. "
Not necessarily. It could be arranged that the pressure during one half of the orbit is exactly the same but opposite direction to the pressure in the other half of the orbit. In fact, adjusting the mirror "sails" during China's daylight period could be used to adjust the satellite's orbit, thus reducing or eliminating the need for it to have any orbital engines.
"So, HOW BIG does that mirror need to be?"
Very, very big. But that is far from impractical, because the mirror can be made of plastic just a few molecules thick which is unfurled in space to be many square kilometres in area.
Re: Make UK resellers liable
Make it illegal to sell stuff without certification. Make the reseller legally responsible for confirming their products are certified. For ebay/Amazon make the site that hosts the sale responsible.
What sort of certification do you have in mind?
Do it all via Facebook?
In any case, it's always handy to have several different IDs in case one of them is rejected for something you really want to do.
So the amount of free energy available in those beams are absolutely enormous. And available 24/7/365.
There must therefore surely be a few £million in government funding available to research ways of harnessing it. Doesn't have to be at all practical, the government just needs to be able to boast about how much it's doing to address climate change.
Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?
Re: Occam's Razor
" ... and creating the manufacturing manifests for the board etching/sandwiching/populating machines ...
This is like saying that a car manufacturer could start making flying cars without any of the factory workers noticing except those operating the machine that bolts the wings on. PCB manufacturers do not *have* any machines for sandwiching chips between layers. It is not a normal PCB process. I think all the factory workers would know about a brand-new machine and completely different workflow.
Re: Occam's Razor
mill of the packaging and check the die with a verified sample.
If the spooks are capable of making their own silicon as the allegation suggests, then the die itself can be made to look little different to the genuine product. In many cases a complex chip contains its own CPU and microcode - the only difference between the real and bogus chips being the microcode in it's on-chip ROM which will show no visible difference.
If China had the means to design and manufacture such complex "spy chips" then it would also have been able to manufacture lookalike replacements for legitimate chips on the board such as the BMC chip itself. This would not only have been more difficult to detect (as there are no unexpected additions or changes to the board), but far easier to implement involving fewer people. All that would need to happen is to substitute the bogus chip for the real chip as supplied to the manufacturing factory which could happen anywhere along the supply route, or been done via a "black bag" operation substituting the stock in the warehouse of either factory or supplier. Nobody at any factory need be aware of any changes. No highly difficult modification to the PCB layup (putting a chip between fibreglass layers would require a different and completely non-standard manufacturing process for the PCB - everyone working at the PCB factory would know what's going on).
It simply makes no sense that such a highly complex and detectable method involving scores of people would have been used when a simple component substitution would have done the job far better and cheaper with far less probability of detection and no 3rd parties ever needing to know that it has happened.
Re: What about Dick and Dom, Dick Van Dyke?
And how about Hugh Jardon?
Empty assertion with no data to back it up
The article states, "... which derived the data from 87 billion measurements on 8 million devices between May and August this year."
But neglects to say *what* was measured. There is also no mention of *how* video streaming is degraded. As such it is akin to saying "Persil washes whiter." IOW a completely meaningless statement because it lacks any terms of reference. Maybe video quality is rated higher in some countries because the local YouTube servers are less loaded and it has sod-all to do with the mobile network. Or maybe it is rated according to users' subjective opinion and they have cuter looking kittens in that country.
Re: Non-binding it may be, but we're still doomed.
Urban myth. We don't currently grow all we eat, in part because we like eating out-of-season food like asparagus at Christmas, and in part because the Common Agricultural Policy distorts production in EU countries. We're perfectly capable of growing the food we need, even if remoaners nonsensical FUD about being unable to buy from elsewhere were true.
Even if that were true, all that food will not do us much good when it is rotting in the fields because there's insufficient seasonal immigrant labour available to harvest it.
UK cops run machine learning trials on live police operations. Unregulated. What could go wrong? – report
Because god forbid the data ever shows cultural influences/background actually DO have something to do with criminality. Can't be having that now can we."
Not when it comes to assessing the risk of a particular individual, no. Statistical data has absolutely no relevance when it comes to the characteristics of an individual. You should not base a decision on whether or not to arrest a particular person on the percentage of people who share that person's skin colour/postcode/style of clothes who happen to be criminals or saints. The only relevant data is the past and present behaviour of *that particular individual*.
Statistics and probability apply only to a group as a whole, not to individuals within that group. Which is one of the most misunderstood things about statistics in general.
Re: Y2K all over again
"... to the EU or its dreadful currency."
Dreadful? How? Had you switched to using Euro in 1973, it would have been a wise move, because it is worth twice as much now compared to the pound. So either it's not as dreadful as you think, or the pound is even more dreadful (probably the latter).
Y2K all over again
On the day we leave, deal or no deal the Earth will keep turning and nothing too serious will happen. Life will go on, things will get done in pretty much the same way, and problems will be quickly solved or temporary workarounds agreed pragmatically between the interested parties even if the bureaucracy is not yet in place. The only "insurmountable" issues will be those deliberately engineered by people with an axe to grind in order to prove a point.
I am totally opposed to leaving the EU for several reasons, but that doesn't mean that I think that leaving will cause immediate disaster.
Fax machines are inherently more secure that t'internet
It is highly difficult to hack into a fax machine (you have to physically cut the line - you cannot "T" into a fax communication because it's bidirectional with the same frequencies used on both sides so you usually have to insert a hybrid in-line to separate Tx from Rx), and it is impossible to do so from outside the country.
And if you do manage to hack the machine, you'll only get the real-time faxes sent to & from that particular machine from that time on, not a database of the past 10 years' email correspondence from all users on the server.
All the security and reliability issues mentioned are due to failings in the way faxes are used and is no different to Internet based communications. Yes, an unattended fax machine is a security risk. So is an unattended logged-in terminal, or an unattended printer or an unattended filing cabinet. And if the fax does not get to the person it is supposed to get to, that's a failing of the way it is managed, not the fax. Exactly the same can happen to an email (or snail-mail) - e.g. when the recipient has left or away on holiday, or when they delete your email without reading because it's buried amongst last night's spam, or when it is sent to the wrong email address and not forwarded to the correct person. Or when the email server crashes after receiving the email and gets restored using last weeks' backups.
The fax machine sends back confirmation that the fax was correctly received and printed which works 99% of the time (if it is out of paper or has a mechanical jam it will send back an error to the originating machine, but a few other failures can occur that result in an "OK" response with nothing printed). It cannot confirm that anyone bothered reading the fax, any more than your email receipt confirmation means that anyone actually read the contents of your email rather than e.g. the confirmation being automatically generated by a computer running an email client behind an empty desk (which like the fax, would be a problem with the configuration and/or policy, not emails in general).
Re: Easy for internal
And who confirms receipt? How do you know there's paper? what happens when they move the printer?
You could say exactly the same about emails sent to a staff member who is on extended holiday or has left the NHS.
It boils down to exactly the same thing - having a procedure in place that ensures that such things are dealt with appropriately.
Re: Good for them
So it is possible to have an IT outage in an airport without generating hordes of angry passengers who have been kept in the dark about what's happening to their flights.
I can assure you that both passengers were in fact pretty angry.
I'm unexpectedly impressed
Well, there is a heck of a lot of pretty good technology there. The optics seem to be particularly sophisticated - way better than I expected to hear. I'd really like to see the result. The projection of IR dots and camera pick-up to map a room's dimensions also seems to be a good way to go (except for those who like very dark décore in their room), although the test will be in how well the processing can interpret the data. In fact processing speed is likely to be the major make or break. If the final result lags too badly it will just end up inducing motion sickness.
If the hardware works as the description suggests it should, and if there is software that can make good use of that hardware, then I think it will be worth the steep asking price, albeit not something everyone could afford to spend on something as unnecessary as video gaming.
I may just end up raising a company purchase request. For R&D purposes. I'd even put in some overtime (working from home).
Re: tax dodgers
Probably the best way to avoid corporate tax avoidance is to reduce corporation tax to a very low level and raise income taxes ...
All that will then happen is that people will demand a salary increase to compensate them, and companies will eventually have no choice but to raise salaries, thus paying the increased taxation indirectly. Same goes for raising sales tax, council tax and anything else paid by "the people".
Some companies will avoid that by outsourcing to overseas countries and shedding employees. Or moving their entire operation offshore. Which will of course decrease the total tax take.
The general standard of living in the UK has been decreasing slowly but steadily for well over a decade. The government cannot increase taxation without increasing the rate at which our living standard goes down, because all forms of taxation left will ultimately impact the ordinary person. So long as it does not happen too quickly the "boiling frog" effect will keep people reasonably content, but do something to speed up the decline and you're facing massive civil unrest.
The BBC had its chance
The BBC had a chance to compete honestly with Netflix, Sky and other content providers when we had the "digital switchover". At that time the standard could have included a requirement for all digital boxes & TV's to contain a card slot, enabling the BBC to become a subscription service whenever it wanted. It could today make its online services subscription based the same as Netflix et al.
But why should it want a level playing field when it can force people to pay regardless of whether they watch BBC content or not?
What to do?
Should we install updated microcode that will with 100% certainly cause a significant hit to the performance of our computer, or should we live with a bug that has a miniscule but finite probability of being exploited in a way that would cause us any harm?
Is this really any different from the key set you get when you buy a non-Smart motor?
Quite a bit different, yes. Once I have sold my car I usually have no idea where it is. A duplicate key cannot locate where the car is currently parked but this application can. I cannot do anything with my duplicate key unless I physically travel to the location where the car is parked. With the application I can start the engine or drain the battery from a different continent. Few people would want to physically steal a car and risk being caught in the real World, but many people wouldn't see a problem with a few "practical jokes" from the (supposed) anonymity of an Internet connection.
How does this "feature" work?
If I buy a car with this feature, what do I need to provide in order to set up an account on their server and so gain remote control capability? What checks are made to ensure that the person setting up an account really does have ownership of the car?
The article mentions that with BMW the previous owner is locked out of their account as soon as the new owner creates their own account. But how is it verified that the new account really is being created by a new owner rather than a thief wandering around car parks taking note of the reg. numbers and VIN of parked vehicles? Or spots a car parked in the driveway of a house, finds out who lives in that house (not too difficult to do) and registers using the real owner's name and address (assuming that the real owner has never bothered creating such an account).
I note that the promo vid helpfully showed a target fictional creature perched in front of a top floor window with a young girl holding a ball and eying it from below. So any parent with more than a couple of brain cells has been warned of the likely consequences of buying this for their sprog.
Re: Just great!
... became quite risky at the height of the craze, as I frequently had to jam my breaks in order to ...
I sometimes have jam during my breaks. On bread together with a cup of coffee. Though what that has to do with this article evades me.
Seems a bit of overkill, and implies that each screen is fully refreshed individually whenever the slightest thing changes. If the displays had a tiny bit of intelligence so as to all use the same raw flight information which they format and scroll themselves, a 500Bd link (at the most) would be more than sufficient. I shouldn't think that all the information needed to be displayed on any screen would take more than 50 bytes per flight, so even at 10 bits per character (e.g. 8 data, 1 start, 1 stop), 500Bd would be able to handle 1 new flight per second, which is at least 2 orders of magnitude faster than aircraft arrive & depart, so historical information can easily be interleaved between new flight data for initialisation of freshly powered-up screens. Thus already powered screens would update within 2 seconds of new flight information becoming available, and a freshly powered-up screen would be fully populated with a list of flights in under 2 minutes.
Compared to the rest of the hardware costs, a simple CPU and a few KB of RAM would be an insignificant cost. Add a radio receiver and a 500Bd radio link could be implemented that needs no cabling to the screens other than plugging into the mains.
Re: Too one-sided
They aren't taking your fingerprints, they are scanning one or two fingers and comparing them with their database to see if you are wanted.
I was replying to a person who stated that it would enable police to verify that a driver is who he says he is. It wouldn't unless the driver's fingerprints are already on record.
Re: Too one-sided
This will probably mostly be used to verify that drivers stopped while commiting offences are who they say they are, and not the person insured on the car. No verifiable ID, then please put a hand on this device Sir.
And if neither you nor the insured party (if different) has ever been arrested, exactly how would it do that? If you are driving a car the police officer already has the right to see your driving licence, which has a photograph with which to identify you - and if you don't have your licence with you the police officer has the right to arrest you (though they will usually issue a "producer" unless there is significant doubt).
Best thing to do is refuse to submit to having your prints taken on the street. If the police officer has sufficient grounds to believe that you have committed a crime, they should arrest you so that you get a free lawyer and start the clock ticking. If they don't have sufficient grounds to believe that you have committed a crime they should be leaving you alone rather than carrying out speculative identity checks on people who happen to be in a particular area on the grounds that there are bound to be one or two illegals amongst the hundreds checked.
Or maybe wet your finger with a plastic solvent before pressing it against the officer's scanner.
Not good logic
Just because the building materials are common does not mean that its likely that they get put together in the particular (and as yet unknown) way necessary to form life. For all we know the exact events that must occur in order to cause them to come together to produce the "spark of life" may be almost impossibly unlikely to happen. There is only one Taj Mahal despite the fact that the building materials are not particularly uncommon!
The other thing we don't know is how long life is likely to exist on a planet, on average, since we don't have a single example of a complete cycle. If a complete life cycle is a tiny fraction of the total life of the galaxy, the probability of there existing two life-bearing planets *at the same time* diminishes.
Re: "Can you turn it back on. Please?"
True, but @Mk4 didn't claim it was a hack job
He did however state that it was written in a language that the company did not permit to be used on their system, so it was an unauthorised (and hence unapproved) modification. So I honestly cannot see that it would have been nicely documented in the appropriate place. Things like that end up being a mess that someone else will have to deal with at some time in the future. Perhaps it was needed to circumvent the consequences of someone else's unauthorised mods ... ?
Re: Oh so familiar
Two words. Direct Debit.
Only pretty large, established companies are authorised to take out a direct debit. Most companies have to make do with a "push" system such as a standing order. Few "Cloud" companies would have the facility to take payment by direct debit
Re: Looking at the wrong holes
It would be interesting to think how this could work for, say, a machine running a web browser. You'd need (say) all the JS that you ever ran from anywhere to be signed, or you'd want formal proofs of non-maliciousness of the JS.
No, you just have to ensure that the JS interpreter that the browser runs when it downloads js ensures that no js program can ever do anything naughty. Similar to running it in a sandbox. It should not be possible for any script or plugin etc. downloaded from a web site to be able to access anything on the PC except a harmless portion of the system. It's the *browser software* providing the security, not the hardware, so only the browser needs to be signed and trusted.
Re: Looking at the wrong holes
Otherwise what exactly is the point?
Which was exactly *my* point - there *is* no point in trying to gain such software security because it's like trying to nail jelly to the ceiling and you're not going to achieve it 100%. Anything significant that you *do* manage to achieve in the CPU itself will be at the expense of performance. If you cannot set up a VM to be as safe as the main OS, run it on a physically different machine.
Looking at the wrong holes
In my opinion nobody should be expecting to rely on the hardware taking care of software security, and in many ways it's a great pity that it was ever attempted. If I understand correctly the original idea was only to protect against buggy software *accidentally* causing mayhem, not to protect against a deliberate attack.
Once any malicious software has managed to get itself running on a computer it will always be able to do damage by one means or another. Effective security means preventing anything malicious being executed by the CPU in the first place, just as you protect machinery from sabotage by physically shielding it (or the entire building its housed in) in some way, you do not design it with gears that can withstand a spanner being poked between them, you prevent the spanner from getting to the gears in the first place.
I develop embedded systems, and in critical systems, in order to protect against a malicious firmware update, all new code is signed with a private key that exists only on a secure machine within the company. All firmware contains the same public key used to check the signature before the code is flashed to memory or executed.
Of course a malicious actor with physical access could remove the Flash memory and substitute firmware that contains no checks, but that's not the threat that's being guarded against. A person with a hammer could also crash the unit!
Wanted to try but couldn't
It sounds interesting - especially the "lite" version that I will try out on a 15 year old Dell PC with limited memory that sometimes struggles just a little with Linux Mint. But they sure make it difficult to find the buttons needed to download the free versions - it doesn't bode well for the design of the user interfaces. (Hint, it's disguised as a "Buy Zorin Core Now" donation button defaulting to a 10 Euro charge, but you can change it to 0 Euro which gets you to the free download screen) Their default automatic download site brought up an error, but hitting the "download now" button eventually initiated a download from Sourceforge.
I heard that ...
China hacked the voting system and downloaded all of next years election results.
Re: Risk to people?
Ummm lots of satellite Ariel (ariels, whatever) point towards earth ?
Only the ones on satellites, which are too far away to present any safety concern wherever the aerial is pointed. Oh - and satellite systems are not usually connected to the Internet, and the control channel has very strong security.
Re: I truly hope so
Or are you not counting GPS as satellite communications?
Not within the parameters of the risks postulated by this article, no.
GPS is completely self contained. It does not have a control unit (the aerial is fixed), and is not connected to the Internet, so I really fail to see how it could be "hacked".
Oh - and the GPS is still only an auxiliary system for navigating a commercial airliner. The main navigation is done via inertial nav and/or ground stations (ADF, VOR, DME, ILS etc). Pilots are told not to rely on GPS position. In addition ground stations would soon pick up on an aircraft straying significantly off-track.
Risk to people?
The location of steerable antennas on aircraft and the vast majority of ships (whether steered mechanically or electronically) means that the aerial cannot physically (or electronically) be lowered to a declination where it could irradiate people. There is never any need for a satellite aerial to point below the horizon so they are not designed to be able to point below the horizontal. Aircraft satellite aerials are situated on the top of the aircraft (for obvious reasons), so cannot ever point at anyone inside the fuselage. Almost all ship aerial systems are mounted a fair bit above the height of the top deck, so again cannot be aimed at anyone on board. Outside of the main beam angle the EIRP is too low to be any safety concern.
Satellite comms that use non-steerable antennas emit barely more energy than a mobile phone at max power, so are no concern.
Re: [no need to] communicate off the aircraft
"[The company] assumes all responsibilities for analyzing engine data in real time* to manage customers’ engine maintenance and maximize aircraft availability.
That's strictly one-way. Data is sent and possibly analysed in real time, but nothing is sent back to the aircraft to change the engine's settings. If the live data indicates a bogus problem then the most that would happen is an unnecessary delay at the next stop for an engineering inspection (which would quickly find that the live data was not the same as the data recorded on-board).
Re: I truly hope so
Should we therefore "presume" that none of the control systems use SATCOM, not even as a redundant backup for reason a, b or c.....
Yes, you may safely make that assumption. Satellite comms are not used for flight control, only for communications. You could possibly feed erroneous position information to ground operations (though that does not include ATC), but not to the flight crew or flight systems.
Re: dispatch or despatch
So how many people reading this would write "despatch", where did they learn their English spelling, and when did they learn it?
"Despatch" was the way I was taught in the 1960's