* Posts by Solmyr ibn Wali Barad

1143 publicly visible posts • joined 26 Feb 2013

The Walton kids are ABSURDLY wealthy – and you're benefitting

Solmyr ibn Wali Barad

Re: Externalities?

Yes, external factors are hard to account for. Some of them are covered in confidentiality, like agreements with suppliers. It's not a secret that big retail operations tend to leech their suppliers pretty hard. Tax incentives are usually semi-transparent - public authorities do not like to advertise them, but cannot bury that information completely.

But there is a lot of external factors, for example a number of competitors and local producers leaving the business, that are not directly attributable nor measurable. It may well be that some of the perceived savings are covertly coming from someone else's pocket.

'Things' on the Internet-of-things have 25 vulnerabilities apiece

Solmyr ibn Wali Barad

Re: Not surprised, but...

I'm terribly sorry, but I have to downvote your post. Despite having upvoted btrower's post at the time. His comment was emotionally toxic, but to balance it out, it was also long, informative and thought-provoking. Your comment fell a bit short on the second part.

If you're going to call people luddites, you have to have a damn good argument to support that. Namely, you'd have to show why the IoT push would end any better than previous appliance pushes - which produced untold millions of things that do not work properly, and will never be fixed, because the industry has pretty much forgotten about them. That's the problem. Industry cares about peddling "technology", "solutions", "ecosystems", "architectures", "visions", and so on, and so forth. Not the things that would actually work as promised.

And in this sense, IoT opens a new can of worms - we can expect a myriad of connected devices that present an active and increasing risk, and manufacturers caring diddly squat about them. Unconnected appliances did not pose such risks - they could be forgotten rather safely.

SPY FRY: Smart meters EXPLODE in Californian power surge

Solmyr ibn Wali Barad

"A thing nobody wants, being badly implemented, driven by the mistaken but implacable idea"

Fundamental qualities, if not prerequisites, for any large-scale project with a political support.

Encryption is the REAL threat – Head Europlod

Solmyr ibn Wali Barad

Re: AT WHAT POINT WILL THEY STOP?

Yay, revolution. That'd make things so much better. Those nice Jacobines really cared about freedom and equality, did they. Or Lenin and his merry men.

Success stories do exist, but they are few and far between.

Solmyr ibn Wali Barad

Re: Yet another one? How do we get rid of him fast?

"this is likely to be a concerted effort at meme injection into the hoi polloi body"

Not very likely. Well-constructed meme wouldn't be so fucking ridiculous, but these outlashes against encryption tend to be just that. I'd rather suspect it's the Peter Principle that has provided us with so many high-ranking windbags. And sadly, there seems to be a shortage of Ostap Benders, or Sir Humphreys, to shut them up.

Building a better society from the Czechs' version of Meccano

Solmyr ibn Wali Barad

Re: Had the pleasure of working with Russians trained in tne 80s

"The Soviet system produced some clever, resourceful people"

It's hardly the Soviet system as such, but rather an eternal deficit of, well, everything. Rough times make people creative. And in Russia, there has never been a time that was not rough on the people.

Although an education system that was heavily biased towards industrial skills certainly played a part.

Solmyr ibn Wali Barad

Re: standard economic joke about Soviet-style socialism

"it was a system to dig up the coal and ore to make steel out of which to build the machines to dig up coal and ore for steel."

That's the nicer one. Another standard joke was "steal a crate of vodka, sell it, and spend the money on getting drunk".

Wind turbine blown away by control system vulnerability

Solmyr ibn Wali Barad

Re: Oh Good Grief

That mature industry relies heavily on SCADA. Forfeit your belief, and despair.

Dear departed Internet Explorer, how I will miss you ... NOT

Solmyr ibn Wali Barad

Wow.

That was one mighty rant. Or it might serve as a stylish tombstone for that notorious old bugger IE4. Like a ten-foot statue for a deceased mob boss.

Quantum computers have failed. So now for the science

Solmyr ibn Wali Barad
Devil

Re: For Markets in a Pickle and Heading for a Mass Flash Crash

"Who let you out again you fucking loon!"

Gooood. I can feel your anger. Go ahead, say what you wanted to say, reveal those things that you want to be done to him - and your journey to the Dark Side shall be complete.

'Rowhammer' attack flips bits in memory to root Linux

Solmyr ibn Wali Barad

Re: ECC is not enough

Sure, all you have to do is to set the whole word (comprised of bits that are located in several physical DRAM chips) and its checksum at once - during the same RAS/CAS cycle. That way it would look like a normal write.

Good luck.

Grab your pitchforks: Ubuntu to switch to systemd on Monday

Solmyr ibn Wali Barad

Re: Can't there be a simple and effective Linux distribution?

"Systemd apparently manages X sessions"

Stunning revelation. To put it mildly.

Give biometrics the FINGER: Horror tales from the ENCRYPT

Solmyr ibn Wali Barad

Weird.

30-something comments, and nobody has threatened to cancel the subscription yet? Or wanted 10 minutes of time back?

Gosh, I so hope that Mr Dabbs hasn't lost the knack.

C’mon Lenovo. Superfish hooked, but Pokki Start Menu still roaming free

Solmyr ibn Wali Barad

Re: You can always try YumCha

"The correct Ozism for "I can't remember the brand, you've never heard of them and they'll be long gone in six months anyway" is Kung Pow."

There's another - We Con. Reserved for a very nasty stuff. Dodgy powercords that are labeled as 10 A, but their wires can barely manage 1-2 A. Power supplies that have dozens of components optimised out. Heck, who needs all those capacitors and filters and thermal resistors there.

Solmyr ibn Wali Barad

"It may not be the case that all monopolies are illegal, but the majority are."

He was technically correct - having a monopoly is not illegal. Company may end up being a monopoly simply because others decide to leave the market.

But abusing a monopoly position is illegal. Usually it's a temptation too great to resist, so we don't get to see benign monopolies too often.

Solmyr ibn Wali Barad

Re: Why are you even diagnosing this lappy?

"I have installed an official windows iso from digitalriver and registered it with the serial number printed on that microsoft sticker couple of times already. Anybody with OEM licensed windows can do the same."

Not anybody. Only those who have a sticker. Windows 8 OEM versions mostly don't. And for greater amusement, Win8 SLIC code is not usable for vanilla 8.1 media, you have to install 8.0 first and then upgrade. Again, mostly. It's complicated like hell. Sometimes you'll have to sacrifice a goat to get W8 activated.

Gemalto: NSA, GCHQ hacked us – but didn't snatch crucial SIM keys

Solmyr ibn Wali Barad

Re: Well they would say that

And of course you would say that they would say...

Damn, that's getting complicated.

Didn't the Left once want the WORKERS to get all the dosh?

Solmyr ibn Wali Barad

Re: Stupid

But...but...Marx looked very wise, beard and all, how could he have written rubbish?

/it's an election time, have to play along/

Solmyr ibn Wali Barad

Re: Captialism got rid of Racism!!

"At what point do they become evil exploiters? /.../ Is there an 'evil boss' induction ceremony they have to attend?"

It's the secret handshake. Which nobody hasn't seen (it's secret, natch), but is known to exist beyond any doubt whatsoever.

Apple: Fine, we admit it – MacBook Pros suffer wonky GPU crapness

Solmyr ibn Wali Barad

Re: Not the first time

Previous one was a soldering problem inside video chips, multi-layered sandwitches as they are. Nvidia took responsibility, after lots of wrangling, and paid reparations to computer companies. Web search on "Nvidia Bumpgate" should turn up a series of articles about that.

This time it's alleged to be between the video chip and motherboard. Not entirely same thing. That part of soldering is done on Foxconn lines. Whether it's done with a single heatblast for the entire board, or is there a separate step for GPU, can't really tell. Could be either way. Certainly looks like solder didn't turn out strong enough to withstand years of thermal stress (expansion and shrinkage cycles) around GPU. Which is painfully difficult to achieve.

In any case, Nvidia is probably out of the loop. Maybe Foxconn takes the hit this time. If it was an overlook in manufacturing. Or Apple will find that GPU cooling was a bit underspecced, which would be a design issue.

Lenovo to customers: We only just found out about this Superfish vuln – remove it NOW

Solmyr ibn Wali Barad
Trollface

Re: cert advisory re Komodia

Thanks for the link. Especially loved the mention of ring0 rootkits.

Now that is a worthy question, the most fundamental problem of modern IT - whose rootkit do you trust, in order to keep others out? Because not having a rootkit doesn't seem to be a valid option anymore. Most security products are using shady techniques, more like 50 shades, to give us a false and perverted sense of security.

Fuckyouverymuch, purveyors of "safe computing experience". I'm going to build myself a stone abacus. Root THAT, suckers. We'll see how well you can handle a chisel.

/rant off/

Solmyr ibn Wali Barad

Re: cert advisory re Komodia

Lavasoft? Holy crap.

Alas, seems to be true. Besides their usual ad-removal tools they have this Web Companion thingamabob, where Komodia served as an SSL analysis tool. Neat. And as a cherry on the pie, there's a fuss with Comodo certs too.

arstechnica.com/security/2015/02/security-software-found-using-superfish-style-code-as-attacks-get-simpler/

Lavasoft has said that they have removed Komodia. Not sure what'll happen with Comodo.

So long, Lenovo, and no thanks for all the super-creepy Superfish

Solmyr ibn Wali Barad

Re: @Mephistro (tl;dr)

Thanks for sharing. Looks like you had a real scam pulled on you. Sorry for the doubts and geeky behaviour (hey, grab your keyboards, somebody seems to be wrong on the Internet! :-) )

This case wouldn't be any different between US/Europe. Refusal to fix DOA products is intolerable on either side of the pond. I assumed incorrectly that capacitors failed just outside the normal warranty, which is the most typical situation. And there it starts to depend on the context - is the problem widespread enough to justify a warranty extension, what's the cost/benefit ratio, is the component supplier willing to share costs, etc. Reputable names have done it occasionally. Albeit they don't advertise it outside the partner network. Public recalls are mostly for the safety-related issues like flaming batteries and dodgy power parts.

Anyhow, there's a saying that it's the ability to handle big screw-ups that separates boys from men. Some say even this is not enough - a real man has to cause a serious blunder first, then clean it up, and learn his lessons on the way.

Let's see how present-day Lenovo handles things. At first, CTO managed to pour oil on fire, but over the weekend, they pulled an U-turn. That's slightly better than the usual "you're holding it wrong" crap we've been accustomed to.

Solmyr ibn Wali Barad

Re: @Mephistro

OK, if you really managed to encounter Lenovo products in the nineties... But no, I still cannot say "fair enough" about it. There was no infamous brouhaha back then. Capacitor failures have happened since their invention, for any number of underlying reasons. And an equipment vendor that'll repair things outside the warranty period is a rare sight. Must be a truly known and endemic issue (like it was in 200x) to get free service.

15-20 years is a very long time. Technologies have changed, product lines have came and gone, companies have changed. For better or worse, as the case may be. By such absolutist standards we shouldn't buy anything from anybody, ever. Because I really can't name a worldwide brand where I haven't seen a blown capacitor. Must've replaced thousands of little buggers over time.

Solmyr ibn Wali Barad

@Mephistro

"I haven't purchased or advised to purchase any Lenovo kit since the infamous brouhaha with the bubbling capacitors in the nineties."

You what?! We're giving Lenovo a good bollocking for the things they do, but you managed to spoil the fun with just one sentence.

- Lenovo was entirely unheard of in the nineties.

- First capacitor plague started around 2000, low-esr.com had a good article about it in 2002. Basically, a good half of the Taiwanese cap production was rubbish because of badly copied chemical composition. Fascinating story, actually, if anyone can be arsed to look it up.

- Second wave was a Chinese production in late 2000's. This time it included a lot of "mislabeled" caps (like having a 16uF cap in a bigger 47uF barrel), and counterfeits of the reputable names like Sanyo. Besides the usual noname business.

- In both waves, affected caps ended up pretty much everywhere. In PSU's, monitors, motherboards, etc, all over the world.

Well, besides these two major plague-like events, there have been lesser screw-ups every now and then. These are not so remarkable. It's quite easy to kill an electrolyte capacitor, if you don't leave a sufficient safety margin for it.

Solmyr ibn Wali Barad

Re: Cue the ClassAction lawsuits in 3... 2... 1...

Disclaimer on a coffee cup: "Warning! Our coffee is so delicious that it may cause an addiction. Oh, and it's hot, too."

Solmyr ibn Wali Barad

Re: I won't be buying Lenovo or ASUS.....

There are always examples and counterexamples. Asus U35 happens to be well-engineered. Had to take one apart after a domestic accident, it was a pleasant surprise. Still works, too.

Basically, brand doesn't mean much, all mentioned companies have produced lemons every now and then.

Solmyr ibn Wali Barad

Re: They shot themselves in the head

"It is unlikely the Server side of Lenovo will suffer from the Consumer laptops being infected with a security threat "

Not directly. But with clueless people at the helm, they'll bork something in servers sooner or later. Remote management cards are a prime example here. Their security sucks industry-wide. Thought that it could get even worse isn't exactly comforting. Then there's management software that all vendors are so keen to push, often claiming that only their own shitware is supported for management purposes.

Enterprise customers are able to identify threats, at least mostly, and put up a good fight. But small business just doesn't have means for it.

Solmyr ibn Wali Barad

Re: "Superfish wasn't a major contributor to the manufacturer's bottom line"

That's not a problem. Now THIS is a problem.

Seriously, if a corporate CTO can claim with a straight face that there's no security problem...they do deserve all the ridicule they're getting, and a good punch in the wallet.

Did NSA, GCHQ steal the secret key in YOUR phone SIM? It's LIKELY

Solmyr ibn Wali Barad

Re: Colour me sceptical

"But if those temporary files are on a B1 or similar secure system"

There they are probably subject to same access restrictions as normal files. I was thinking about raw volume-level copies, like storage system snapshots. If (and that's a big if, as we can only use speculation and educated guesses on this matter) these copies will be mounted to a different server, which doesn't quite honour the restriction system? Or an extra duplicate gets made somewhere on the way? Point is, restrictions embedded into the data are not sufficient. Backup and test systems have to have a similar level of scrutiny than production ones. But rarely have.

A crude example closer to home. If I can get a volume dump from a Windows machine, I can happily mount this volume via Linux ntfs-3g driver, and presto - Windows ACL's that are set on files are ignored, all files, including ntuser.dat files, are readable. And nothing gets logged into the Windows audit log. Therefore a good chunk of normal security measures are already bypassed.

Oh, well. Whatever security measures you can think of - they are not absolute. There are plenty of cracks for a BOFH to slip through. And if they're not wide enough, a stolen bulldozer will help.

Solmyr ibn Wali Barad

Re: Colour me sceptical

"You can back up the files and do sysadmin stuff without needing to be able to read the data"

Well, yes, but there is a part that's frequently overlooked. Temporary copies that are routinely created and destroyed. Quite a lot can happen to these copies during their short lifetime, without anyone really noticing.

Solmyr ibn Wali Barad

Re: Colour me sceptical

Database dumps can be a real treasure trove. And usual tricks like access restrictions and audit trails may not be effective against an admin, whose daily job is to juggle short-lived database copies around.

It is a good thing to be sceptical, asking questions and seeking answers. If the intentions are honourable and the questions are fair. Are they?

Solmyr ibn Wali Barad

Re: Does anyone still think this is only about terrorism? ...Its just too big a dragnet...

"most intelligence services are doing it and those that aren't well they want to"

Heh. That would make a nice comedy sketch. "Because we currently lack technical means to record phonecalls, we kindly ask you to record all your phonecalls, and mail the tapes to the aforementioned address. CD and MP3 formats are also accepted. Thank you for your cooperation, citizen."

Superfish: Lenovo ditches adware, but that doesn't fix SSL megavuln – researcher

Solmyr ibn Wali Barad

Re: or to serve as an expert in legal proceedings.

Probably so. Jury trial is supposed to be a 'common sense' test, so selection process should filter out anyone who's not so common. And remove people with a clear bias or prejudice. How's that working in practice, I wouldn't know, haven't seen it close up. Probably less than perfectly, as jury foreman in Apple vs Samsung so aptly demonstrated. He got away with playing an "expert" during a jury session.

Yes, some experts can be outright scary. Highly educated (which is kind of a requirement), highly decorated, and able to talk utter bollocks with a confidence.

Solmyr ibn Wali Barad

Re: If we self-ban any vendors who do this shit...

Oh, that's just bloody great. In the meantime, Lenovo's corporate CTO has come out with a claim that security risks are only hypothetical. It's time for torches and pitchforks then.

Solmyr ibn Wali Barad

Re: If we self-ban any vendors who do this shit...

"We'll run out of vendors to buy from."

Agreed. Knee-jerk reactions are often unjust, and rarely adequate.

Main thing to understand would be that corporations and their brands are not monolithic entities. There are several divisions, essentially different companies, whose goals are often in conflict. For example, Sony Music (aka former Columbia) is a very different beast than Sony Electronics or Sony Mobile. Punishing other divisions for that bloody rootkit is an overreach.

On the other hand, misbehaving division is not good for the company, nor anybody else. So there is a reason to make noise about it, in a hope that the corporate overlords can be persuaded to take actions. Hasn't happened with Sony conglomerate though. They're still stubbornly subsidizing their failing entertainment arms. Maybe they do deserve the ridicule afterall.

Speaking of Lenovo - they're not a single brand either. Consumer division seems to live on a different planet. Probably have green skin and tentacles too. Business side seems to have its own share of morons - somebody thought it's a good idea to introduce "affordable Thinkpads" like S, L and Edge series. Which are nothing like Thinkpads if you'll have a look under covers. Cheap noname stuff with a Thinkpad logo. Classic example of brand dilution. And even IT guys often fall for this scam.

Fortunately, T, X and W lines are still worthy.

Solmyr ibn Wali Barad

Re: Well....

"Still have no new laptop. Am I a failure?"

Maybe. But you are certainly not alone - my trusty T40 says hello. It has survived quite a lot of newer doodads, so it remains to be seen who has the last laugh on this.

Solmyr ibn Wali Barad

Re: Superfish comes with Lenovo consumer products only

True that. Business laptops are a different kettle of fish (pardon the pun). It's the consumer that gets shafted at every turn. But therein lies the danger - if such a behaviour remains unchallenged, then it's just a matter of time when some bright spark will try similar tricks in the business segment.

Solmyr ibn Wali Barad

Re: @Halverflake

"2- you have 0 judge or lawyer on earth who can understand this SSL stuff"

Heck, even a good half of the IT crowd doesn't. Myself included. Maybe there's enough understanding to cope with the daily tasks, but not enough to make truly important policy decisions, or to serve as an expert in legal proceedings.

Which may be a serious problem in the legal matters. If someone's machine is hijacked for a criminal activity, then a false impression of security may become a deciding factor in a verdict. Encrypted drive? Check. Password-protected? Check. SSL? Check. That's a proof beyond reasonable doubt, m'lud. Nobody but the defendant could have gained access to this machine. Throw in an "expert" or two, and it's pretty much a done deal.

If that previous part sounds as a hyperbole - not necessarily so. Germany has a precedent on this. If any cybercrimes are performed from a "secure" WEP-protected WiFi network, then the owner is liable. Not to mention that possession of any "hack-tools" is an offence by itself, and a solid proof of guilt.

Honest mistakes undoubtedly happen. But there shall be no mercy for vendors that are knowingly exposing their customers.

Lenovo shipped lappies with man-in-the-middle ad/mal/bloatware

Solmyr ibn Wali Barad

Re: my E540 is clean

You never had it. Unless you managed to download it somewhere.

"Users report Superfish is installed on the Lenovo Y50, Z40, Z50, G50 and Yoga 2 Pro laptops"

libertysflame.com/cgi-bin/readart.cgi?ArtNum=37137

https://forums.lenovo.com/t5/IdeaPad-Y-U-V-Z-and-P-series/Lenovo-Pre-instaling-adware-spam-Superfish-powerd-by/td-p/1726839

Which is consistent with the claim that only consumer-oriented machines were preloaded with it.

Solmyr ibn Wali Barad

Re: Very effective program

That's a shame. Because X1 is not affected by this brouhaha.

If anyone's using a brandname, or any other marketing label, as the only guidance for making decisions, they'll be mightily disappointed sooner or later. Brands are far too messy these days. Lots of crap is peddled under reputable brands, which in order tarnishes good products. There seems to be an infinite supply of greedy fools, who'll try to make a quick buck by misappropriating a solid brand, despite all the historical failures.

Solmyr ibn Wali Barad

Re: Microsoft hardware

"When you buy a "windows" laptop you get a licence key on the bottom, usually under the battery. This is so you can download a vanilla copy of the OS from MS and install it, getting rid of the crapware that came with the laptop."

No you don't. Not anymore. Windows 8 Large OEM versions do not have a license sticker. Only a SLIC key buried into the motherboard.

And good luck calling Microsoft on that. OEM license keys are not compatible with vanilla. You'll get a choice of buying a new retail copy of Windows 8, or going back to OEM, who will happily sell you a "recovery media" for a tenner or so. With all the "bonus software" included for free.

Exception: if the computer has a W8 Pro license, then it may be possible to get a W7 Pro "downgrade" key from MS. W8 Standard has never had any right to use other versions.

M0n0wall comes tumbling down as dev throws in the trowel

Solmyr ibn Wali Barad

Possible. But may not be necessary. Depends on whether these newer alternatives are good for everyone and every known usage case. Original developer seems to think so, but if anyone disagrees, they can grab a source and get hacking.

Think you’re hard? Check out the frozen Panasonic CF-54 Toughbook

Solmyr ibn Wali Barad

Re: Ok, so..

Probably won't happen. ECC SO-DIMMs and ECC-capable mobile chips are as rare as hen's teeth. And the excuse is - guess what - no market demand. Bugger.

UK air traffic mega cockup: BOTH server channels failed - report

Solmyr ibn Wali Barad

Re: Failure to report reason for shut-down

"there must be some kind of third system that adjudicates when there is a failure"

Yes, but who'll be watching the watcher? And if you get around it by making three systems equal, then one day you'll be looking for a minority report. With Tom Cruise and ginormous touchscreens involved. Har har.

Solmyr ibn Wali Barad

Re: I wonder if

Why boo? He may have his life carved up in a way that he doesn't fancy moving anywhere.

Russian revolution: YotaPhone 2 double-screen JANUS MOBE

Solmyr ibn Wali Barad

Re: I have one

Ah, but we're talking about a perceivably non-cool part. Phone calls? Pah. That's so last century.

If many phone designers tend to neglect it, then we cannot really blame poor reviewers for following the trend.

Brit Linux distro CrunchBang calls it quits

Solmyr ibn Wali Barad

Re: Aww...

Same here, T40 is still going strong. With few tweaks here and there.

Can't stand newer keyboards with small Ctrl and Alt keys.

'If someone in Australia says lick my toad, it's not a euphemism'

Solmyr ibn Wali Barad

Re: Marmite?

End product of fermentation, and end of fermentation. Well, mostly. Only a select few of the fermenting bacteria can live amidst acids.

Data retention: It seems BORING ... until your TV SPIES ON YOU

Solmyr ibn Wali Barad

It has happened before, it will happen again.

TV sets that are watching people? What a novel concept.