Posts by AndyFl

all chargers?

Secure boot seems a bit excessive in many cases.

Simple chargers can easily run with a PIC or Arduino. They are probably adequate for reading and transmitting RFID tags too.

Card readers are more of an issue but in many cases this is a standalone subsystem which does all the security internally.

I guess that we have to be more careful with a DC charger but the car should protect the battery from abuse and disconnect it if there are issues.

I don't think a full blown OS is appropriate in many cases. A small embedded system would be more reliable.

A story where the manufacturer responds reasonably to a (in)security report

Most software stuff has bugs, at least this wasn't a gaping hole in the system as it required a fairly high level of skill to exploit.

The great thing was they didn't shoot the messenger.

No need to compromise their systems

They had already misconfigured the server to expose all the details anyway.

This is one of the cases where the ICO should hang them out to dry. I'm not holding my breath though as the ICO always appears to be more than a little toothless.

Brought back memories

He certainly was responsible for some interesting products. I have fond memories of my Sinclair QL.

I also still smirk at the memory of seeing a C5 vehicle being closely followed by a large truck on Elizabeth way roundabout in Cambridge. I'm pretty sure that the only thing the truck driver could see was the flag flying jauntily on the top of a pole attached to the rear of the C5.

Sorry to see him go.

And the company is...

"Dark Matter" based in the UAE.

See the story below for more details

https://www.reuters.com/investigates/special-report/usa-spying-raven/

A few years ago I was working in the UAE and my company had to buy some wireless gear from Dark Matter. The guy who brought the stuff over was from the USA, completely full of himself and to be honest, an arsehole. We had to endure him boasting about being ex-intel before he actually handed over the goods.

The radio equipment wasn't anything that special either - just a SDR based spectrum analyser.

Wiring regs

Part P of the UK wiring regulations, AKA "Approved documents" effectively mandates that all installations have to meet BS 7671. Almost uniquely this BS is not free to download and has to be purchased from the IET at about 100 quid a copy.

In other words the legally mandated UK requirements for any electrical installation are owned/published and maintained by a private organisation (IET) who restrict access to either their members or the public only on paying a lot of money for a frequently changing document.

Don't get me started on the Part P mafia (NICEIC and NAPIT) who act as gatekeepers to the electrical industry.

What was that comment about Regulatory Capture?

Andy

Would have been nice to remove the PSUs and fans

Crush the ASIC boards etc - no problem but the fans and PSUs would be useful for a lot of other uses. I assume that wouldn't have made such a good bit of film though.

All part of the plan

"Neither is a robot uprising. "I don't think that's going to happen any time soon," answers Kottege with a laugh."

That is what the robots want us to think whilst they prepare to take over the world.

ROTM

Just what is the poop capacity of an unladen sparrow?

Not very much but the poop capacity of a fully laden sparrow appears to be considerable :)

(edit: corrected typo)

Authors of paper don't understand GDPR.

In the referenced paper the authors recommend that users are provided a mechanism to opt-out of the data collection. The whole point of the GDPR is that consent has to be willingly given without cohesion before data collection - in other words all systems have to be opt-In with the default that data is not retained.

The protocols in IEEE 802.11bf are being developed on the basis to maximise data collection without any mechanism relating to signalling the prior consent of the data subject being intrinsic to them. This will give problems in the future when it is eventually rolled out.

In the US personal data appears to be the property of the person collecting it not the data subject which is the opposite of the European approach. I'm aware of recent legislation in some US states which is starting to move the default towards opt-in but there is no fundamental right not to have your data collected.

Ship has not been refloated

According to Lloyds List at 17:00 UTC the ship has NOT been refloated, partly or otherwise and the owners have just gone open form with the salvers.

https://lloydslist.maritimeintelligence.informa.com/LL1136229/Suez-Canal-remains-blocked-despite-efforts-to-refloat-grounded-Ever-Given

Proper redaction

Looks like ElReg should get good marks for properly redacting the images in this article rather than just publishing something containing an additional layer with black rectangles. I have to deduct a couple of points for the horrible webp file format :)

The only really secure method of redaction is to mark up the page, print it then take an image of the printout. This guarantees no metadata which might leak sensitive data.

Paper is best

Paper based contact tracing is by far the best as it maintains anonymity as much as possible in that the details are only looked at and transcribed into a database if there is an outbreak in the venue. If nothing happens then they can be destroyed after a few weeks. It isn't a big job to transcribe a few handfuls of paper records if there is an incident.

A centralised system which captures user details directly into a database is open to abuse by lots of organisations at the click of a button or a demand under the 2000 RIP act or it's later amendments. Just how much do you trust the local authority or various "law enforcement" bodies not to abuse private data. There is also not an insignificant chance of the entire database leaking into the public domain with names, addresses and phone numbers!

Then there are issues about the apps themselves, their security, liability for data loss then phone data connectivity and the vague hope/expectation that everyone actually has a phone with a compatible version of OS and a functioning battery!

Lets just keep things simple please.

Could be regarded as a public service

Whilst I don't condone vandalism this is definitely better than the alternative where the data is copied and mined for any "interesting" personal information.

OneWeb is probably for comms rather than location

OneWeb would make an excellent upgrade for the UK Skynet and other government VSAT services around the world. By spending $500M the UK will have priority access on a global, high bandwidth satellite network. Also having a partner to flog spare capacity to other users they might even make a profit on the deal! You would have difficulty shoving more than a couple geostationary satellites up for that money.

I don't think the location services figure high on the priority list for this project, it may be possible to upgrade some of the satellites in the future before launch to add high accuracy clocks etc, but that would just be "icing on the cake" if it could be made to work.

The only thing they really need to do at this stage is to move the command/control infrastructure to the UK and harden the network.

It all looks like a really good deal, I can't remember the last time I said that the UK govt did something good, but this is a tick in their favour.

The product sheet is hilarious

They have a product description on their website:

https://5gbioshield.com/wp-content/uploads/2019/12/5gbioshield-description-en.pdf

It has gems like

"Current studies demonstrate service life as long as the unit is not damaged or defaced."

and

"No overdose or adverse effects are possible in the presence, even for a long period of time, of the USB Key".

No possible overdose because it bloody well doesn't do anything!

Great news for the environment

What is with all the sour grapes around ElReg?

Guy puts up USD 10B for environmental causes and everyone starts to complain. I don't care where it comes from but a lump of cash that size is likely to make a difference in science and engineering. I say "thanks for putting up the money".

Rather than complaining let's have a discussion on how best it can be used and how we can get more money from any sources to add to the pot.

Anyone remember the comments when Bill Gates set up his foundation with his wife? That has changed the lives of more people than I can count.

Dirty pics are not relevant

He may or may not have knowingly hosted child porn pics. It certainly wouldn't be the first time something was unknowingly embedded in a large archive of stuff.

However that is not relevant to the CIA charges which, on the face of it, appear to be somewhat contrived and if they are to be believed make him out to be some sort of super BoFH,able to remotely restore systems to previous configurations, exfiltrating all sorts of data, hacking files then restoring the systems to a previous state whilst nobody noticed and moving his fingers on he keyboard at several times the speed of light. They may have other evidence which they are unwilling to disclose at the trial and what is being described is the remainder left over from it but if they don't up their game then he is likely to get off whilst everyone is laughing at what they are presenting.

Why does it feel a little like what is going on between HPE and Lynch? They got upset with him having bought a pup then spent their time trying to find reasons to sue him and eventually managed to cook up something that the US DOJ could use to start extradition proceedings with whilst there was an ongoing civil trial ongoing.

I think both stories have a long way to run and look forward to watching them develop.

Who to believe

It is a sad reflection on the current times that I believe things said by the USA White house occupants slightly less than the Chinese.

Back doors in Chinese Huawei equipment? Probably

Back doors in US routers (Cisco, Juniper etc)? Probably.

Loyalty used to be a two way street, not to be confused with grovelling to the current president. How on earth did we end up in this situation?

End of term

It is the end of term, half the students will be away from the university, foreign students will be home for the holidays. Anyone working on an assignment will be screwed until they go back after the Christmas holidays. I also wonder if there are any "distance learners" - they will not be happy travelling to the University from wherever they are just to reset a password. I *hate* 2FA but this is one of those cases where something like that would help things.

I'm doing a Masters at Brunel almost 35 years after I first graduated. The whole place is wedded to Micro$oft without a Linux machine in the place. I don't think the IT support department even know what one is. Really disappointing.

What on earth did they do with the money?

It doesn't cost GBP4.5M to design and manufacture wireless light switches and the associated backend systems.

Off the top of my head I would say a team of 5 competent people (1xelectronic, 1xmechanical, 2xsoftware, 1xmanglement) could do it in a year without too many long days. Manufacturing setup and tooling for the plastics would be less than GBP200K plus GBP50K for testing. Say about GBP 500K for the lot. I'm not including marketing or production costs because they would be covered by the actual orders. If they have a backlog of orders then they don't need to spend a lot on marketing etc.

I'm sorry, but it sounds like they wasted the bulk of the money on things other than actually designing product.