* Posts by Starace

329 posts • joined 16 Jun 2007

Page:

Talk about a control plane... US Air Force says upcoming B-21 stealth bomber will use Kubernetes

Starace
Devil

But why?

If you want to run a compartmentalised containerised scalable workload on avionics there are already properly designed and standardised options available, with proper deterministic realtime schedulers underneath.

Though running a Kubernetes type setup on a mission support system might happen, you can put some odd things on stuff that doesn't affect flying or weapons. Though I'd still have thought security requirements might get in the way of Kubernetes being used.

Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers

Starace
Devil

More high quality 'research'

So it's maybe possible to spoof the transmissions and get the system to respond as designed.

Just a shame it's utterly impractical to spoof the transmissions in any useful form except on the bench, and they didn't even do that. In other words more bollocks security 'research' pointing out a flaw that doesn't actually exist except on paper.

Also the not so minor point that they tried everything on a sim - shame that even on the Type 7 / Level D devices code for a lot of the (non-rehosted) systems is there to recreate the training effect and *IS NOT A FULL REPLICA OF THE REAL SYSTEM* so any results mean very little. Been there, wrote that, ran the flight acceptance tests... That said I remember using real TAWS boxes on sims before (which have built in TCAS) because it was easier than trying to process their terrain databases etc.

SpaceX's Elon Musk high on success after counting '420' Starlinks in orbit and Frosty the Starship survives cryo test

Starace
Flame

Re: When will Starlink become operational?

3 months maybe, 6 months definitely.

Never heard that *exact* promise from Musk before, oh no. Usually translates into 'never'.

Other news isn't pointing to a lot of functionality being available soon beyond something very minimal.

Chinese carmaker behind Volvo and Lotus ships first two satellites for planned IoT ‘OmniCloud’

Starace
Devil

Re: Only two?

Ask Musk who actually paid for that Chinese factory of his, and why that part of the business is structured the way it is.

Why build a rival to Musk when they already own him?

Starace
Facepalm

Pascal, it might help if you knew what you were talking about. All sorts of manufacturing already moved to (or already existed in) other countries.

Vietnam is a popular location right now, everything from Samsung phones to underpants come from there.

All we'll see is an acceleration of the moves away from China that rising costs and threats of tariffs had already kicked off.

We're all stuck indoors, virtual reality tech should be hot. So why is Magic Leap chopping half its workforce?

Starace
Alert

Decent AR, at a price

The Varjo XR-1 does a pretty good job of AR, none of those stupid optics either - the optical combiner route is just never going to work well enough to really 'augment' reality.

Then again it is properly 'incredibly expensive' at €12k to get one in your hands. Plus the cost of something with enough grunt to drive it.

Excellent toy though if you're able to talk someone into buying one for you for 'development'.

Consumer reviewer Which? finds CAN bus ports on Ford and VW, starts yelling 'Security! We have a problem...'

Starace
Alert

Re: "Ford and VW"

Somewhere around here is a post I made which is somehow approved but hidden.

Basically good luck fiddling the buses from the Ford infotainment, the hardware is partitioned and the QNX bit has no access to CAN, it goes via datapool in shared memory to another board that can explicitly only read and write specific messages.

And you can't fiddle the infotainment software without either getting straight to the eMMC or having the correct certificate to sign any file you want to upload via the USB. But reading what's built into the factory image is easy because it's all in the upgrade packages you can freely download. There is/was a discoverable root password but the production image has no way to connect a debug console (doesn't try to start the ethernet dongle) so that's pretty useless too.

And funnily enough the CAN is all partitioned so you can't just wander around trivially, and some of the critical control buses are physically isolated. You can get around the general access security (though not the stuff needing privileged access) by reverse engineering the workshop tool protocols but that doesn't gain you much beyond what the workshop tool already does, except the ability to accidentally brick the modules.

Hur hur we canz hack it isn't quite as simple as it appears when it comes to actual exploits.

Starace
Alert

Re: Just a reminder here...

Yeah right.

It's one thing to emulate a button being pressed over the bus, it's quite another to make a module do something it's explicitly designed not to do - you'd have to replace the firmware with something utterly different and that's a whole other game.

If you're going to enter into the realm of fantasy there are easier ways to achieve the same result.

French pensioner ejected from fighter jet after accidentally grabbing bang seat* handle

Starace
Flame

Must have grabbed on hard

For obvious reasons the force required is set quite high to stop simple accidents, on the basis that when you really need to pull it you'll be motivated to do it as hard as you can until something happens.

On another note it's surprisingly easy to snap the steel cables inside the handles when you give them a suitable yank.

The sad thing with this story is that it's far from the first time someone has had a problem during a joy ride due to a long chain of carelessness, and also not the first time that things could have ended in an even worse way if not for a random event as things went wrong. At least they survived. I bet after the enquiry some were really feeling sorry for themselves.

Remember Tapplock, the 'unbreakable' smart lock that was allergic to screwdrivers? The FTC just slapped it down for 'deceiving' folks

Starace
Devil

Buy a proper padlock

*Looks at solid closed shackle Ingersoll 10-lever padlock*

A proper lock isn't cheap, but you won't get it open easily. The really good ones are built to take serious attacks and have some expensive lock cores in them.

What do a Lenovo touch pad, an HP camera and Dell Wi-Fi have in common? They'll swallow any old firmware, legit or saddled with malware

Starace
Devil

Reality

Signed firmware is a nice feature to have.

It also has a significant cost impact if you need to select an embedded controller that supports the required features to make it work, and there's usually an impact on boot time and also on how long it takes to program the kit - not so much a problem for the customer doing updates but a big issue for manufacturing.

A lot of specialist effort has been expended looking at this and it isn't trivial to sort it out even for things that cost a lot more than a webcam.

It's also worth mentioning that while signed firmware is nice to have it's not going to protect you against a truly capable opponent, it just removes the lowest hanging fruit.

Shipping is so insecure we could have driven off in an oil rig, says Pen Test Partners

Starace
Devil

And yet...

Despite all these horrible security flaws no particular sign of anyone taking advantage?

It's been nearly 40 years since Superman 3 yet no one seems to have done the 'hack ships to do stuff' thing in anger.

SpaceX's next Starlink volley remains stuck on Earth to glee of astronomers everywhere

Starace
Flame

Re: Planned IPO

Given that the Starship assembly looks like the sort of setup that would embarrass a backstreet workshop in Kabul (blokes on iffy ladders with cables trailing around working in a tent), and that they've scrapped or unintentionally blown up everything they've built so far I'm not expecting a lot of Starship action anytime soon.

Now if he'd built something more like Sea Dragon instead of a shiny comic toy mockup there might be something worth looking at. Would have managed the super-heavy lift, reusability and steel construction and maybe even have worked.

Starace
Black Helicopters

SpaceX launches

Some people might wonder if their eagerness to throw their junk into the sky is linked to the planned IPO and lots of spare launch capacity as they seem to have a collapse in demand from paying customers?

Demos of the system actually working might be a good idea too? So far all we have is lots of highly visible satellites (accident or useful way of proving they're up there?) but not a lot showing their fancy network in action.

Not that I'm cynical but Musk is involved so...

Cache me if you can: HDD PC sales collapse in Europe as shoppers say yes siree to SSD

Starace
Alert

'Primary storage'

So basically the same as we've had for a while now, SSD for the boot/system device and HDD for cheap bulk storage?

Sooner or later SSD will be cheap enough to use for everything but for the D: bulk cold store for all the junk had still has a role.

I do wonder though how many people know the difference between a cheap commodity SSD with low life & IOPS and a decent high grade NVMe one? A lot of the cheap stuff is slow garbage.

Internet's safe-keepers forced to postpone crucial DNSSEC root key signing ceremony – no, not a hacker attack, but because they can't open a safe

Starace
Devil

Hmm

I just hope they didn't do what matey in the photo was trying and think they can open the door by pulling on the side with the hinges on it.

Netgear's routerlogin.com HTTPS cert snafu now has a live proof of concept

Starace
Devil

No problem here

My Netgear router fixed this problem by blowing itself up on the same day the warranty expired.

Not been tempted anywhere near one since.

UK contractors planning 'mass exodus' ahead of IR35 tax clampdown – survey

Starace
Devil

Offshoring

Not sure about elsewhere but around my way the specialist contractors we used on and off for years seem to have vanished in favour of a swarm of replacement contract staff shipped in from offshore.

Shame they're all absolutely useless, quite possibly worse than the last offshoring experiment from 14 years ago.

What an absolute shitshow this whole thing is turning out to be from whatever side of the contractor/customer relationship you sit on.

Google Chrome to block file downloads – from .exe to .txt – over HTTP by default this year. And we're OK with this

Starace
Flame

Misguided paternalism

So yet again a small self-selected group decides that they think something is a bad idea and they'll forcibly stop everyone doing it because everyone else is just too stupid to think for themselves.

Centrally managed word/content filters next, tuned to a suitably Googly world view?

MWC now means 'Mobiles? Whatever! Coronavirus!' as Ericsson becomes latest to pass on industry shindig

Starace
Alert

Smart move

Looking at how things are progressing in China by the time MWC kicks off we'll have moved past 'Contagion' and be well into The Stand.

Windows 7 back in black as holdouts report wallpaper-stripping shenanigans

Starace
Devil

Re: Just MSFT things

QA? They've heard of it but they can't spell it.

Whoa, whoa... Tesla slams brakes on allegations of 'unintended acceleration' bug: 'Completely false and was brought by a short-seller'

Starace
Flame

Analysis

I'm sure I remember seeing a hardware analysis on this that blamed a voltage regulator reset on an integrated motor controller that was causing swings on the supply to the throttle sensors?

Pushing the wrong pedal isn't exactly rare but the statistics suggest something must be happening, and it being more than the idiots behind the wheel and overly rapid acceleration.

Copy-left behind: Permissive MIT, Apache open-source licenses on the up as developers snub GNU's GPL

Starace
Flame

Poison

I know that anything I've looked at recently tends to treat a GPL license as a poison pill. The lawyers look at it and see risk even for innocuous use cases.

It's a shame but that's the reality of it.

OpenAI's GPT-2 secret life as a pawn star: Boffins discover talkative machine-learning model can play chess

Starace
Alert

So just like its other output

Everything GPT-2 has ever produced (like fake news articles) is quite convincing at the start then quickly wanders off into garbage.

It just isn't that good, and definitely struggles to stay on track. A convincing opening can just be cribbed straight from training data but getting past that...

Intel teases NUC-leheads with new desktop-class graphics systems and a fast i9 CPU

Starace
Unhappy

Too expensive

They're nice little gadgets when you have a use for them, but the prices are always steep for what you actually get.

When you need that specific niche filled great but otherwise it's difficult to justify the cost.

Rowhammer rides again as FPGA attack, RSA again reportedly up for sale, anti-theft kit to nuke laptops, etc

Starace

Tesla 'security'

If you want a proper laugh have a look at how simple it is to gain remote access to a Powerwall, and then shudder at the destruction you can cause once you're in.

2 more degrees and it's lights out: Mercedes-Benz Grand Prix's toasty mobile bit barn

Starace
Alert

Overselling it

That 'mini dstacentre' would be what, half a racks worth? Maybe a whole rack if you really wanted to push it and have lots of spares. Hardly extreme.

And you don't treat the possibility of no aircon by having no aircon; you have aircon, you have backup aircon, then you have contingency cooling. You don't just skip to the contingency straight away.

Not a big shock though, often the team budget for these things is actually derisory. And no one actually wants the jobs as the pay and conditions are rubbish as the expectation is that 'working in F1' is a reward in itself. Hint; after the first week it isn't.

Tonight on Tales from the Crypto: It lives! GPU flinger Nvidia bouncing back after miner affair

Starace
Devil

Overpriced

They might shift more product and make more money overall if their prices relaxed back a bit, currently they range from steep to utterly insane when you look at the proper good stuff.

And that's before you get to the double-dipping for things like vGPU. That leaves a really nasty taste, charging to use hardware you already paid a fortune for.

And when you consider the mostly minimal improvements in performance with time and what seems like a slowdown in product iteration it feels like they've got lazy.

Shame, as my need for fast GPU is growing by the day for all sorts of things.

Welcome to cultured meat – not pigs reading Proust but a viable alternative to slaughter

Starace
Alert

Hmm

Seems like a complex expensive resource intensive solution to a problem that doesn't really exist.

I do wonder what they expect to feed their bioreactors on 'cos it won't be grass. And what happens to all the land used for arable farming?

One thing they may need to think about is where they're going to find cows to get their ongoing biopsies from if this goes mainstream; no one is going to keep cows for fun so commercial herds and breeds would go extinct, just like the specialist breeds of agricultural horse did once machines took over, or many fruit varieties. Commercial plant and animal breeds can disappear amazingly quickly.

Interesting tech but no panacea. Still probably healthier than that pea based muck with all the saturated fat thrown into it.

US Air Force inks deal with Raytheon on Windows 10 (and other) support for ARSE

Starace
Devil

Not the first one

Another aircraft program that shall remain nameless has a Single Harmonised Integrated Test Environment for all development work. The title is displayed in an extra large font with emphasis on the first characters just to make the point clear.

The Brits put in quire a few things like this (plus various scattered insults/digs), not sure the partner nations always get the joke.

Don't fall for the hype around OpenAI's Rubik's Cube playing robot, Berkeley bans facial recognition, and more

Starace
Facepalm

OpenAI hyping their results?!

I'm really shocked. They never ever do that.

Their only advantage over other researchers is better access to a credulous press.

Tetraplegic patient can now move his four limbs with the help of a badass neuroprosthetic suit

Starace
Boffin

Interesting idea but...

When you start looking into how neuromechanical control works you realise there's a lot more to it than the brain, muscles and some wiring in between.

A lot of muscular control and sensory feedback handling is embedded in central pattern generators in the spinal cord. Lots of autonomous actions and interactions that don't even need input from up top. Stuff like leg and foot motion, motor response and gait is driven by this layer not the brain.

So hopefully they've put their work into detecting intent and built the fine control and feedback into the hardware itself, because that's how the original systems work.

RAF pilot seconded to Virgin Orbit for three years of launching rockets from a 747

Starace
Devil

Not a promotion is it

Rotating out to some other job is a pretty normal thing for his career, and at least he gets to do some flying (other than a desk), but I can't think of many fast jet pilots who'd see playing with an antique 747 as a great pastime even if they might get to shoot fireworks off it occasionally.

Reach out and touch fake: Hand tracking in VR? How about your own, personal, haptics?

Starace
Boffin

Limitations

If you really want proper accurate hand and finger tracking you need quite a few IMUs (16 or 17) to capture the full possible range of motion. You can get away with smaller numbers if you're prepared to compromise on what you can capture (ie much more than fingers flex).

Of course this only truly matters if you're doing something that needs that level of fidelity.

The other issue is usually calibration, especially if you're trying to correlate with touching something physical. Then you need to measure that hands at some point to get the skeleton right and make sure you've got a decent hand waving calibration phase. With haptics instead you probably don't care quite so much.

These things seem quite expensive for what they are compared to other gloves with similar motion capture so what you're really paying for is the haptics. For the money I hope they've got the durability finally sorted!

These things are great when they work but we're still at the stage where there are lots of entrants in the market and none of them are perfect yet. Hopefully there's enough market demand to get this to settle out.

Tesco parking app hauled offline after exposing 10s of millions of Automatic Number Plate Recognition images

Starace
Alert

Data retention

Leaking the data is sloppy.

But the other question would be why they have retained so much for so long? Surely after the parking is validated and after a suitable delay for any challenges (like fines) they should be binning it? If they want long term statistics they can process and anonymise it and not need any of the source data.

Certainly no need to store all those images and related data permanently and risk them leaking.

Q. If machine learning is so smart, how come AI models are such racist, sexist homophobes? A. Humans really suck

Starace
Devil

Alternative argument

Some might claim that a study looking for bias, given a sufficiently large dataset, will always succeed in finding bias.

And good luck finding a truly neutral dataset based on human sources. That Utopian ideal just doesn't exist.

SpaceX didn't move sat out of impending smash doom because it 'didn't see ESA's messages'

Starace
Flame

Re: I OWN SPACE

You joke, but I'm sure I remember one of their claims for Starlink included some sort of automatic collision avoidance system?

Guess that must be from the same team as Autopilot, Summon and FSD.

Raspberry Pi head honcho Eben Upton talks thermals, stores and who's buying the kit

Starace
Alert

Wattage limit

What exactly is the issue here? It's not like upping the supply voltage is complicated, just hop to using USB-PD and cap performance based on the available power.

Might need to actually spend some time on finally sorting out the thermals though.

NATO sharpens its cyber-lances, prepares for war games with virtual jousting tournament

Starace
FAIL

Dear Moderator

I could probably have posted something interesting about thus but as all my posts go straight to moderation and no-one seems to bother checking the moderation queue it doesn't seem worth the effort.

Everyone remembers their first time: ESA satellite dodges 'mega constellation'

Starace
Alert

SpaceX refused to move

Reports on Twitter (eg. https://twitter.com/Astro_Jonny/status/1168592399729397767 ) that ESA contacted SpaceX to ask them to move their satellite and they said no and were generally unhelpful.

Whether this was because of their Musky corporate culture, or because their cheaply built junk satellite is actually incapable of manoeuvring isn't clear.

Electric cars can't cut UK carbon emissions while only the wealthy can afford to own one

Starace
Alert

Price equivalency

That's going to be a good trick - the bulk of the cost difference is in the battery and given those are already (mostly) a commodity item in mass production where exactly do they see the reductions coming from?

You'd have to see all sorts of innovations appear and material prices collapse for anything significant to happen. And even then it still won't be cheap for a 30-100kWh battery.

Google bans politics, aka embarrassing stuff that gets leaked, from internal message boards

Starace
Alert

Monoculture

They've been criticised before about fostering a Googly monoculture and it certainly looks like this will reinforce that; express the wrong thoughts on something and they'll be purged.

Chrome fans get that syncing feeling again as Google moves to bolster browser protections

Starace
Flame

Re: One ring to bring them all

Google can kiss my One Ring.

Microsoft hikes cost of licensing its software on rival public clouds, introduces Azure 'Dedicated' Hosts

Starace
Alert

Re: $106k over three years

Now you understand where the profit comes from...

Another rewrite for 737 Max software as cosmic bit-flipping tests glitch out systems – report

Starace
Flame

People will soon forget this

The sad truth is that people will soon forget all about this, just like they've forgotten all the rudder related issues of the 737.

And just like the big aircraft suppliers have forgotten the past and are firmly back into the 'do it cheap, do everything in house, everyone else are idiots' ways of thinking. Over the last 10 or 15 years everything has become extremely parochial again.

Microsoft snubs Hololens loyalists by already ending feature updates – even though version 2 isn't out yet

Starace
Alert

Confused

So they're basically saying that their current working but superceded product is going to be frozen with the current feature set? But they'll still provide security updates? And they have a replacement version with a better feature set?

That isn't abandoned or ophaned, that's a normal product life cycle. Abandoned is when it gets no updates at all and the whole concept and infrastructure is binned and this isn't that.

What exactly were people expecting to happen with v1.0 going forward?

Hack a small airplane? Yes, we CAN (bus) – once we physically break into one, get at its wiring, plug in evil kit...

Starace
Alert

Threat model

So basically you could do something because there's a non-encrypted bus, but it's a complicated way to achieve something you could do much more easily in other ways with the same level of access.

It's a bit of a common theme with security research to state the obvious and look for problems that really aren't.

Oh sh*t's, 11: VxWorks stars in today's security thriller – hijack bugs discovered in countless gadgets' network code

Starace
Alert

Inconsistent

So lots of warnings about all the critical devices that might be affected, but the actual VxWorks versions intended for those things aren't affected?

So are all the dire warnings true or not? They seem to talk worst case a lot (scope of effect on important kit and difficulty of fixing certified kit) while also letting slip that this sort of thing should never have been impacted anyway.

A certified RTOS is a special beast for all sorts of reasons so I'd really hope no one used a normal version in anything that mattered.

Microsoft bungs a billion bucks at biz developing AI that will take our jobs 'for the benefit of all'

Starace

Re: Not releasing GPT2

More because if they really let it out in the wild it would be even more obvious that it spouts even more gibberish than a Buzzfeed reporter - it's only convincing if you don't read very far and are really bad at spotting the inconsistencies.

There are better systems out there.

Too hot to handle? Raspberry Pi 4 fans left wondering if kit should come with a heatsink

Starace
Flame

Heatspreading technology?

Having created conduction cooled boards in the dim and distant past they tended to be a bit thicker than that to get the copper and heat conduction layers in. Plus they were usually firmly strapped to something at the edges to dump the heat into, pcb foil layers not exactly being renowned for having massive heat capacity. So I'd assume the 'heatspreading' on this isn't adding much at all.

Hope something useful and cheap pops up to sort this out.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020