Re: The Independent Takes a Stumble Under Pressure
Could be! Is that where Fastly keep their LCY boxen?
Posts by Lomax
290 publicly visible posts • joined 31 Mar 2009
Forget your space-age IT security systems. It might just take a $1m bribe and a willing employee to be pwned
Thursday 27th August 2020 15:21 GMT
Re: Just say no
Sounds to me like he did exactly the right thing:
https://electrek.co/2020/08/27/tesla-fbi-prevent-ransomware-hack-gigafactory-nevada/ (thanks @disgruntled yank for the link).According to the complaint, Kriuchkov traveled to the US in July on a tourist visa and made contact with a Russian-speaking employee at Tesla Gigafactory Nevada.
He met the employee, who remains anonymous in the complaint, several times socially before making him a proposition to pay him to help introduce malware in Tesla’s internal computer system in order to extract corporate data and affect Tesla’s operations.
Kriuchkov alleged that he was representing a group that would then arrange a ransom with Tesla in order to not release the information and stop affecting its operations. The employee didn’t refuse, but he immediately informed Tesla, who in turn informed the FBI.
The FBI launched a sting operation with the employee who wore a wire and shared text communications with Kriuchkov as they were negotiating the terms of the malware attack. The employee and Kriuchkov met several times throughout August to plan the attack and the payment of the employee’s fee.
Interestingly, through the cooperation with the Tesla employee, the FBI was able to obtain information about previous attacks from this group.
Thursday 27th August 2020 14:39 GMT 
The Independent Takes a Stumble Under Pressure
Any guesses who's behind the takedown of the London Independent? It's been down most of the day, at one point showing the Apache2 Ubuntu Default page, and currently
Timed out while waiting on cache-lcy19271-LCYThe cache time-out makes me think DDoS. Then again, maybe it's just that the ops team haven't had their maintenance whipping, due to Covid-19 social distancing...
The Viking Snowden: Denmark spy chief 'relieved of duty' after whistleblower reveals illegal snooping on citizens
Tuesday 25th August 2020 21:26 GMT
Re: Corruption,... again
The science is on empathy is actually quite interesting.
https://en.wikipedia.org/wiki/Empathy#Development
It's a trait that is shared by most mammals, and humanity is likely not the most empathetic species, though we are near the top. Dolphins for example, have three times as many Von Economo neurons as humans do, and the bonobo has also been shown to be a highly empathetic animal, perhaps more so than we are. But we could not have climbed to the technologically sophisticated heights we find ourselves at without a considerable amount of empathy. High-technology requires cooperation between large groups of people, which would quickly break down if we were lacking empathy. It's an evolved trait which gives us an advantage. Per definition though, empathy must include those not part of our own tribe; that's what makes it a thing.
Steve Wozniak at 70: Here's to the bloke behind Apple who wasn't a complete... turtleneck
Thursday 13th August 2020 11:54 GMT 
Triumph of the Nerds
I raise a glass to Woz, the ultimate protonerd, and celebrate by re-watching Rob Cringely's excellent 1996 documentary series.
25 years of PHP: The personal web tools that ended up everywhere
China’s preferred Linux distro trumpets Arm benchmark results
Tuesday 28th July 2020 12:43 GMT
Q.E.D.
https://www.reuters.com/investigates/special-report/usa-riteaid-software/
> Cathy Langley, Rite Aid’s vice president of asset protection, said earlier this year that facial recognition – which she referred to as “feature matching” – resulted in less violence and organized crime in the company’s stores.
> Some security experts said any program with connections to China was troubling because it could open the door to aggressive surveillance in the United States more typical of an autocratic state.
Monday 13th July 2020 09:49 GMT
Re: Remind me
Intel Management Engine can be neutered, though the procedure is not for the faint of heart:
https://github.com/corna/me_cleaner/wiki/How-does-it-work?
In particular, this will disable the ME's network stack, which should make it pretty useless as a backdoor.
Friday 10th July 2020 12:21 GMT
> Just like Japan and Korea.
With one small difference: both those countries are democracies. Which means we did not have to subvert the electoral process, reduce worker's rights, curtail freedom of speech, restrict access to information, or introduce draconian mass surveillance, in order to compete effectively with them. How can we compete with China?
Here's why your Samsung Blu-ray player bricked itself: It downloaded an XML config file that broke the firmware
Wednesday 22nd July 2020 14:09 GMT
Re: Rookie mistake
Ah, I see. I'm sorry, but I couldn't understand what you meant with
> Well yes, phones do this.
Do what? From looking at pictures* of stand alone Blu-ray players, they seem to use touch interfaces almost exclusively, but these are of the capacitive touch "button" type (as opposed to a GUI on an LCD), which should be (almost) as easy to read as physical buttons. A touch button interface often uses a dedicated chip to read the capacitive sensor inputs and translating them to logic levels, so from the SoC's perspective they look just like regular buttons. Some SoCs have native capacitive inputs, eliminating the need for an external chip. It's still an inferior technology to physical buttons though, over which it only really has two advantages: bling factor and cost saving. Some might argue capacitive touch inputs are better environmentally protected and more durable than physical buttons, but then you don't know buttons as well as I do :)
*) A photo on the web is about as close as I'd like to get to one of those things.
Tuesday 21st July 2020 23:39 GMT
Re: Rookie mistake
Not quite: you still need to keep some physical buttons pressed in while powering up to get the phone into recovery mode, unless of course it's an Apple device in which case you're SOL. The reason for this is quite simple: the SoC won't know that you want it to go into recovery mode unless you tell it, and to do that via the touchscreen would require the device to boot up first - so if the reason you want to enter recovery mode is that it won't boot... Physical buttons by contrast are connected (more or less) straight to the SoC's GPIO pins and can therefore be read by its low-level firmware prior to booting.
Tuesday 21st July 2020 22:24 GMT
Re: Rookie mistake
> Would it need extra hardware?
If I was designing it I would include a button to purposely trigger a "factory reset" or other recovery option. But most such gadgets include user interface buttons anyway (unless they've gone all "glass"*) - I'm sure the bootloader could be made to check their state instead, negating the need for an extra reset button. E.g. "hold down [stop] and [skip back] while powering on to perform a factory reset".
*) What is it with people and touchscreens? How is it possible to prefer pressing your finger against a perfectly flat glass surface with zero feedback over pressing a distinctly tactile button!? I'm sure it's only a question of time before we get Nintendo DS style laptops with a touchscreen keyboard which doubles as a social media interface that you cannot disable.
Edit: Hell, the way things are going I predict touchscreen pianos and guitars will be a thing any day now. Just remember you heard about it here first!
Edit 2: No really; people look at new cars with all glass cockpits and go "oooh, sexy, I want that one". Only to receive a Darwin award shortly after their purchase, when trying to change the fan setting while on the motorway.
Monday 20th July 2020 21:32 GMT
Re: Rookie mistake
> That would, presumably, require a bit of code and a bit of storage.
True. And a button. But the on-board storage on the SoC (presumably some MediaTek/ARM-32 jobbie) might be large enough to hold a factory boot config which is used when the one in flash won't boot - or if the user holds in a button while powering up the device. So the only additional hardware needed could be a button - unless of course you can use an interface key which is already present, in which case the hardware cost would be zero (ok, make that two buttons, for a proper three-finger-salute). That "only" leaves the code... and the testing... but those should be one-off costs. And the beancounters can do one; it will cost the company more to cover mail-in "repair" costs if when their devices go TITSUP - not just in terms of logistics, manhours and materials, but in brand reputation. As demonstrated by this very thread.
Sunday 19th July 2020 23:50 GMT
Re: Rookie mistake
I am somewhat resigned to the observed reality that just because you've tested something to destruction that doesn't guarantee it won't go TITSUP due to something unexpected - hopefully in an entertaining fashion, or in a way which leads to new scientific discoveries. A user accessible method for restoring a "last known good configuration" (which could be the same as a "factory reset") seems essential for any "smart" gadget - and is a curious omission on these Blu-ray players.
Fancy some fishy-chips? Just order one of these sensors: Research shines light on suspect component sources
Wednesday 15th July 2020 20:53 GMT
1-Wire parasitic power
> some lack features like support for using parasitic power – using power even if a device is turned off
Parasitic power on 1-Wire networks is actually quite clever; as the name implies these devices can run off a single wire for both data and power (some kind of ground reference also needs to be available of course). The chip charges an on-board capacitor with enough power from the data line (during a 750ms preamble) to wake up, execute the request, and return the response. In other words, such a device can run off the whiff of an oily rag, and draws zero power when idle. Originally envisaged by Dallas as a "MicroLan" for all manner of ultra-low power devices, 1-Wire today is mostly used for temperature sensors and ID tags (like the ones many waiters carry on a retractable keychain, and use to identify themselves at the till, a.k.a. "iButton"). This is a shame, because it's pretty cool technology, especially for the power conscious. That said, there are still a few 1-Wire enthusiast suppliers around, such as HomeChip and Sheepwalk Electronics. Check Wikipedia for more info about 1-Wire.
Soft press keys for locked-down devs: Three new models of old school 60-key Happy Hacking 'board out next month
Sunday 12th July 2020 11:51 GMT
Re: I used to use L,H,J,K lad, and I were lucky to even have that!
> bold move for a "developer" keyboard
No function keys either! What digital contortion is required to Ctrl+Alt+F1-8? Alt+F4? F5 to refresh? F11 for full screen? F12 for debug console? No dedicated Home, End, Ins, Del, PgUp, PgDn. Space-bar the size of a shift key. What are you supposed to be programming with this, a VHS recorder? It's like paying more for less. A lot more!
If you wanna make your own open-source chip, just Google it. Literally. Web giant says it'll fab them for free
Sunday 5th July 2020 13:22 GMT
> Last time I looked into it, eyetracker interfaces were the state of the art - seriously expensive, and very slow.
I don't know when that was, but it seems things have moved on; here's a hot-off-the-press study in Investigative Ophthalmology & Visual Science:
Accuracy and precision of the HTC VIVE PRO eye tracking in head-restrained and head-free conditionsThey find that this consumer (US$800) VR headset can track the wearer's eyes with an average accuracy of around 4° in a 25° radius around the center of view. That's not super precise, but should be enough to support meaningful UI interactions for people with LIS.Alexandra Sipatchin; Siegfried Wahl; Katharina Rifai - June 2020
Facebook accused of trying to bypass GDPR, slurp domain owners' personal Whois info via an obscure process
After 84 years, Japan's Olympus shutters its camera biz, flogs it to private equity – smartphones are just too good
Friday 26th June 2020 23:17 GMT
Re: Nooooooooooooooooooooooooo!
This would happen if the battery got low. You could release the mirror by turning the shutter speed ring to "B" (also marked as "reset" bottom right IIRC). But if you were out & about without a spare battery you were SOL; all speeds were electronically controlled with no mechanical fall-back. Just another area where Olympus were way ahead of everyone else :D
Not that I would kick an FA out of the bed. I had an FM2 for many years and loved it. Eventually went digital with a D200, then bought the FM3A, then went medium format. TBH, I am was more of a Nikonian than an Olympian. In terms of £££ spent probably a Hasslian?
Friday 26th June 2020 22:40 GMT
Re: The smartphone is not the problem...
> The SLR became mature at the end of '70s, when it added full aperture metering, replaced unreliable and delicate meters with silicon ones, and shutters became metallic and vertically operated.
The OM-2 has all of those apart from the metal shutter and was introduced in 1975. Still syncs at 1/60 with a horizontal fabric shutter. And despite being smaller and lighter you could use it to grind a 6D into a pile of plastic granules while suffering little more than a few scratches.
Friday 26th June 2020 11:22 GMT
Re: The smartphone is not the problem...
> The main problem is that sales drop when a product has finally matured
Perhaps. Though arguably the 35mm SLR was mature by 1970 - yet continued to sell for another 30 years. Cost cutting / profit maximising / shareholder dividending might be a bigger problem; we just don't make things as expensively as we used to. Case in point, the Nikon FM3A which launched in 2001. It was supposed to be a "classic" 35mm SLR revival camera in the vein of the venerable FM and FE series. I owned one though, and it felt like a cheap piece of tat compared to the FM/FE bodies - complete with a painted plastic prism housing (imagine what that looked like after a few years days on the road...) Another one: the much lauded Canon 5/6D, which everyone and their dog seems to use these days - even for cinema production. Despite whatever its optical/digital qualities may be I cannot overcome the disgust I feel whenever I handle one; the thing is built like a child's plastic toy! No joy whatsoever - and even less so after smattering away 30,000 frames with three way bracketing; what am I supposed to do with them all!? Laptops are the same; not long ago we were happy to pay £3k for an IBM ThinkPad which had the build quality of an Apollo Programme device; today we have to be content with a cheap imitation from Lenovo at half the price (despite inflation!), which has the build quality (and ergonomics) of a Fisher Price product.
</rant>
Friday 26th June 2020 10:43 GMT 
Nooooooooooooooooooooooooo!
Sad news indeed! My first "proper" camera was an OM-2, and despite having owned several Nikons, two Hasselblads, and a bunch of other nice cameras, it's still my favourite. Supremely well made, smaller and more compact than any competitor, with excellent ergonomics - and one of the first to have TTL flash control. I had the winder and a selection of lovely Zuiko lenses, which similarly to the body had a compactness that belied their quality; 135mm f/3.5, 50mm f/1.4 and 28mm f/2.8 IIRC. The 135mm had a built in telescoping lens shade which I haven't seen on any other lens - very handy. To me, the sound of the OM-2 fabric shutter still defines how a camera should sound. Out of the 10 best photos I ever took, about half were taken with the OM-2. Post digital I kinda lost interest in photography, though I had a brief medium format revival a few years ago. There's not the same joy in taking pictures with a computer. Nowadays I exclusively take photos for documentation purposes, with a Ricoh GX200 (another legendary company btw).
Digital killed the photography star.
Hey is trying a new take on email – but maker complains of 'outrageous' demands after Apple rejects iOS app
Thursday 18th June 2020 15:03 GMT
> Apples % take on sales is extortionate. Far higher than any retailer.
I'm pretty sure that is incorrect. Clothing retail for example can have mark-up as high as 400%. In fact that's probably a very conservative guesstimate. How much do you think Nike pays their slave labour camps suppliers for a pair of plastic shoes which retail at £100? £5? £1?
The rest of your post is spot on though, so have an upvote!
Thursday 18th June 2020 11:20 GMT
No need to repeat what's already in the thread unless it is pertinent to your message. If I'm replying to specific points in an email (or on a forum) I'll inline my replies with the individual points I'm addressing. If I'm just continuing the general conversation I often Ctrl+A before I start typing. I never bottom post below a massive amount of text where no-one only us greybeards will know to look.
Thursday 18th June 2020 10:58 GMT 
But but but but but
Will you get email notifications for new messages on "Hey"? Will it talk IMAP? Will my (id)IoT systems be able to send and receive messages through the service? Will my Sailfish powered mobile device go "pling" when I get a new message? Can I download my messages for offline access? How many pages of indecipherable terms & conditions will I need to accept to use the service? Will those T&Cs change when the service is bought by Amazon/Microsoft/Google/[insert evil megacorp name]? Will world+cat suddenly find themselves unable to communicate in the unlikely event that when "Hey's" servers can't be reached? Will there be an open and free API for third party developers to use? Can I write my own "Hey" compatible software? Is yet another proprietary centralised comms platform really what the world needs? Do I feel comfortable with storing my nude photos cat pictures on a server I do not control? Will the "Hey" servers be based in a civilised part of the world that has strong privacy legislation or in a corrupt totalitarian banana republic the USA? Will I be able to run my own, private, "Hey" server? Does it handle CalDAV/CardDAV sync and storage? Is it possible to "improve" something without replacing it? Is backwards compatibility an important principle or just an obsoleted ideal from yesteryear?
Have we learned nothing?
P.S.
> Ruby on Rails inventor David Heinemeier Hansson
He may have invented Rails, but he sure as hell didn't invent Ruby!
> Hansson co-wrote Agile Web Development with Rails
I think I found the problem.
Repair store faces hefty legal bill after losing David and Goliath fight with Apple over replacement iPhone screens
Snapping at Canonical's Snap: Linux Mint team says no to Ubuntu store 'backdoor'
Wednesday 3rd June 2020 18:00 GMT
Re: If it's not broken, don't fix it.
Or, as LP might say: if it's not broken, fix it until it is.
Canonical are clearly trying hard to become the next Red Hat. How much is a Shuttle worth these days? Personally, I'm laughing all the way to the Devuan.
Wednesday 3rd June 2020 14:12 GMT
Re: Bad neighbor
Devuan +1
I've been running it on my main laptop, a local server and a whole bunch of Pis since "ASCII". Recently migrated to "Beowulf" (which incidentally was released yesterday) and was blown away by the speed & quality improvements. It's a superb distro - and I've tried a few, including Ubuntu, Xubuntu, Mint, Alpine, Debian, Red Hat, and others I can't remember. Never been down the Arch, Slack or BSD paths, but that's mainly because I started my Linux journey on Ubuntu and got used to the Debian way. I would recommend anyone with an interest in Linux to give Devuan a go - you may never look back!
'I wrote Task Manager': Ex-Microsoft programmer Dave Plummer spills the beans
If you miss the happier times of the 2000s, just look up today's SCADA gear which still has Stuxnet-style holes
Started from the bottom, now we're near: 16 years on, open-source vector graphics editor Inkscape draws close to v1.0
HMD Global pokes head out of quarantine to show off 3 new Nokia mobiles
Friday 20th March 2020 14:57 GMT
Writing this on an XA2 Dual SIM - the small one, not an "Ultra" or a "Plus" - running Sailfish 3.2 without the spyware Android layer. Great performance in a pocket friendly size, and the dual SIM slots prove incredibly useful now that I'm under CV lock-down in a foreign country. Only complaint would be somewhat sluggish JS performance on some websites (I'm looking at you Indy) - but El Reg flies along :)
Morrisons puts non-essential tech changes on ice as panic-stricken shoppers strip stores
Sunday 8th March 2020 02:52 GMT
Re: Flu....
So it seems COVID-19 is something like 20 times deadlier than a garden variety flu, though I have seen estimates around 2-3% from multiple trustworthy sources. The WHO puts it at 3.4%. But as you say, these numbers typically fail to take into account that an unknown number of those infected may have mild enough symptoms not to seek medical help and get tested. Perhaps not even fair to compare in the first place since they belong to different families, and the effects are quite different. I just read this in the Indy:
Italian doctors have warned medics across Europe to “get ready” for coronavirus in a letter revealing up to 10 per cent of all those infected with coronavirus need intensive care, with hospitals becoming overwhelmed.
The letter, seen by The Independent, reveals the scale of the impact on hospitals in Italy where 5,883 patients have been infected with the virus and 233 people have died as of 6pm on Saturday.
In the note, sent to the European Society of Intensive Care Medicine, critical care experts Professor Maurizio Cecconi, Professor Antonio Pesenti and Professor Giacomo Grasselli, from the University of Milan, revealed how difficult it had been to treat coronavirus patients.
They said: “We are seeing a high percentage of positive cases being admitted to our intensive care units (ICUs), in the range of 10 per cent of all positive patients."
That's... not good. The UK has about half as many ICU beds per capita as the Eropean average (~6 per 100k vs ~11 per 100k - Italy has 12.5). Add to that the elevated risk of infection faced by health-care staff, with the possibility that many of them will be forced to self-isolate, and it looks like a perfect storm for the poor old NHS. I recommend reading the linked article in full; it has more detail on the effects of the virus.
Don't be fooled, experts warn, America's anti-child-abuse EARN IT Act could burn encryption to the ground
After 1.5 million days of computer time, SETI@home heads home to probe potential signs of alien civilizations
Wednesday 4th March 2020 18:55 GMT
Re: Small window of time
It seems logical to assume that the same factors which drove these developments here on Earth would also apply to any alien civilisation which develops radio. So it is possible, perhaps even likely, that our search for alien radio signals will remain fruitless (cf. METI), and that some other means of detecting life/intelligence on other planets is needed. The James Webb Space Telescope may be able to capture spectra from the atmospheres of extrasolar planets, which could be used to detect the likely presence of life; certain compositions would be difficult to explain other than as the result of some biological process. I have hope such a detection might even happen in my lifetime - surely the greatest discovery in all of human history - and shall be crossing my fingers quite firmly come launch-day.
Wednesday 4th March 2020 16:59 GMT
Re: Small window of time
Not only that; signal strength has decreased dramatically since the early days of radio, in step with inreased receiver sensitivity. And much that used to be broadcast is now distributed over the Internet instead. Thirdly, broadcast transmissions today often come from satellites, which direct their output at a nicely absorbing body. I expect these trends to continue, at least until human colonies / spacecraft are scattered around the galaxy.
Breaker one-nine, this trucker's rubber ducked, facing a year in the slammer for Acer laptop thefts
Thursday 27th February 2020 11:55 GMT
And yet, gambling addiction is a thing. Keenly encouraged by a myriad of shady businesses. Why it remains legal, while other drug dealing is not, I cannot understand.
According to the [Australian] Productivity Commission's 2010 final report into gambling, the social cost of problem gambling [in Australia] is close to 4.7 billion dollars a year. Some of the harms resulting from problem gambling include depression, suicide, lower work productivity, job loss, relationship breakdown, crime and bankruptcy. A survey conducted in 2008 found that the most common motivation for fraud was problem gambling, with each incident averaging a loss of $1.1 million. (Wikipedia)
Basically, addicts commit crimes on behalf of gambling companies, who promptly off-shore the stolen cash. Drug dealers at least provide an actual product.
Biting the hand that feeds IT
