* Posts by Crazy Operations Guy

2513 publicly visible posts • joined 29 Jun 2009

35,000 ARRIS cable modems at risk from firmware dumper bot

Crazy Operations Guy

Easy, but won't happen anytime soon. All ISPs will do is to block both modems if its cloned, then wait until the real customer calls in to complain (In which case, they'll dispatch a tech and charge the customer a replacement fee for the new modem and an additional fee for the tech to come out to troubleshoot despite the ISP knowing exactly what was wrong).

They have no incentive to stop malware from spreading across their networks, in fact they tend to profit from it (more traffic means the customer is more likely to go over their data cap, and can thus charge them far more).

I've attached an SDR to a coax-tap that sits right in front of my modem and pushing it through some software to decode the signal so I can pipe the packets to tcpdump and record them (with filters to strip out my own packets, of course). So far, I've not seen a single patch come down from my ISP even though the modem's firmware is wildly out of date (the sticker on the flash chip shows that the software version was released in late 2013 and the modem continually reports that software version when the CMTS requests modem info).

Crazy Operations Guy

Nope, the attack happens on the outside edge, before it ever gets to your firewall. The modem is listening for ssh packets coming from the ISP (so that they can configure your router). So even if both you and the ISP have firewalls blocking all ssh traffic you are still vulnerable if anyone on your loop is infected.

The SSH channel will also work even if the modem doesn't have an IP address, it will still respond to ssh packets addressed to the modem's MAC address and port 22.

Gmail suffers worldwide wobbly Wednesday

Crazy Operations Guy

Re: This is why the "cloud" is a terrible idea

"what would happen if you got run over by a bus."

If I'm dead, then I have no need for email. The machine only hosts email for myself. My point was that it isn't difficult to engineer solutions that last, especially if you have access to professional grade stuff rather than the scrap-pile that I do.

Crazy Operations Guy

This is why the "cloud" is a terrible idea

One failure and millions of people are without a service.

I have an old Pentium-4 machine running email services for me that has only failed on me once in the last decade (It caught fire after a staple fell into the power supply, luckily everything else survived intact and I had a couple spare ATX power supplies on hand). I have a store-and-forward SMTP server sitting in a hosting data center to take over if my primary machine gives up the ghost. The machine uses a pair of 20-GB hard disks in a RAID-1 and is backed-up quite regularly onto several 32-GB USB drives (They were $10 at the local office supply store, so I bought a dozen of them).

Ted Cruz channels Senator McCarthy in wrongheaded internet power grab crusade

Crazy Operations Guy

He clearly doesn't understand the First Amendment

The First Amendment only prevent the government from unreasonably preventing someone to practice their religion or make statements in public. The only place on the internet were that would be applicable would be on government-run websites. The First Amendment would still apply after IANA is pulled out from under the DoC

Besides, its not like First Amendment rights are actually being enforced on the internet anyway, given that no one has done anything about ICANN refusing to approve the creation of .gay but just rubber-stamps applications by big corporations (and also that douche in Bellevue, Washington, USA who has registered 189+ gTLDs that have only been used by companies to protect their trademarks. One example of pointlessness: http://www.iana.org/domains/root/db/academy.html).

Also, correct me if I'm wrong, but isn't Teddy a republican, and isn't their mission to get rid of as much government regulation as possible?

HPE: Come on in, cool cloud kids, we won't compete with you – unlike *cough* Dell

Crazy Operations Guy

I doubt that HPE will be competing with anyone in a few years

Their Earnings Reports are abysmal; they keep shedding business units; their products are in serious need of updates; and they end up killing anything unique.

Gimps with big Dell balls hijack HPE's partner shindig

Crazy Operations Guy

Re: Burkinis?

Yeah, France is the only modern country racist* enough to ban a clothing garment because it may have indirect religious connotations (spoiler alert: The Koran contains nothing about how women should dress, its the dick-bags in charge that dictate that).

*Technically not really racist so much as forcing people to strip themselves of their culture, heritage, and any vestiges of their ethnicity and forcing them to assimilate completely to French way of things.

'What this video game needs is actual footage of real gruesome deaths'

Crazy Operations Guy

Re: I take it this is not the People Eating Tasty Animals group....

I've always hated PETA for getting angry at stupidity like this and things like demanding that the band 'Pet Shop Boys' change their name. They are so loud and annoying that the general population paint every other activist with the same brush. There are even animal rights groups that are far more rational that are trying to end actual animal cruelty that are getting overshadowed and pushed to the side by these nut jobs.

I agree that there are some farming techniques that are downright inhumane and need to be banned. I say this after finishing off a meal of Brazed rack of lamb with a side of bacon-wrapped veal medallions and a side salad including grilled and marinated chicken strips with Cesar dressing. Meat treated well is good, animal cruelty is bad (fear and stress hormones ruin the meat, after all).

PETA has caused the extreme polarization of the anti-animal cruelty movement and distilled it two sides: either you are a total vegan or you're OK with purposefully torturing animals when slaughtering them. They have made a middle-ground position nearly non-existent...

Great British Block-Off: GCHQ floats plan to share its DNS filters

Crazy Operations Guy

Re: Don't be daft. They want you to use Tor.

The heads of Intelligence agencies are always retired senior officers from the various military branches. The reason is that they would already have the appropriate security clearances, know what military personnel in the field need in terms of intel, have strong relationships with those who will be acting on the intelligence, and are conditioned to follow whatever the President and their cronies say and thus tow the party line.

This is how its always been, and how it will always be...

Crazy Operations Guy

"Open Source and could be readily checked"

I'd imaging the easiest thing to do would be set up their own DNS server that doesn't return A records for offending domains and has a TXT record added with some kind of identifier for looking up the reason why it was blocked. They could then release the zone files so that anyone can read it, check it, and deploy it by just downloading a single plain-text file.

UK Science Museum will reconsider its 'sexist' brain quiz

Crazy Operations Guy

Exhibit A

Looking through this comment thread and I can clearly see why there is a such a massive gender gap in the technology industry.

Crazy Operations Guy

Every actually scientific study that I've found seems to indicate that any differences in cognitive process between the genders is purely based on the stereotypical activities that are pressed on children. In Western societies, girls are strongly encouraged (and sometimes forced) to only play with toys that focus on caring and interpersonal relationships (Such as caring for baby dolls or imagining interaction between adult dolls); such play is practice for communicating later in life and builds a much stronger sense of empathy. One the other side, boys are encouraged to play with building blocks and other toys where the focus is on hard-logic, which leads to increased spacial reasoning skills.

There are no differences in how brains work between genders, only what we teach them and condition them to do.

This is proven by study of other societies where there is little to no stereotyping of what is 'girly' and what is 'manly'. This is also noticed in societies were the gender roles are completely reversed. In the societies in which there was no gender bias for activities or behavior, there was no difference between genders when measuring logic or interpersonal skills. In societies in which the roles were reversed from Western standards, the men showed greater levels of empathy than the women, who demonstrated increased numeracy and spacial reasoning.

It almost seems like skills and abilities are based off of training and developing those over a long time, where differences are due to non-gender-specific genetic predilections that may aid or detract in a person's ability to perform a certain task. Almost like humans are complex creatures that can't be described in general and broad-stroke statements...

Bug of the month: Cache flow problem crashes Samsung phone apps

Crazy Operations Guy

Re: No one has asked...

The two sets of cores operate with different instruction sets. The M1 cores contain quite a few additional instructions for media applications (Video and audio decoding, accelerated 3-D graphics), advanced math functions, encryption/decryption, etc. Each of those instructions would take much, much more time and energy to execute on an A53 core. However the complexity of the M1 core requires quite a bit more power to run, even executing the same instructions. With this set-up, the M1 can be powered off the majority of time until it becomes more efficient to use the beefier cores. The M1 cores become the much more efficient option when viewing a DRM-Protected content or playing a game that is highly graphics-intensive.

Crazy Operations Guy

"I think you will find RAM is quite a bit faster than in the days of a PDP8."

In terms of raw speed, yes, but not as a factor of processor core speed. Many of the old dinosaurs would be equipped with RAM that operated with short enough latency that the requested data would be at the processor before the next instruction even begins to execute. In modern systems, you have to initiate the copy operation, then wait 20+ cycles before the data is available to be used by the processor.

Yelp wins fight to remain morally bankrupt

Crazy Operations Guy

Yelp is a joke anyway

They have no system to even determine the legitimacy of the reviews, not even some kind of GeoIP filter to prevent people from posting reviews about a location they haven't even been within a thousand miles of. I've been able to post a review of a pizza place in Sydney while sitting in New York (I was actually at the pizza place a few days before, but how was Yelp to know that?). Something like requiring a photo / scan of the receipt would be simple to implement and cut down quite a bit on false reviews.

They also don't seem to do any filtering to remove reviews for locations that, by all rights, should never be reviewed. Things like Auschwitz, or Hitler's home should never be reviewable, especially since the reviews for both places are routinely filled with hate speech and holocaust denial (For which Yelp is quite slow to respond to). There is also some pretty hateful stuff posted as reviews for the memorials at Hiroshima and Nagasaki...

Bad news: MySQL can dish out root access to cunning miscreants

Crazy Operations Guy

Re: As always...

I go one step further: every DB hosted on my DB server gets two partitions, several dedicated user accounts, and dedicated groups. The first partition stores the SQL daemon and configuration files and is mounter read-only. The second partition holds the actual db itself and is mounted within the first partition as read-write. As for users: The server daemon runs under its own process and is denied remote login to the server (its also assigned a null shell), multiple admin accounts are created for each db instance where each account is assigned to a specific physical person to admin that specific database, it has permissions to sudo as the server daemon.

Within the DB itself, two user accounts are created for every logical group of tables. One account has read-only access to the group of tables, the other has write. Every action by write group and queries by the read-only group that return far more than the expected amount of data, are logged into our monitoring and alerting tools. On top of that, everything is stored procedures. The security is set up like this so that even if someone where to discover the password for one of the SQL accounts (which are the only accounts that can connect to the DB servers from a non-IT subnet and only then can connect from the web boxen).

Ad flog Plus: Adblock Plus now an advertising network, takes cash to broker web banners

Crazy Operations Guy

Not really much of a market

The people that use ABP are the same type of people that aren't very likely to click on ads anyway. At the very least, not nearly an amount needed to justify the 30% surcharge to have them displayed.

Advertising only works when the advertiser can prove to the client that the client is no making more money than they spent to hire the advertising company and to run ad campaigns. The fact that ABP users aren't very likely to click on ads, let alone purchase the item advertised, causes the whole advertising 'value proposition' to fall on its face. No one is going to spend a million dollars just to increase profits from sales by a few hundred dollars.

Upstart AI dreams of 'disrupting' digital marketing – with sex

Crazy Operations Guy

Re: Nielsen Group

I've had the best luck just hiring middle-range web developers that have had about 10 years of experience in web design. Cheap and young developers tend to latch onto whatever the flavor-of-the-month technology is, or just play with some templates and slap it on top of WordPress or some other CMS system. The really old or expensive folk over-engineer things where suddenly a small website meant to sell a handful of items and serve up a couple docs is now powered by a globally-redundant Oracle cluster with an in-memory DB to improve performance, the front-end now runs on multiple cloud providers, there are analytic tools everywhere, and now the web management team is twice as big as the remainder of the IT department.

I've worked with plenty of clients where they used some graphic design intern fresh out college to build their site, then a year later (once the platform they used was abandoned by the author maintaining it) they went with one of those huge design companies that've built sites for most of the Fortune 500. Millions of dollars later, they end up with a byzantine behemoth that only the company that built it could even make sense of how it all works.

Crazy Operations Guy

Re: "the power of evolutionary algorithms"

What do we win? Is it some kind of IoT-enabled cloud-based augmented-reality wearables I've heard are disrupting the sharing-economy recently?

Crazy Operations Guy

Re: They'll never figure it out.

The problem is that while they struggle to figure anything out, we end up suffering.

I can't even begin to count the number of websites where they changed the whole thing to look more modern, but broke every single one of my bookmarks. Or when websites change design to look cleaner, but actually wipe away all the useful information, especially getting rid of legacy products. Or when they try to be all slick and add unwanted features but end up tacking on dozens and dozens of third-party domains' JavaShit (bonus points for layouts that require some random third-party script so as to not be a blank page).

'Jet blast' noise KOs ING bank's spinning rust servers

Crazy Operations Guy

Re: Sounds nasty..

If miscreants have the ability to get deep enough into the building to re-wire the fire alarms, then you've already lost. They could just as easily sabotage the electrical system and destroy even more equipment, or just burn the whole place to the ground, destroying everything.

Worrying about what someone could do with a loud noise like this would be like concerning yourself that a mugger with a heavy knife is going to bludgeon you with it, rather than the more obvious, and more effective method.

US Congress blew the whistle on tax-dodging Apple, claims Europe

Crazy Operations Guy

Re: Start taxing money whenever it moves across a border

I would propose that the tax would be applied to Business Income Taxes / Personal Income taxes at the end of the fiscal year, not on the transaction itself. On the tax form, you'd take the amount of money transferred out of the country, subtract the amount brought into the country to get a taxable amount, values below a certain threshold would be tax exempt. Money coming in would be exempt from the tax, as it would end up being taxed as part of total income.

This is already how Personal Income in the US works; if you make $25,000 in a year, but spent $20,000 to do so, it falls below the $10,000 threshold and that amount is tax-exempt. If you were to make $25,000, but only spend $5,000, you pay taxes on the $20,000 in profits (Well, $10,000 since the first $10,000 is exempt).

Crazy Operations Guy

Re: Start taxing money whenever it moves across a border

"That sort of undermines the whole EU market idea."

Then just copy the model used by the VAT system. The EU economy seems to be able to handle it just fine.

Crazy Operations Guy

Start taxing money whenever it moves across a border

I keep hearing about all these tax shelters and schemes by companies to hide, things like the "Double Irish" and the "Dutch Sandwich" or not paying taxes because they are "licensing Intellectual Property" that happen to exactly equal their profits. It all involves moving the money between countries, so what I propose is some tax on the movement of any form of currency across borders just as goods are taxed upon import / export. Such a system would put a quick end to companies sending money overseas (It'd just be cheaper to keep it in the country in which the money was earned). It'll put a huge cut in international trade, but I feel that that might be justified until companies (and overly-wealthy douches) learn to pay their fair share.

Seagate sued by its own staff for leaking personal info to identity thieves

Crazy Operations Guy
Devil

Gives me an idea for an evil law firm

Improperly receive a bunch of W-2s from a company, extort the company into paying to keep silent on the loss, then when they stop pay, using the information to impersonate the victims of the data loss and launch a class-action suit against the company...

Airbag bug forces GM to recall 4.3m vehicles – but eh, how about those self-driving cars, huh?

Crazy Operations Guy

At least the software failure reaulted in the better of two options

If the air-bag software were to crash at least it resulted in "front airbags fail to deploy in a crash" than 'Front airbags deploy successfully during normal operation', like some vehicles have experienced.

Although airbags are fairly pointless since they save you from things that could be mitigated in other ways. Things like more intelligent seat-belts that allow some forward movement forward would prevent heads from arcing downward and causing the head to collide with the vehicle; Changing the way the steer wheel works would also go a long way to saving lives, after all, during a collision it is nothing more than a heavy wrought iron spear that happens to be pointed right at the drivers heart and is held in place by the steel frame of the vehicle.

Top smut site stops Flashing, adopts HTML5

Crazy Operations Guy

You'll need more thana few days...

During one of PornHub's yearly reports on viewing statistics, I recall them mentioning they had over 500,000 hours of content, so I hope you have nothing to do for the next 57 Years...

Typo made Air Asia X flight land at Melbourne instead of Malaysia

Crazy Operations Guy

Re: Airbus software

" more "proper" than a side stick? "

A Yoke (Its labeled 'Control Column' in the manual for my bird) can operated by either hand, rather than just the one, allowing the pilot a much wider range of of movement; the pilot can operate it while using a wrist brace (Recovering from wrist surgery or just suffers from carpal tunnel) or if their wrist seizes up due to overuse (A 6 hour flight would do that). It can also withstand much more wear before experiencing failure.

Crazy Operations Guy

Re: Airbus software

If they can maintain the Ballmer Peak, I'd prefer them to code after lunch rather than before...

https://xkcd.com/323/

But I do tend to avoid Airbus planes anyway (What kind of idiot replaces a proper control column with a cheap joystick? Its a $100-500 million dollar aircraft, not a fucking arcade console)

Crazy Operations Guy

Re: Damn instrument weenies

Yeah, I had to do that too. What I mentioned was flying -without- instruments other than the bare basics (and the most basics versions of those at that). No EFIS, no ILS, no TCAS, not even fuel and engine readouts. So basic that even Charles Lindbergh would call it spartan.

I learned just how difficult landing a B190 could be by just eyeballing the approach...

Crazy Operations Guy

Damn instrument weenies

I hate how reliant on the avionics modern pilots have gotten. We live in an age were people trust the computer without understanding what the computer is actually doing. I'm not saying that the instruments are bad, they are very useful and make flying much safer and allow pilots to rest and save their mental energy for emergencies; I just mean that they should never trust a computer to do something they can;t do by themselves.

I am an amateur pilot, been doing it as a hobby for several years now. The most useful course I've ever taken, and something that really should be required for all private / commercial pilots to undergo would be to do a flight between two unfamiliar airports using only a set of crude charts (Accurate location of all landmarks and obstacles, waypoints, and airports; but missing a lot of useful, but non-essential data), a compass, an altimeter, an air-speed gauge, and a wristwatch. The instructor would have access to all instruments and control the radio. Pilots need to be able to do their job safely and efficiently in the worst-case scenarios, especially if the entire electrical system fails. Or at the very least, be able to identify when the avionics are lying.

A monkey could operate a modern aircraft, especially with modern avionics systems and auto-pilot systems intelligent enough to land a plane without a pilot behind the stick. With these new advances, a pilot's job has been shifted from flying the plane to identifying when things go wrong and know how to fix any situation.

Network Management Systems are a 'treasure map' for hackers

Crazy Operations Guy

Re: Worth the risk

"Surely anyone that knows how to use SNMP knows how to implement a simple firewall rule?"

You'd be surprised... I worked with a client a few months ago that had a bunch of Linux-based Web Servers where that they managed over SNMP. They changed the port number, but it was still accessible from the outside.

As for write access, I've seen a lot of cheap layer-2 switches that can only be managed over SNMP. Not much to configure other than VLAN or PoE parameters. There are also a couple of the lower-end work group printers that require SNMP to configure.

Crazy Operations Guy

Worth the risk

It'd take an attacker a few minutes to get nmap installed on a machine and some SNMP management tools, if they aren't already installed as part of the base OS. Refusing to use Network Management software because of the security risk is like gouging your eyes out so an attacker can't blind you. Besides, if an attacker is already far enough into your network that the security of the NM server is a factor, you have already lost.

Of course it is important to consider security in such cases, such as using only SNMPv3 on devices that support it, firewalling devices that only support v1 or v2, and using unique and secure community strings (and not just reusing the same string for everything).

Intel Basis fans burned again: Refund checks for scalding smartwatches bounce

Crazy Operations Guy

Re: Western Union?

Western Union has a service where you send them a list of recipients and a pile of cash and they'll take care of all the check printing, envelope handling, and dealing with all the taxes / income reporting for the countries in which the recipients live. Its a huge pain for regular companies to do it and ends up being cheaper to just have WU worry about it.

Other than that, WU does a lot more than sending money: they perform physical transport of literal tons of money; they run the vast majority of long-distance courier services for goods that UPS / FedEx / DHL / etc. can't be trusted with; they also one of the main providers for the Telex services; and they control a sizable portion of the SWIFT network. Basically, if anything of value is moved anywhere, they're going to know about it.

Lose a satellite? Us? China silent on fate of Gaofen civilian/spy sat

Crazy Operations Guy

Re: Civilian/spy

I love it when China has the audacity to use the term "civilian". To them, they have a billion entities that can be pressed into service to make cheap junk for every other country and use up resources better used to help "The People".

The only real people in the country are the million or so folk heroically living in huge state-provided mansions and bravely accepting the equivalent of hundreds of thousands of dollars a year from the government for doing the dangerous job of overseeing the local cities and factories. It truly is a burden to deal with that much wealth; the proletariat truly are the lucky ones here, they don't even have to deal with the burden of a living wage or safe work conditions.

</sarcasm>

Crazy Operations Guy

Re: "... and crashed into Shangluo City"

The Chinese government's position on such things is "If we lose a couple civilians, doesn't matter, we got a billion more they came from", the official position is "We must make sacrifices for the betterment of The People". I believe that the Chinese government has declared that Fucks are government property and are too dangerous to be given to citizens.

On a serious note, they declare large chunks of land the size of counties as being part of the city that exists within it. In some cases there may only be a few dozen people that live in the region, but that whole massive area is still "Blah-Blah City". Its all international posturing, having a bunch of cities makes them look big and powerful.

98.1 million CLEARTEXT passwords pasted as Rambler.ru rumbled

Crazy Operations Guy

Could still be encrypted on the database but still be plain-text

A few years ago I was hired to do a security audit for a small community's cooperative day-care facility. They had a set of IP-cameras set up around the facility so parents can watch their children playing at the facility. There was also a live-chat system attached so parents could all coo in real-time when a child did something they thought was adorable.

The database stored pretty much everything encrypted on the database using some pretty decent encryption (Although it was using a symmetrical key). As I started digging through the login page, I found that the password checking page would reverse the encryption on the stored password to perform the string-checking. It did this in a fundamentally broken way. The first page you encountered was "EnterUserPass.php" which contained a username field, a password field and a submit button, which when pressed, would redirect you to "GetPassword.php?<Base64-encoded_username>&<Base64-Encoded_password_entered>". The GetPassword page would run a small bit of code to retrieve the encrypted password from the database and decrypt it, the redirect the user to "CheckPassword.php?<Base64_entered_username>&<Base64_entered_password>&<Base64_Unencrypted_password_from_db>"

The response I got from that mess was "Who would try and break into the website, its a small day care for a community, not a bank!", "Passwords encarded (sic) like that are secure, its not like any of our users are lute-hackers(sic) or anything, they're just suburban soccer-moms", and then "Even if they could see the password, it doesn't matter because they'd only see their own". I kept getting really naive answers like that whenever I'd point out how stupid it was. Especially in light of the fact that you could enter any username you want and see the password; and that login usernames were also the display names in the chat system and forums.

I spoke with the developer for their website since I figured I'd have more luck than the "IT Person" that was running things (They got the job because, of the parents, they knew how to install apps on an iPad, much more than anyone else could say about themselves). The developer was the kid of one of the parents who said they developed the website in pieces like that so that it'd be easier to maintain; the Base64 was used because "It's being protected by SSL, so don't worry brah". When asked about why he used reversible encryption on the passwords rather than a hash and a salt, he responded with "Hashes can have collisions, this way a hacker couldn't guess a password that collides and get in. What kind of idiot are you that you didn't know that?".

The server was an old home computer with a pre-made LAMP distro slapped on top with everything still default from the install disc (which was sitting right on top of it), except the stuff a tutorial told him to change. It was odd that receipt from Best Buy for it showed that it was a $6000 AlienWhore machine with Core-2 Quad in it and 16 GB of RAM, but while the server was in the stupid looking case, its guts were from a late-P3 Gateway branded machine. It must have been coincidence that the dev-kiddie had a Gateway machine on his desk with a P3 label but seemed to perform far better than any P3 I've ever seen...

AS for the Website itself, it was assembled from examples in a book on PHP, some pre-made forum software, a couple tutorials, and chunks of code ripped from Stack Overflow.

I was hired to look at the day-care's systems since a former employer of mine was moving into the area and wanted me to check the place he was planning to send his kid to (He got permission from them for my audit). He paid me for my report and I went along my merry way, glad to be away from such weapons-grade stupidity. And certainly glad I didn't live in that area. It was one of those planned-communities out in the suburbs built for upper-middle-class Yuppies who married some air-head trophy spouse and want to raise their kids "In a good neighborhood away from the city". The central part of the area only had a few businesses: A Wine store, an Italian-style Bistro / Wine bar, a Whole Foods, a designer goods shop, and a full-service gas station / luxury vehicle dealer.

Chubby Chinese students refused top bunk

Crazy Operations Guy

Re: Mini-lift entrepreneurs take note...

Vast majority of the dorms in the US use bunk beds as well. Even Harvard, Yale, MIT, UCB, pretty much any big-name college uses them. Fraternities / Sororities, on the other hand, are overwhelmingly single-occupancy rooms. Elitism in the US is prevalent everywhere, more so in areas where everyone is supposed to be equal.

OpenBSD 6.0 lands

Crazy Operations Guy

W^X is for weenies on Von Neuman machines

I love how long it took Intel / AMD / ARM to implement some kind of method to keep Executable code and Data separate, and the vast majority of software still doesn't support it. The vast majority of exploits nowadays exist only because a machine can be tricked into running user data in a privileged context. It makes me sad to see a complete lack of Harvard-Architecture machines out in the world (I have VHDL skills and a couple FPGA dev kits, if anyone wants to join me in building a Harvard-Arch general-purpose computer).

The survivors: Intel's Apollo Lake netbook CPUs stagger from Goldmont bloodbath

Crazy Operations Guy

Re: Not just Netbooks

I've been using one to test out Linux distros (Still haven't found one that I like well enough to use as my main machine). Hardware is old enough that device drivers exist in the Open-Source world, but new enough that its representative of a newer system and can be used to test my newer peripherals.

SETI searchers: We still haven't found what we're looking for

Crazy Operations Guy

Spy satellites don't have predictable orbits anyway. They tend to hang out in a stable orbit most the time, but if needed to look at something specific, they'll have their thrusters fired to put them into a sling-shot orbit to get as close to to their target as possible while traveling as fast as possible as well. The sling-shot is calculated so that the satellite would return to its previous speed and altitude, although on a completely different orbit. This is to prevent it from being tracked, or even seen (they tend to be in a high-enough altitude where even the most sophisticated telescope would have difficulty even getting a hint of where it is). The only way to know where it is at all times is to work for the agency that controls it.

Procedures like that burn quite a lot of fuel and greatly reduce the life of the bird, but spy technology changes rapidly enough that the on-board devices are obsolete right around the time the satellite runs out of fuel and is de-orbitted. Plus they have more than enough cash to launch fresh ones whenever they need it. This is part of the X-37B project, where they can re-fuel and upgrade components on the spy satellites in-orbit rather than having to launch a fresh one (which allows other countries an opportunity to find it, a rocket launch isn't exactly covert, after all).

Adobe ices ColdFusion server admin password, file hack hole

Crazy Operations Guy

Re: Confusing version numbers - as usual

Indeed. I've always very much preferred the X.Y.z versioning scheme.

X is incremented when the product changes enough or introduces enough new functionality to make it a drop-in replacement for the previous version (EG, may need DB schema change or no-longer supports a certain set of Operating Systems). Or at the very least represents a major milestone in development.

Y is incremented when a new feature is implemented that doesn't require any changes to the rest of the system (although may prevent downgrades). Should be compatible with anything else within the 'X' version family.

Z is the patch level the system can be upgraded to a later 'z' version without any changes and a system admin can upgrade without needing any testing. Usually a new version is produced monthly / twice-monthly.

The vast majority of software follows this model, but too many prolific software projects don't (Linux Kernel, OS X, etc.).

I can accept 2016 as a version number if the whole version is based on it like <year>.<month>.<day> and it has a very rapid development cycle (where new versions are built weekly, if not daily). Otherwise, it seems pretty pointless.

Google scraps its Project Ara modular smartphone wheeze

Crazy Operations Guy

Re: What's next for the chop?

Google's business model is to convince people to give them as much personal information as possible for the lowest cost so they can sell it to advertisers or hand it all to the NSA / GCHQ / etc to make Anti-Trust cases go away. GMail, Search, Maps, YouTube, and Android all fall into that category. But there is plenty of stuff that clearly doesn't fall in with those and will likely be cut in short order. I'm anticipating that Google will release one iteration of their Self-Driving Car non-sense and immediately cancel it making the hardware useless (Just like what they did with Nest and Glass). Google Fiber is not long for this world (I'd be surprised to see it last through 2017). The Google 'Loon project is only on life-support for now to garner good will ("We're no evil, we're planning on giving free internet to Africa") and possibly as a loss-leader to reduce their taxes.

NBA's Golden State Warriors sued for 'mic snooping' mobile app

Crazy Operations Guy

Built-in apps do this as well

Received a company phone form work a month ago and first thing I did was to start denying as many permissions as possible. Like how the "Samsung Pay" app seems to want access to my Camera, Contacts, Location, Phone, SMS, and Storage. Or how the "Setup and Transfer App" keeps wanting access to all of that despite the fact that the App would only be run twice, at most, during the life of the phone.

Can't remove these apps, can only deny certain permissions...

Of course greedy apps are also why I have a Galaxy S7 with only the Delta Airlines app, the Uber App, my company's Timesheet app and, my company's Travel booking app installed and only the e-mail app configured. Everything else is disabled and/or has had all its permissions denied. Haven't installed any games or any other apps because they all seem to require permissions I am not comfortable (Why would a Tetris-like clone require access to my contact list anyway?). An 8-core processor being wasted on displaying email, showing a static image of a QR code, or a car icon moving across a map...

Is it time to unplug frail OpenOffice's life support? Apache Project asked to mull it over

Crazy Operations Guy

The "Holy Code" problem

The problem that I've seen with OpenOffice is the same issue that happened with OpenSSL. You have a core group of outstanding developers build a specific product; product then becomes hugely successful; original architects and developers leave/retire; technology undergoes many major shifts; original code is left in since its assumed that because ti was brilliant code initially, its brilliant code now.

This is why OpenSSL retained its own malloc-like function, no one wanted to break the critical code even though the reasons for it existing are no longer applicable (The Standard Libraries of many OSes at the time lacked a standardized malloc so the solution was to either bake a malloc into the code or write piles and piles of OS-specific code).

With OpenOffice, these issues rear their ugly heads when it comes to drawing the UI (Since TK / gTK hadn't matured by the time OOo was written) and for working with the OS (just like OpenSSL, OOo was written before many of these things were standardized across platforms).

At this point, the only thing that could really save OOo is to do a feature freeze for now and focus solely on cleaning the code that's already in there as well as cut stuff that is needed to run on older OSes / architectures and let the OS handle a lot of the grunt work.

Blackhat wannabes proffer probably bogus Linux scamsomware

Crazy Operations Guy

Re: Two words

Better yet:

PermitRootLogin no

Allowing remote access to the root account by default is such a terrible idea, I'm surprised Lennart Poettering didn't come up with it...

Uber lost $7m a DAY in the first half of this year

Crazy Operations Guy

Re: Is there a way i can register as a tech business?

Look up the story of CYNK Technology. They made billions off of doing next to nothing. All you need is press attention and then you can start going around to VC's until you can get listed on the NASDAQ and, with some creative PR, suck billions from the stock market.

All you need is a buzzword-stuffed idea, a slick looking website, and someone to write press releases for you. You may need to move to the Silicon Valley area to be close to the money trough..

NewSat network breach 'most corrupted' Oz spooks had seen: report

Crazy Operations Guy

Re: 2nd hand kit?

I'd also be nervous about their Sats as well. Might be best to de-orbit them and send some new stuff up to replace them (although knowing the level of technology they used, they should probably be replaced; can't get much bandwidth off of a Sputnik-clone, after all).

BSODs at scale: We laugh at your puny five storeys, here's our SIX storey #fail

Crazy Operations Guy

Airlines still use XP quite often

I've had more than a few delayed flights caused by the gate check machines Blue-screening and preventing the gate crew from printing the flight manifests or issuing gate-tickets for stand-by passengers. One of them crashed badly enough at the tiny, tiny airport I was flying out of that they had to fly in a fresh machine from the local hub (The airport's code was EAT, for those that care)

Big data busts crypto: 'Sweet32' captures collisions in old ciphers

Crazy Operations Guy

" set up your client to force frequent re-keying "

If you design a client for an encrypted connection that doesn't re-key for 750 GB, you should have your birth certificate revoked...

At 785 GB and a 64-bit key, that would be a payload-to-key use factor of 13,170,114,560. Any reasonable security engineer would expect their encryption to be broken at a hundredth of that...