nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Jack of Shadows

2980 posts • joined 11 Jul 2014

Uncle Sam, D-Link told to battle in court over claims of shoddy device security: Judge snubs summary judgment bids

Jack of Shadows
Silver badge

Ummm...

{cough} Cisco {cough} to such a level that a degree that I'd call it willfully malicious in the TLA's favor.

0
0

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

Jack of Shadows
Silver badge

Re: The issue is changing the password...

You, literally, have no idea what you are talking about vis-a-vis this attack. At no time is there anything to do with the user's passphrase. None. This is all about convincing the firmware in the disk itself that you are an authorized user to see the decrypted content of the data on the drive.

If there were everything including the stars aligning to establish the user's passphrase, that'd be a different matter. I've the tools (Tesla GPGU) and various Rainbow tables, which I do have, that isn't an attack that will give you much return in terms of cryptological return.

We've short-circuited the entire security stack. THAT is the problem.

3
0
Jack of Shadows
Silver badge

Re: "Because MS was just blindly trusting them all, they have to take some of the blame."

Given that you have to be very comfortable with hacking systems on debug port and know exact details of hour the firmware works, I'd give Microsoft a pass on this one. There's not a lot of this flavor of hacker wandering around to be hired or that would even have anything to do with Microsoft, for that matter.

1
0
Jack of Shadows
Silver badge

Last time I looked, Microsoft "helpfully" stores your Bitlocker password to your Microsoft account, if you have one, on their servers. That's the reason why I don't use Bitlocker and damned sure will not tie a Microsoft account to my laptop.

5
1

Nokia's open SDN, SoC-it-to-me open 'Chiplets', Verisign exits the DDoS protection biz, and more

Jack of Shadows
Silver badge

Seven vendors open 'chiplet' architecture

What a perfectly enabled target for hardware hacking in the supply chain. Bet security in the development process to prevent introduction of future hacks isn't on anyone's mind either.

0
0

Slabs, huh, what are they are good for? Er, not quite absolutely nothing

Jack of Shadows
Silver badge

Re: Not surprised...

I'm the reverse. Tablets allow me to forgo a phone. However, the manufacturers still won't be happy as, at the rate I kill the suckers, the "new" tablet to be delivered tomorrow is a refurbished Lenovo 10" job. One that can be rooted for my site survey apps. Almost entirely used for reading my books, references and occasional journal.

1
0

McAfee says cloud security not as bad as we feared… it's much worse

Jack of Shadows
Silver badge

Re: Well duh

So... How's that cloud thing workin for ya?

More like how is that change-management/governance thing working out for ya?

2
0

Oz spy boss defends 'high risk vendor' ban

Jack of Shadows
Silver badge

The problem still remains. Exactly how do you go about sourcing from anywhere but PRC for all the components in your supply chain.

14
0

Official: IBM to gobble Red Hat for $34bn – yes, the enterprise Linux biz

Jack of Shadows
Silver badge

It'll be interesting to see what happens to both companies share prices on Monday. I fully expect RedHat to become another zombie under IBM's wing.

40
0

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

Jack of Shadows
Silver badge

Re: Meh

How can one trust anything connected to the Internet that is more sophisticated and complex than a TV streaming box?

Short answer? I don't. Everything I have any sort of trust around never gets to see anything from the Internet, even indirectly. Yes, I understand pretty much the rest of the planet doesn't have that option. I'm also one of those people that happily lives without a smart phone. Really any phone. I can, most can't.

12
1

Belgium: Oi, Brits, explain why Belgacom hack IPs pointed at you and your GCHQ

Jack of Shadows
Silver badge

Re: All true.....but.........

And very frequently you want whatever nation is spying on you to be fully informed around some of your military/intelligence capabilities. Tends to discourage the opposition from miscalculating their way into a war you'd rather not have. Taiwan and PRC are very well informed at least on the PRC side. Can't speak to Taiwan about PRC, but it wouldn't surprise me all that much if it's comparable.

3
0

Californian chap sets his folks' home on fire by successfully taking out spiders with blowtorch

Jack of Shadows
Silver badge

My (current) home town.

Words fail me.

2
0

Grumbling about wobbly Windows 10? Microsoft can't hear you over the clanging cash register

Jack of Shadows
Silver badge

Re: Conditioning.

Sadly, it'll probably take an update deleting almost everyone's files before people will listen. Hell, I'm guilty of not wanting to move to another primary OS simply that my engineering and analytical tools either don't exist on any other OS or cost $x,000 per seat license should I switch.{Shrug}

17
1

Memo to Microsoft: Windows 10 is broken, and the fixes can't wait

Jack of Shadows
Silver badge

Re: ...or MacOS

Every time I try to use an Apple computer the thing crashes on me. I get a lot of jokes about it. The weird part of it all is that NeXT machines and I got along great.

3
0

Well, it is the Empire of enterprise IT... Oracle's Ellison plans 'Star Wars cyber defense' for his second-generation cloud

Jack of Shadows
Silver badge
Devil

I recall a certain "person" that every other year would pwn everything Oracle without a sweat. I'm not talking weeks, mere days. Pardon me if my disbelief in what Leisure Suit Larry is selling, completely aside from hardware vulnerabilities, bothers him.

1
0

Apple to dump Intel CPUs from Macs for Arm – yup, the rumor that just won't die is back

Jack of Shadows
Silver badge

Re: Rosetta-a-like is absolutely necessary

I'm kinda, sorta with your view on this although my inner-engineer questions exactly how much of the total energy budget for a Mac goes to just the CPU of the total. Stepping up and down cores are, perhaps, enough of a significant difference but don't cite me on that! Otherwise, meh!

OT: I still miss NeXTSTEP. Met it after I returned to the university and it was good enough to give my mega-modded $10K+ Amiga 2000 a challenge.

5
1

Azure goes quiet, Huawei Canada ban urged, US Senators are after Google, and more

Jack of Shadows
Silver badge
Windows

As things stand right now...

... I have zero faith in any security regime based on Xeon, and several other, lines of silicon despite any assurances from Microsoft.

8
1

Microsoft Windows 10 October update giving HP users BSOD

Jack of Shadows
Silver badge

Re: Updating

Minor nit. The first thing that generally happens when updates are released (okay, inflicted) is the rush to reverse the update to find what vulnerabilities are patched for by the malware communities. The tools are readily available, I've got most of them here, it's more a matter of how much effort is required for a particular level of return.

Therefore, if those vulnerabilities weren't being actively exploited, you can be assured in a few days/hours it will be actively exploited.

4
0

The Obama-era cyber détente with China was nice, wasn't it? Yeah well it's obviously over now

Jack of Shadows
Silver badge

Re: Please....

Even less of a difference once transportation/distribution costs are factored into the complete supply chain opportunity costs. I'm still trying to figure out what "lights out factories" are. What-evah. There's a lot of much more friendly places to place one's sources than the PRC anyway. Already relocation targets are being looked at since, obviously, our corporate masters are scheming for a way to that next bonus.

1
0

Google Cloud boss promises 'security built into every layer of the system' at UK shindig

Jack of Shadows
Silver badge

Re: Blah...

And the case of locking out a user based upon a location which they are most definitely not. True, that could be considered the user's fault, thus requiring a change in VPN apparent location but the prevalence of VPN's is increasing and not all users are really aware of complications that can result. It took quite a while (read years) to convince my bank that my machine was all over the planet.

0
0

Oh no, Xi didn't! Chinese spymaster cuffed in Belgium, yoinked to US on aerospace snoop rap

Jack of Shadows
Silver badge

I wonder if the seizure of the Chinese national who's Interpol chief is in anyway related to this action. Suspicious that successful extradition occurred this week as well.

5
0

US Congresscritters discover Wi-Fi, updates on Oz's nbn broadband plan and much more

Jack of Shadows
Silver badge

Lookj on the brightside

Easier targeting of campaign donations for the WiFi Alliance.

0
0

Uncle Sam gives itself the right to shoot down any drone, anywhere, any time, any how

Jack of Shadows
Silver badge

Re: "Credible Threat"

That really depends on the pistol and the training of the person shooting said pistol.

6
0

HMRC rapped as Brexit looms and customs IT release slips again

Jack of Shadows
Silver badge

Re: TL;DR

That'll give a home to the billions of pounds that would have transferred from the UK to the EU if there had been an agreement. Huge quantities of directorship positions likely filled as well.

2
5
Jack of Shadows
Silver badge

Re: TL;DR

On a more positive note, I'm kind of looking forward to the literal tons of organizational, academic and technical papers on what happens, more specifically nuts and bolts of, when a First World nation crashes out of a trading bloc.

Sorry, I know it's not fun for the participants, though.

10
2

Chinese tech titans' share prices slump after THAT Super Micro story

Jack of Shadows
Silver badge

Re: Interested

We'll have to wait and see. So far, nothing pops up for now. Vintage Super Micro servers are something that I track daily, among other items, as I have a clutch of Xeons that could use an inexpensive home. Then I could poke and prod that chip, if it exists, to my heart's content.

True, I have the oddest definition of fun I've encountered. 'Twould be rapture.

6
0
Jack of Shadows
Silver badge

Re: If true, then someone in China has made a very big mistake

+1 although if past performance is indicative of future results, there will be little to no effect. NSA shenanigans didn't seem to any sort of downside to, for example, Cisco. With respect to having national chip foundries, it's doable especially given the cost overruns for any sort of military contract. Think of it as national insurance on a par with flood insurance, if you will. It would also have the advantage of allowing custom production runs for national sole use.

1
0

Iron Mike Pence blasts Google for its censor-happy Dragonfly Chinese search engine

Jack of Shadows
Silver badge

Re: 'So far, however, Google has not caved into the pressure.'

That monster is already here, just not fully visible to all and sundry. Every bit of your behavior that might be held by one of the various companies, not just the big three credit bureaus, can influence your being hired, sometimes even fired, renting an apartment, credit card application acceptance, and so forth.

As for Google and China, Eric Schmidt is already on record predicting a bifurcated Internet, it should be any surprise that the people he worked with are placing bets on whether that will happen. If so, certain multinationals are certainly going to desire operations on both sides of the divide. Especially if it is not just China but a big block of Asia and Africa signing up to join that network.

12
2

What do Zuck, Sergey, @Jack and Bezos have in common? They don't want encryption broken

Jack of Shadows
Silver badge

Re: The Don't Want Encryption Broken

Just one more sign of governments afraid of their people, not because they fear not getting re-elected, but perhaps other reasons more related to actual anger in the populace. Nip any real resistance in the bud, a stitch in time and all that.

Given 9/11 and the billions lost in various hacks, of course those with real power are terrified at what can be done by one person or just a few. The New Encryption War and all the other attendant changes in state powers is exactly the reaction one would expect looking at the world today from their eyes. Even though it will prove in the end absolutely futile.

2
0

Civil rights group Liberty walks out on British cops' database consultation

Jack of Shadows
Silver badge

Re: Dogs Dinner

"LEDS cannot be considered in a vacuum," Couchman said. To do so ignores the fact that combining technologies has a cumulative effect on society's human rights; and that collating seemingly innocuous pieces of information can build up a detailed and intrusive profile of a person.

Which is, as you state, the raison d'tre.

8
1

The ink's not dry on California'a new net neutrality law and the US govt is already suing

Jack of Shadows
Silver badge

Re: Legal basis

Add another string to that bow, last time I looked, the California Public Utilities Commission was regulating businesses with a (intrastate) presence in this state, whether or not they operate as an interstate business. Not that this matters much. Just the fact that the State of California is declaring which firms they will do business with and no others is our look out not the federal governments.

Indirectly, it'll be just as interesting around how this applies to Verizon's fuckup during our last batch of wildfires.

5
0

Boffin: Dump hardware number generators for encryption and instead look within

Jack of Shadows
Silver badge

Now this is interesting. It addresses the switch problem in Linux deciding whether to use HWRNG or software based, decided for now by the distro, with something resembling higher entropy.

6
0

A web where the user has complete control of their data? Sounds Solid, Tim Berners-Lee

Jack of Shadows
Silver badge

Re: Retroshare

Now, if I can only find my dongle that opens my container that has my encrypted keepass locker...etc...

I certainly resemble that remark! PasswordSafe, but that's the only difference.

1
0

Brit startup plans fusion-powered missions to the stars

Jack of Shadows
Silver badge

Re: On the subject of wildly optimistic deadlines

Naw, that post is full of BS. That's why the down vote.

4
0

US Senators want more AI, while Microsoftie Paul Allen wants to use it to save wildlife, etc

Jack of Shadows
Silver badge

Given the disasters that regularly recur in IT by government, I firmly believe they should be kept out of it. Despite all the hoopla, machine learning isn't AI and, frankly, isn't ready for prime time, especially in anything resembling safety-critical or other life threatening issues. Even financial issues, perhaps especially financial issues can be life threatening when machine learning is applied without absolute assurance that the models and training results in correct behavior. We need less "Black Swans" not more.

1
0

Mega-bites of code: Python snakes into 1st place for cyber-attacks

Jack of Shadows
Silver badge

Re: So, is this a surprise?

APL, if you keep the original keybindings. J (a more understandable version by most counts) is far too easy.

0
0

Cisco coughs up baker's dozen of vulns and other security nasties

Jack of Shadows
Silver badge

Yet another backdoor

Once is happenstance. Twice is coincidence. Thrice is enemy action. We're way beyond thrice. What do we call it now?

Got it: Conspiracy.

2
0

Open-source boffins want to do for the IoT edge what Kubernetes did for containers

Jack of Shadows
Silver badge

Re: No

You've got that right. A sort of gateway appliance would be far better, more likely a pair for any telemetry that matters. It'd have the advantage that the monitoring devices are specialized in their individual requirements for each use. And then your edge gateway appliance can be specialized in its approach to analyzing, bundling, and posting to home base. Last thought is using the appliance to push updates to the instruments while the gateways are updating themselves via "The Cloud." Come to think on it, it's very much the branch office architectural approach.

That's how I'd approach it. More general purpose edge gateway that happens to get its purposes and security from the Kubernetes approach.

1
0

Eat my shorts, watchdog tells every city mayor in the US – FCC approves $2bn 5G telco windfall

Jack of Shadows
Silver badge

Re: Checks and un'Balances

I really, really need to win the lottery.

3
0

Why did Visual Studio Marketplace go down in the Great Azure TITSUP? Ask Azure DevOps

Jack of Shadows
Silver badge

Re: Cloud vs Banksters

What happens when an organization gets so reliant on Cloud, that the thumbscrews come out and subscription charges go up.. Where are your cost savings now organizations? Are you going to unplug? Most won't be able to go back and retool old solutions. Like addicts, they'll be completely stuck...

This is where far too many enterprises, of all sizes, are at right now. Not as a result of adopting "The Cloud," rather relying on SAP, Oracle, IBM, .... The list is rather long. Trading away from one crack dealer to get an "introductory offer" from another. [Which lead to undeserved bonuses later only seen in hindsight.]

4
2
Jack of Shadows
Silver badge

Re: Definition of "The Cloud"

Tellingly, they seem to believe their own propaganda despite evidence to the contrary for their very own experiences. Time and time again, single points of failure are newly detected in the field rather than as a result of failure analysis and formal verification. [Yes, you really can do FV on distributed systems if you design them correctly.]

3
3

Take the wheel, Arm tells its notebook-grade Cortex-A76 CPU: Now you're a robo-ride brain

Jack of Shadows
Silver badge

Re: Two cores? How do you know which one is wrong?

Which is approximately the arrangement described in the next to last paragraph.

Essentially, you could have four cores in a cluster running in split mode with a hypervisor, operating systems, and general applications and ASIL B-grade code in operation – then four cores in lockstep mode, running a realtime operating system and ASIL D-grade safety-critical vehicle control software on top.

I like it. Now, what about the cost?

2
0

US government use of AI is shoddy and failing citizens – because no one knows how it works

Jack of Shadows
Silver badge
Holmes

How it works

There's a nice article in Quanta Magazine that has an explanation of how it works for Deep Neural Nets. There's links to a presentation from 2017 and related papers. I've been wandering around this since forever and it matches my intuition, for what that is worth.

New Theory Cracks Open the Black Box of Deep Learning

1
0

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Jack of Shadows
Silver badge

A possible alternative scenario is that BitLocker takes the pieces of the update, encrypts them and then on reboot swaps in the blocks of encrypted update onto the system disk. That could work although it's not any sort of good idea in my book.

2
2

Microsoft has a digital coworker it wants in your business: Cortana

Jack of Shadows
Silver badge

And that doesn't even begin to scratch the surface when it comes to user's speech where it may be overheard. Loose lips and all that.

10
0

Brexit campaigner AggregateIQ challenges UK's first GDPR notice

Jack of Shadows
Silver badge

Re: They screaming, me smiling

As Bruce Schneier has said: Data is a toxic asset. My question is: If you don't absolutely need it, why the fuck are you hanging on to it!?

17
0
Jack of Shadows
Silver badge

Re: An amazing coincidence

Journalists generally aren't up on practicing OSINT. Heck, even researchers for the media firms aren't either.

15
0

Amid Trump-China tariff tiff, Cisco kit prices to resellers soar up to 25%

Jack of Shadows
Silver badge

Getting a bit of a leading jump there. Tariffs are 10% currently, only going to 25% Jan 1, 2019 if they follow through with no new trade agreements. I'm completely unaffected now and later unless I need some new hardware. I still don't care much for tariffs yet am completely displeased by China's behaviors.

2
32

As one Microsoft Windows product hauls itself out of the grave, others tumble in

Jack of Shadows
Silver badge

Re: Wait until the last sentence

snipping tool - is that anything like irfanview? Some people used to swear by that application...

Sorry, not even close to what Irfanview does. It's my goto tool for lightweight handling of images and even videos. Tons of plugins, it can even make use of Photoshop and similar plugins as well. I've been using it since the very first beta.

7
0

Couldn't give a fsck about patching? Well, that's your WordPress website pwned, then

Jack of Shadows
Silver badge

Re: Lack of maintance

I suppose this is the next generation of abandonware for the 21st century, I'm not at all surprised, unfortunately.

9
0

The Register - Independent news and views for the tech community. Part of Situation Publishing