nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Jack of Shadows

2929 posts • joined 11 Jul 2014

Flying to Mars will be so rad, dude: Year-long trip may dump 60% lifetime dose of radiation on you

Jack of Shadows
Silver badge

Re: Radiation

If you have any sense, you send quite a few BFR's to Mars with provisions, repair parts, etc. Also, the water and such would help shield those orbital storehouses. Pretty much like having a forward base for the US Navy's SSBN/SSGN's in, e.g. Holy Loch, Scotland. That's something I'm pretty damned familiar with despite living on a tincan (destroyer). I'm intimately familiar with their logistic's problems.

0
0
Jack of Shadows
Silver badge

Re: Six months?????

Steel, water and polyethylene work very well in combination.

0
0
Jack of Shadows
Silver badge

Re: And given the shielding level of and lander you'll get the radiation workers annual dose

It happened as a result of working, hell practically living, with high power electronics for seven years. All that gear had magnetrons or klystrons and were known as X-ray sources. Good thing I never married nor tried to have kids.

FWIW, my mother worked on the same things*, including one piece of gear dating back to the '50's. She never reached my level of exposure, got cataracts later in life. It's not like we** don't know about it, more like we just don't care all that much in my family.

*- That might explain some genetic oddities in my case. Might not just as well.

**- All of us, even sis, have served in the military. That tradition goes way back both sides of my family tree.

1
0
Jack of Shadows
Silver badge

Re: Career != Lifetime

On the average space shuttle mission, astronauts could figure on receiving 25,000 mrem (25 rem), which is better measure of dosage, btw. The maximum dose allowed by NRC amounts to 3,000 mrem (3 rem) per quarter, 5,000 mrem (5 rem) per year. Nobody in a normal line of work would even come close to these levels.

3
0
Jack of Shadows
Silver badge

Re: And given the shielding level of and lander you'll get the radiation workers annual dose

I'd task rovers or Mars-specific drones to find caves, do a bit of LIDAR to establish depth of said cave. Long term, dig in of course. Meteorites are a consideration, not just solar flares et al

On a personal note, I've already had more than ten times the lifetime dose of a radiation worker and have the prosthetic lenses to prove it. I'm 58 right now, cataracts at age 30. I'm not sure about the cognitive effects, after all hang around with this crowd {smile}, I just can't see additional doses making that much of a difference. Wouldn't even have to train me on the engineering side.

Even if it's a one-way trip.

15
0

No, that Sunspot Solar Observatory didn't see aliens. It's far more grim

Jack of Shadows
Silver badge

Re: What the hell is going on in that state?

Given Rule 34, there's sure to be alien pedo out there somewhere. I'm out of mindbleach, otherwise I'd go search for it.

0
0

Oz government rushes its anti-crypto legislation into parliament

Jack of Shadows
Silver badge

Re: They know not what they do

I seriously believe that they know exactly what they are doing. It's beyond belief that they, especially with the intelligence agencies, are totally unaware of what's been put forth to date from the crypto and internet engineers.

The pin-drop I'm waiting for is all the 5EYES adopting this as well.

28
0

Now here's an idea: Break up Amazon to get more shareholder cash

Jack of Shadows
Silver badge

That's exactly my read as well. Thinking about it, everyone should make money out of it as the sum (AMXN) is worth less, in real terms, than the parts valuated separately. Not the first time I've seen this. IBM in the early '90's is the first time I twigged to such a case.

7
2

No wonder Oracle exec Kurian legged it – sky darkens as cloudy tech does not make it rain

Jack of Shadows
Silver badge

Add in Microsoft and you have the Four Horseman of the Apocalypse.

20
0

FCC boss slams new Californian net neutrality law, brands it illegal

Jack of Shadows
Silver badge

What the ISPs are trying to do is charge the end user for the connection, then charge someone else again for delivering the data to that internet connection.

No, the consumer still has to pay for it, just twice as Netflix, et al., will pass it along in the monthly bill. Actually, unless Netflix is billing by the amount of data passed to each consumer, it's not that inefficient save the costs of administering the billing process modified that way. However, Netflix and other providers do not pro-rate the bill for traffic so you end up with a "Tragedy of the Commons" problem. Those that use Netflix most are subsidized by those that use Netflix less, or least.

It's back to the ye olde "companies don't pay taxes, customers do." With increased market friction introducing inefficiencies in both cases.

11
8

Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day

Jack of Shadows
Silver badge

Secure? Ptah!

Despite all that advice, generally good advice, you still have a problem training your machine-learning software. Insuring that 100% of the training is "normal operations" and looking at the traffic I see showing up here, that is most definitely not true. Classifying the data fed to the model is key to all ML/AI scenarios. That's why we have all those lovely datasets to play with lately. The traffic from your site, unless one has time to burn, isn't classified.

If it's important, I have a couple of YubiKeys for the purpose of authentication. If it's for something connected to the Internet, I just use the fact, not supposition, that whatever device I'm looking at, it's compromised. Saves wear and tear. And, that's not what people want to hear. The Internet is supposed to be secure provided one follows the right security recipe.

0
0

Who's hacking into UK unis? Spies, research-nickers... or rival gamers living in res hall?

Jack of Shadows
Silver badge

As if this was anything new. Much of the resilience of the BSD* flavor of Unix came from being developed exactly in the same hothouse as the people that would be hacking it. Quite often, it'd be the same people on both sides.

*- Developed at the University of California, Berkeley.

4
0

Kronos crims go retro, Apple builds cop portal, Swiss cheesed over Russian hack bid, etc

Jack of Shadows
Silver badge
Happy

And on a brighter note:

The write-up of WannaMine by Amit Serper of Cybereason is pure teaching gold. Well worth the read.

1
0
Jack of Shadows
Silver badge
Facepalm

I used to be 2M (Micro-Miniature) certified by when all the crap in my spinal cord went to shit, that went out the window. I've been closely following the IME/AMT issue since the beginning and me-cleaner isn't an option, the wrong CPU-familes here. No, I just keep the Intel-CPU machines energy-gapped which sort of works as they are used for pure computing grunt. Machine learning, all sorts of modeling as well as pretty much any form of computer-aided engineering you could think of, even a couple you probably wouldn't. It's still so damned annoying that I have to pull datasets and then cryptographically/safely transport them across systems.

I'm certainly not buying Intel ever again and have been a solid loyalist for a quarter century. Just "what" I get in the future is an open question as they are stuffing this shit into every decent CPU around, not that I have a large budget anymore. Even OpenRISC looks to be joining that now.

{Frustrated-Shrug}

2
0
Jack of Shadows
Silver badge

And firmware updates for older machines from Intel are meaningless if the OEM doesn't update the firmware anymore. That's true of every Intel-based device I own, not a one that's any kind of a slouch in terms of performance, so I'm not junking them.

4
0

Top Euro court: UK's former snooping regime breached human rights

Jack of Shadows
Silver badge

Re: Yeah, as expected. And they knew what they were doing when they broke the law.

"In any truly advanced society, civil servant is equivalent to civil master." R.A.H. (perhaps just paraphrased)

4
0

Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS

Jack of Shadows
Silver badge

Re: XKCD rip-off

The only downside to that is duplicating the works of others. It turned out I duplicated quite a chunk of "The Art of Computer Programming" [Donald Knuth] in the process. {Shrug} However, I damned well knew why my code worked and how to prevent many computational, logical and security blunders. Then again, StackExchange didn't exist back then.

{I've looked at StackExchange. No. That's not the way to do things. It's as ethically challenging as a security engineer using Script-Kiddie tools.]

1
2
Jack of Shadows
Silver badge

There are times that the only correct thing to do is not follow those orders.There are some things, especially around security and constitutionality, that I simply won't do and the people above me were quite aware of what those limits were. I used to be the lead person explaining what I understood those issues to be in our own in-house classes and was respected for that. Sorry, my conscience is not something I check at the door whenever I report for duty.

9
0

Wow, great invention: Now AI eggheads teach machines how to be sarcastic using Reddit

Jack of Shadows
Silver badge

How well does it pick up the snark when I respond back ala ELIZA?

3
0

Oracle tells students: You're not going to solve the world's problems – but AI and ML might

Jack of Shadows
Silver badge

Having implemented an AI/machine-learning system in Excel, insanely complex at that, this is certainly true. Excel 97 by the way.

0
0

Article 13 pits Big Tech and bots against European creatives

Jack of Shadows
Silver badge

I read pieces across the ideological spectrum and it wouldn't be at all hard to make a case for that on the US side of the pond.

1
0
Jack of Shadows
Silver badge

I don't really need to ask. The first thought looking at it was whether our intrepid commentard is "Prime or Not Prime?

I need to stop hanging out with the cryptographers so much.

6
0
Jack of Shadows
Silver badge

Re: Fuzzy

As per usual, it'll be up to the courts to define the specifics of those overly broad conditions. Given who can afford the bigger number of and/or quality of lawyers (Google, et al.), I think I know how this play out over the next decade or so. Google wins.

9
0

It's September 2018, and Windows VMs can pwn their host servers by launching an evil app

Jack of Shadows
Silver badge

Re: I'm safe since I still use IE3.0. No one targets me anymore.

Ditto. I pity the poor id10t that ever thinks that I'm a useful target financially.

9
0

All aboard the Hype Cycle! What's DataOps? Well, it has no standards or frameworks. Got it?

Jack of Shadows
Silver badge

Funny...

DataOps is exactly what was formerly known as business process management. If you look at my personal ontology, it's filed under Intelligence Engineering. Anything that manipulates data into information gets chucked into that bucket including AI/ML. My favorite bucket as a matter of fact.

0
0

Email security crisis... What email security crisis?

Jack of Shadows
Silver badge

Re: Email is absolutely broken...

Just how are you going to know that the person purporting to be Alice is really Alice? That's why key signing parties were a thing back in the '90's. Without a sort of central registery for certificates, you aren't solving the problem of absolutely knowing that it's not really Eve.

7
0

Dust off that old Pentium, Linux fans: It's Elive

Jack of Shadows
Silver badge

Re: If it's snappy on old kit...

1.5 MB 24-bit color Retina card here. And that was on top of a 16 MHz 68030, 4 MB 32-bit memory, SCSI controller and a hacked 386SX Bridgeboard. I even hacked it for 1 MB Chip memory and multiple Kickstart ROM's. Way faster machines around here, I favor dual Xeon setups and not a one is a 100x+ faster than that Amiga. Pretty disgusting, really.

6
0

Activists rattle tin to take UK's pr0n block to court

Jack of Shadows
Silver badge

Re: t seems to be a mere knee jerk reaction and a solution to a non problem and per-leese,

Esoterica is what I happen to collect rather than pr0n. [I'm verbal, not visual so stories would work, I suppose.) It's all the weird shit on the Internet: Magic, demonology, ancient aliens, fringe science, Illuminati, (supposed) Freemasonry, psychic phenomena, as I said, the weird. I even chuck most of the conspiracy theorist in there. To my engineering/scientific mind, it's the equivalent of pr0n although I don't get off on it.

4
0

You've been served: Market rakes in $22bn, Dell does rather well – IDC

Jack of Shadows
Silver badge

I'm trying to grasp the enterprise server refresh. I would have thought that it'd be better to hold off until new CPU's with built-in mitigations for Meltdown and the various incarnations of Spectre were out. Fallout from the tax law change here in the US is a proximate cause, perhaps?

The Huawei numbers are interesting as well.

0
0

Wannabe Supreme Brett Kavanaugh red-faced after leaked emails contradict spy testimony

Jack of Shadows
Silver badge

Re: Didn't a founding father say...

That would be Thomas Jefferson, my personal favorite, although he was thinking of much shorter time periods than two hundred years.Twenty years or so between periods of watering the Tree of Liberty with the blood of Patriots. Keeping the politicians on a short enough leash was the general idea. The older I get, the further towards radical anarchism I get with this procedure not having been done as required.

7
0

Do you really think crims would do that? Just go on the 'net and exploit a Windows zero-day?

Jack of Shadows
Silver badge

I haven't heard word one if the various Windows Server incarnations are vulnerable or not. I'm leery of assuming not when it just ain't so.

Never mind: Windows Server 2016 is also effected.

7
0
Jack of Shadows
Silver badge

Re: So classic way to find an exploit.

An incredibly long time ago, back when I used to follow IBM system engineers around at the university, I was told to always read the manual(s). Amazing what you can get to work right, as well as amazing what you can get to system to do that no one would knowingly allow. For example, turning off accounting on your job on the IBM System/370 given certain parameters on the $JCL card.

15
0

Take a pinch of autofill, mix in HTTP, and bake on a Wi-Fi admin page: Quirky way to swipe a victim's router password

Jack of Shadows
Silver badge

Re: "It would work in hotels,"

As are logging into open networks or allowing autoconnect to any network. That's the two show stoppers here. It'd have to be a really unusual set of circumstances to see me using those. As to Chrome, it gets my GMail from my second oldest account and logs into my banking and that's it. I'm being selective around what Google and Microsoft see on my end. Chrome did need an update, now fixed.

3
1

Not so much changing their tune as enabling autotune: Facebook, Twitter bigwigs nod and smile to US senators

Jack of Shadows
Silver badge

Re: Separate problems

Unfortunately, the monetization of privacy started far earlier than the social media industry. An act of Congress tweeked existing law to clear the way for the big 3 credit bureaus. It's been a growth industry since then as they sell information about pretty much anyone that might come up on their radar since. Other companies are even marrying in data that should never be in anyone's hands as we've seen recently.

6
0

Ever wanted to strangle Microsoft? Now Outlook, Skype 'throttle' users amid storm cloud drama

Jack of Shadows
Silver badge

Re: The Hubris of Cloud

looking at the curve for CPU performance and especially Price v. Performance on the low end, there'd be every reason to bring it back. Local loads that over-stress the user's device get automagically get translated to "The Cloud" when required especially for always on devices. Same for any other workload, there doesn't exist any boundary between local and remote.

That's my call, probably wrong. I doubt I'll be around to see 2030, so no downside to being wrong.

4
0

Microsoft takes a pruning axe to Skype's forest of features

Jack of Shadows
Silver badge

Late post but I believe the reason behind not allowing we poor (l)users theming right down to menu structures, gadget placement, &c. is down to not making the Hell desk even more of a problem in trying to get to some sort of resolution. My systems are so bizarre once I'm done with them, no one ever, ever asks if they can use one temporarily. They wander off to find someone with more of a vanilla OS (Windows) and applications (MS Office 365/2016).

If they were really serious about this, Skype and Skype for Business would have exactly the same interface, but where would the fun be in that. Then they couldn't extract more money from the enterprise.

1
0
Jack of Shadows
Silver badge

Re: 'overcomplicated some of our core scenarios'

Good luck with that, as I think you well realize. It's an industry-wide problem and I'm quite sure that the next really neat thing to come down the pike will somehow get shoehorned into Skype and whatever else product they can cram it into. Probably several at once.

I'm Old-Skool. KISS exists as an engineering principle as every additional requirement creates not only a single point of failure but the constraints are also known for creating multiple points of failure. The edge and corner cases we speak to and desperately try to avoid. Usually doesn't work to well in the avoidance. Whatever. I don't use any chat or call software so this isn't my problem and I certainly won't even try to "fix it" for anyone. That's my rule for Windows 10 and "modern" Office software.

25
3

Thunderstruck: Azure Back in Black(out) after High Voltage causes Flick of the Switch

Jack of Shadows
Silver badge
Mushroom

Re: Title should be

Given the part of the world, guess they finally ticked off Tlaloc.

2
0

Excuse me, but your website's source code appears to be showing

Jack of Shadows
Silver badge

Re: Not the root problem

Security by obscurity. How well does that work? In war, which is what the Wild, Wild West of the Internet most resembles these days, you must always incorporate "The Enemy" being able to see everything you have and do if you want to win, if not to survive. The same logic applies to every other bit of code and data you are relying on. This is as true about competitors as about hackers/crackers, too.

2
0

Trainer regrets giving straight answer to staffer's odd question

Jack of Shadows
Silver badge

Re: Phones too

Not here it doesn't. Accidental damage is a real problem for me although it might, just might, have everything to do with the sheer amount of technology around me. It's rather a lot!

2
0

Anon man suing Google wants crim conviction to be forgotten

Jack of Shadows
Silver badge

Re: But even before the first transistor was invented ...

I'm not at all familiar with what can be turned up in the UK, but it's really very interesting what you can turn up here in the States for free with the proper application of various techniques to known datasets. OSINT is a thang and not just for those that work in IT security. True, the methods are generally known but a good search engine and the right keywords get you pretty far. Or you could just listen to practitioners in that particular niche. They like to teach, too.

2
0

TSB goes TITSUP: Total Inability To Surprise Users, Probably

Jack of Shadows
Silver badge
Mushroom

Re: left questioning their loyalty

I can't speak truly around UK bank practices but I have to question what id10t collection of manglement schedules maintenance around the first five days of the month? Simply looking at your transaction numbers should show when you should schedule your downtime.

I also have to question the competency of IT, at least at the engineering level, for not having in place options to roll-back whatever they've done in a quick and reasonable manner. Lord knows how many times I've seen updates completely blow away databases. Actually, I do know. Five. That's the point I stepped way above my pay-grade and took over the sysadmin duties for our mainframe. I made it a point to assume that everything was going to go TITSUP and planned accordingly. [I had to go in, analyze the new code base and the differences between the old databases and what the new databases would look like, hand modify the fully backed up databases using an undocumented tool and then install the new code. It was nice not having the reinventory the entire ship's parts supply, taking at least 15 days, again, and again, and again.... One nice thing about COBOL, you just have to have a programming background to understand what is being done where and when, even if not a clue why.]

So... been there, done that, burned the stupid T-shirt. What's their excuse?

9
1

Boffins are building an open-source secure enclave on RISC-V

Jack of Shadows
Silver badge
Mushroom

Re: That's hard

Look up BadUSB if you want an example of why the USB standard is something we should drop like a lava-hot rock. USB is not used here on secure machines here for exactly that reason. Evil Maid is quite simple even if you can't get the id10t user to backdoor it themselves with a "found stick" or other such machinations.

8
1
Jack of Shadows
Silver badge

Re: What we would actually need...

I'd even consider the 68000 and similar 16-bit processors here. I've been keeping an eye on the low end of the market for my offline encryption/decryption machine. Now what has really caught my attention are the CPU's implemented on more modern FPGA's. With verified programming code, cryptographic signing of that code, and doing your own programming of the chip on your own, you could actually end with something that has a much higher security baseline. You do still have to trust that there are no hacks in the FPGA by the manufacturer, of course. Just not as easy a proposition as backdooring a CPU by, say, a certain nation-state that has created the gold standard in corrupting the supply chains.

9
0

Spies still super upset they can't get at your encrypted comms data

Jack of Shadows
Silver badge

Re: It’s not me, it’s you.

I've always preferred: Trust, that condition necessary for betrayal. We "trusted" our governments. Seriously bad mistake as any of the people behind the US Constitution could have, actually had really, predicted.

3
0
Jack of Shadows
Silver badge

Re: They will change the target in legislation

Any home brew setup will then probably stand out in their traffic analysis anyway and will attract appropriate attention.

That's something that is getting a whole Hell of a lot of attention now.

2
0
Jack of Shadows
Silver badge

Re: Wack a Mole

The people who are the literal giants in the field of cryptography say exactly the same thing. That completely ignores the issues that the doing of cryptographic engineering isn't something that pretty much the whole damned planet isn't able to pull off, and that's speaking as someone who works in that field. It was that work that has informed so much of my regular software and hardware engineering, let alone the other IT-related types. And there's always another technique you have to defeat down the road due to the laws of physics, by the way. Brutal. Fun, if you have my warped idea of what constitutes fun!

4
0
Jack of Shadows
Silver badge

Re: Wack a Mole

Adding another application to a device, say OTR, isn't the way to secure your communications. Properly, your security endpoints must extend beyond your communication endpoints. This is why OTP's and encryption on other, preferably deniable or easily inerted, devices is so important. I've software that does this handily across many devices/operating systems, all of which are specifically selected, and kept totally segregated, from my (Internet and local) communication devices. That it has the benefit of providing a "safer" environment to do my work is just icing on the cake.

1
0
Jack of Shadows
Silver badge

I fully expect to see arrests and detention without trials, or end, in my case. I won't give anyone my keys, ever.* I've also the background and experience in the field that I can make their work extremely difficult. After all, it was working on their systems that gave me both. I've only sharpened over the years; comes from the people that I associate with. The kind that live and breath secure technologies and solutions, for whatever level of secure you want to designate. It's not really the tech, it's the process that's important, never, ever an exception nor taking the shorter, easier way.

Be that as they may, they really should be happy at my recalcitrant attitude. There's a ton of extremely classified data, and events, in this head that they really shouldn't want made available soon, if ever.

*- Yep, torture would be a pain, literally, but I go through that day by day, all day. Brutal Level 10.

4
0

The Register - Independent news and views for the tech community. Part of Situation Publishing