Re: FASCISM!
-1: Troll, Offtopic
Do you have any comment on the article, Mr Mangrove? Or are you just being a shit-monopole? (attracting shit from all sides)
Posts by cyberdemon
3170 publicly visible posts • joined 26 Jan 2010
Page:
FTC sticks a probe into 'surveillance pricing' Big Biz uses to gouge us all
EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft
Tuesday 23rd July 2024 14:21 GMT 
Re: WHQL
I wonder if Data Execution Prevention would have helped here? Even if only by forcing CloudStrife to write a better piece of software
Dave Plummer seems to suspect that the update contained executable code, which was pulled into the "signed" driver and executed. DEP should have prevented that?
On the other hand, the file could still have been plain old data that caused the driver to generate a null-pointer.
Apparently the file in question was all zeroes, so they obviously have no input validation whatsoever.
Facebook prank sent techie straight to Excel hell
Curiosity rover is crushing it: Ran over a rock and found pure sulfur
Serco appoints former GDS leader Tom Read to digital leadership role
FTC grabs controller as Microsoft jacks up Game Pass price by 81%
EU's renewable hydrogen plan needs a 'reality check'
Saturday 20th July 2024 15:50 GMT
Indeed. And since Hydrogen can't in reality be dyed a colour (unlike red diesel which is literally red), I have no doubt that lesser "colours" of Hydrogen (Black/Brown/Grey/Blue/Turquoise ...) will be passed off as "green" in a similar way as ROCs are used to greenwash electricity. See also: "Sustainable Palm Oil" etc.
Agile Manifesto co-author blasts failure rates report, talks up 'reimagining' project
Angry admins share the CrowdStrike outage experience
Friday 19th July 2024 18:30 GMT
> The LAST person who should be blamed is
The first person who WILL be blamed. Cynicism is bred from bitter experience
Clearly CrowdStrike believed that any update to a mere data file would be safe, and didn't bother to enforce any testing on them, perhaps believing that it was better to update them quickly to address new threats rather than delay their release due to testing. Personally I think this is a secondary problem compared to the apparent fact that they had never tested a corrupted data file against their system-critical kernel module..
For the kernel module to ingest a bad file and cause a BSOD, it would have to: a) not bother to fully validate the file before ingesting it, AND EITHER b) contain a memory-corruption or similar bug that causes a BSOD when processing a bad file OR c) very poor error-handling such that when a bad file is encountered it BSODs instead of simply logging the issue and rejecting the file
CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear
Friday 19th July 2024 21:40 GMT
Re: Written word
I appreciate the coverage. Both written and spoken.
I've often railed against the morphing of journalism into podcast chatter and u-bend narcissism, but this time we had about 5 written articles and one audio summary (i didn't watch the heads move) which is a good balance IMO, and it was a good summary.
CloudStrife (for that is what I will call them from now on) have perfectly demonstrated how there is "no silver bullet" for infosec, and they have provided me with a plentiful supply of schadenfreude for a Friday afternoon.
Life, interrupted: How CrowdStrike's patch failure is messing up the world
Friday 19th July 2024 16:41 GMT
Re: WTF?
Oh yes. If you thought "Windows Server" was an oxymoron, check out "Windows Embedded".
Used by many industrial control systems and even PLCs ("Programmable Logic Controllers", which used to use very basic operating systems, but the likes of Beckhoff have gone for Windows Embedded) across the globe
CrowdStrike shares sink as global IT outage savages systems worldwide
Friday 19th July 2024 13:00 GMT
Re: Quiet in the comments - is everyone busy firefighting?
> My condolences to those looking at RSI from entering zillions of bitlocker keys.
Wait, the workaround trips BitLocker? Argh
So for some, CloudStrike has turned Microsoft into an inept but large ransomware gang?
Where's my BitLocker key? It's somewhere in AzureAD.. Which one is for this server? Err ..
Microsoft 365 remains 'degraded' as Azure outage resolved
CrowdStrike file update bricks Windows machines around the world
Friday 19th July 2024 13:42 GMT
Re: drivers are not for security
See also: "Rootkit"
Most so-called "anti-virus" software fits the definition of a rootkit. It installs a kernel module "driver" to override system calls, placing a man-in-the-middle to calls like fopen() and read()
It's a terrible security paradigm, because it means that software can be insecure, we will just rely on this rootkit-thingy to protect us when something nasty happens.
It's a bit like leaving all your doors open but instead paying someone from the local mafia to house-sit
Friday 19th July 2024 12:44 GMT
Re: Related?
I think the main things we can blame on Microsoft are:
1. The prevailing practice of allowing third-parties to run non memory-safe code in kernel space, and the normalisation of installing a "rootkit" as an anti-virus tool
2. Training users/admins that they must allow all software to automatically apply updates as soon as they are pushed. Anyone who had delayed CrowdStrike's updates for 24 hours would be breathing a huge sigh of relief right now.
Friday 19th July 2024 12:35 GMT
Re: Related?
> Is there no way of instructing client machines to boot from an emergency OS over the network?
Maybe on systems with IPMI, you might be able to remotely instruct the BIOS to boot Windows into Safe Mode to apply the workaround, but then you might not get network access to the machine as it won't be running it's VNC service or whatever, so you might still have to go round the racks with a Keyboard and Mouse. I'm not sure if the IPMI itself can provide a remote display
Frankly, I despair that people still use Windows in datacentres. It's never really been designed for remote operation.
Sam Altman sues builder over $27M flooded, sewage-hit 'lemon' of a mega-mansion
Tesla sales, market share dip in EU while other EV makers grow
Thursday 18th July 2024 17:43 GMT
Re: First mover bonus no longer enough
How does this work for companies who just don't make any EVs? There must be some of them, especially smaller firms and racing cars. If I set up a small company and sold one custom combustion-engined car, would I have to bodge together a couple of electric go-karts to avoid a fine?
Could a larger firm simply buy up a manufacturer of kids' plastic ride-on toy cars and count them against their EV quota?
Release the hounds! Securing datacenters may soon need sniffer dogs
Big Music reprises classic hit 'ISPs need to stop their customers torrenting or we'll sue'
Tuesday 16th July 2024 15:59 GMT
Re: NOW! That's what I call Killing Music!
Don't forget AI !
I suspect the only reason the RIAA aren't whingeing on about AI actually is because the record companies know they can use it to churn out artless drivel without paying anyone, and then they can sue people for copying it! Chicken Dinner
Imagine being sued for torrenting an AI-generated music album ...
Don’t blame AI for rise in carbon emissions, says Google exec
Porting the Windows 95 Start Menu to NT
Rite Aid admits 2.2 million people’s data stolen by criminals
Three words to send a chill down your spine: Snowflake. Intrusion. Alert
Sunday 14th July 2024 01:02 GMT
Re: For those who like to [read] rather than view
Or maybe, someone might be able to write something for us to read, based on the main points of a discussion that they had with someone. I think it used to be called 'journalism' ..
Now there's just "Watch me talk to someone. Don't forget to like and subscribe to my YouTwat channel!"; "Here's some more videos of Twats you might like!"; <picture of a gormless face and some arrows that people apparently click on>
Saturday 13th July 2024 15:54 GMT
can AI save us from the scourge of malware?
More like: Can AI automate the hell out of inventing, deploying and exploiting malware at a scale unthinkable to humanity? Yes.
The basic problem is: "AI works 20% of the time."
For a defender, that's hopelessly useless. For an attacker, that's incredibly useful, because even if the true figure was 2%, they can scattergun thousands/millions of targets with zero effort
Microsoft 365's Chinese host uses just four percent renewable energy: Greenpeace
Friday 12th July 2024 13:11 GMT
Re: Renewable energy
Or if you're Drax, then you can chop down trees, burn them to produce even more CO2 and particulates per MWh than the dirtiest of brown lignite coal, and claim to have negative emissions deserving double subsidies!
It was interesting to note yesterday on Drax's website that when an Elexon glitch caused all sources bar Wind, Solar and Imports to show as zero, their calculated CO2 emissions per MWh went negative. There's something very fishy about that. Either the data glitch had borked their calculations (which is probably what they would say) or someone is cooking the books and double-counting CO2 savings somewhere.
South Korea orders 'Star Wars' lasers to blast Northern drones out of the sky
Friday 12th July 2024 12:11 GMT
Re: In the Future ...
It's illegal to fly them Beyond Visual Line of Sight - so you should have been able to see the operator (or they should have been lurking behind a hill, where they can see their drone, but IIRC they should also be able to see what is beneath their drone)
But I agree - definitely need some kind of portable magnetron to zap drones, boomboxes, e-scooters, etc. Apparently the police are getting them, but they are quite bulky.
Trump threatens to send Meta's Mark ‘Zuckerbucks’ to prison if reelected president
Friday 12th July 2024 00:04 GMT
OK, to make it fair, they both get a grenade each.
You brought a grenade to a cage fight? Yes, it's called "Mutually Assured Destruction"
Would Zuck manage to convince Donald to put down the grenade? Doubtful. Would Zuck try to use his martial arts skillz to get both grenades and then beat up trump, before dropping one and blowing them both to smithereens? Probable.
We're out of popcorn. Anyone for pork scratchings?
OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable
Thursday 11th July 2024 20:28 GMT
> potentially nasty, because it affects a part of OpenSSH that's running with reduced privileges
Er... Shurely it's less potentially nasty than a bug in root-priveleged code? The snippet from the Debian guy seems to agree ..
> "although this is a high-severity bug, it's running in a process with separated privilges. This means that the affected code is running like an ordinary user account, not an administrative account, so the potential attack is more limited."
America's new Sentinel nukes mushroom 81% in cost. Pentagon says it's all good
Thursday 11th July 2024 13:16 GMT
Re: Cheap commercial off the shelf alternative
> The submarine programed the missile computer to expect a new super fuse. So when the missile exited the water and turned on it detected an error with the arming fuse and self destructed
Is that the excuse they are going with? I thought Grant Shapps just pressed the wrong button
How low can you go: Tesla's US market share dips below 50% for the first time
Thursday 11th July 2024 10:57 GMT
Re: I must admit
Not sure about Tesla specifically, but the whole used-EV market has been plummeting for some time: https://www.cnbc.com/2024/06/16/used-ev-price-crash-gets-deeper-with-premium-brand-idea-history.html
What would you expect from a $100k "piece of Tech"? I imagine they keep their value about as well as a pallet of 100 iPads ...
There are some features of a Tesla that don't depreciate on the used market though, e.g. their ability to make you look like a total utter bellend, which for some is apparently a selling point.
Speed limiters arrive for all new cars in the European Union
Thursday 11th July 2024 09:43 GMT
Re: The devil is in the detail
Presumably in an EV, the cruise control can be an absolute velocity setpoint, and it would hit the hill and maintain its set speed with more rigid precision than a funicular tram
But maybe they deliberately slacken off the control gains to make it 'feel more like cruise control'
Elexon's Insight into UK electricity felled by expired certificate
Tuesday 9th July 2024 17:14 GMT
That was due to "intermittent data" though, and it was visible in their graphs, with some sources spuriously dropping to zero. I don't think an expired cert would cause that? Probably a separate issue.
However, I did notice that Drax Electric Insights (which provides the same data, not as good IMO as gridwatch except that they also have a price graph) was unavailable for an entire month, and that seems more likely to have been caused by this certificate issue.
Gridwatch did not seem to be affected so much, maybe they simply ignored the cert all along?
EV world in serious trouble if China cuts off rare earth materials
Monday 8th July 2024 01:18 GMT
> Car makers seem reluctant to wrap the motors around the axels.
One reason for that is "unsprung mass" - the bearings in a motor take a lot of strain as it is. If you have motors on the axles (or in the wheels) then they take an extra bash with each pothole, if they are not protected by the suspension. This can crush the balls in the bearings if it's a particularly nasty bash.
Trains have the rather wonderful advantage of a smooth rolling surface with no potholes. So they can put motors on the axles.
Thursday 4th July 2024 18:19 GMT
No, SynRM and EESM are different (but both new, interesting kinds of rare-earth free motor)
Synchronous Reluctance (SynRM) use a ferromagnetic rotor (i.e. iron) which is specially shaped so that it polarises like a PMSM rotor with alternating poles. (Reluctance = ferromagnetism) it's similar to a Switched Reluctance motor in the same way that a PMSM is similar but better than a "brushless DC" motor. The difference being sinusoidal back-EMF and smooth electronic commutation.
EESM might be what the OP was referring to? It uses induction to create a current and electromagnetic field in the rotor, but is quite different to a traditional (asynchronous) induction motor..
As both EESM and SynRMs are fairly new (and afaik both need bespoke drive electronics) I can't really comment on their relative merits. But both have the advantage of being easy to maintain - it's quite difficult/perilous to disassemble and reassemble a large permanent-magnet motor
Thursday 4th July 2024 09:12 GMT
Are you trying to say that an EMSM is an induction motor? It isn't..
The only reason ICEs have maintained popularity is their ubiquitous and energy-dense power source. That and their price, as they are made out of steel and not much else. In most other respects EVs are better.
If you had an electric motor with poor low speed torque, then you'd need a (selectable) gearbox, which adds to weight, inefficiency, cost, and further erodes any advantages your EV has..