Posts by OldCrow 40 publicly visible posts • joined 3 Apr 2015
One of those older version-control systems that imitated a physical pile of cards. A check-in removes the file from your disk.
I'm sure it had SOME kind of logical reason for doing that beyond trying to imitate carbon-copy shifting, but I wouldn't know what the reason is.
The actual reason for rubbernecking, is the off-chance that the accident DOES have something to do with you. He saw the lights from his home, so he had higher than average reason to believe that he or someone related may be relevant.
Also, if the police had been there for any other reason (and thus not in need of the chopper), then checking out the situation with a drone, as opposed to turning up in person, would have been lauded by most people on the scene as the right choise.
The FreeRTOS itself does not have an integrated TCP/IP stack. There is an official stack available, but it's only free if used on certain hardware. If you use an MCU that's supported by the OS but not the stack, then you'll have to pony up or provide your own TCP/IP stack.
TL;DR: the flaw is not IN the FreeRTOS. It is beside the FreeRTOS.
Case in point, the bugs in this article do not touch my current employer's products. For while we do use FreeRTOS, we use a different TCP/IP stack; one not listed here. (No, I'm not going to tell you which one.)
we aren't getting the full story yet
Uhh... yes, we are. Getting the full story, that is. The full story is: "China switched out a memory chip. Did a delayed BIOS driver-switch attack." (Vector is actually named Microsoft Windows Platform Binary Table, not Superfish, which is a separate piece of malware. My apologies for mixing them up.)
You can get full control of the server just by making it load an infected driver before OS boot, via e.g. UEFI option-ROM.
Let's arm-chair-design a recreation of this exploit, and see how close we get to the real thing, after all the facts come out, shall we:
1. Since the BIOS/UEFI is still loaded from an SPI FLASH chip, which is in a very standard form-factor (read: wastefully large blob of plastic around a tiny FLASH chip), it's easy to make an identical package that houses 2 memory areas.
Switch the memory areas after 100 hours of power-on, or after 20 BIOS-loads. Now you have control over the BIOS boot sequence AFTER the board has been tested and installed in location.
2. Next, let's make an USB flash drive, but package it like a USB over-voltage-protector diode package. One of those small ICs that you see hugging the USB bus near the connector, in any properly designed circuit board, protecting the other ICs from your static-electricity-laden fingers.
It'll be the largest over-voltage protector you've ever seen, but it'll still pass inspection.
TVS diodes come in many packages. A government-standard suppressor package may be larger.
Again, activate after 20 power cycles, if (and only if) there is no other device attached to the USB bus.
3. Leverage one of the well-documented standard ways to do a Superfish on the Windows installation.
4. Profit.
Edit:
Scratch that. Just do a proper Superfish after switching the SPI chip memory areas. No need for the USB drive after all. Left as-is for posterity.
@AC:
"But the Jews have NO RIGHT to steal land that they lost 2000 years ago."
You mean the land that the Jews bought 3 times over the last 2000 years, with money and gold? The seller always got the money, but never got around to handing over the land.
The land that has always housed a population of Jews, from biblical times to this day? The land of Israel was never completely devoid of Jews. They just weren't allowed to govern themselves until now.
"in 1967 they stole a load more"
In one of the wars waged to wipe them out? Hell, if someone was trying to kill me just for my lineage, I'd was some compensation for my trouble too.
I'm well aware. And I don't even assume that they're using Linux or other full-fat OS. (Although they should.)
I'm also guilty of writing not just one, but two different HTTP servers for specialized hardware.
But for a product with this kind of volume (and a number 4 right there in the name), you'd think that stability'd be high enough on the list of requirements that they would use a proper library, instead of apparently parsing all the headers by hand.
Re: _By the way, you would be surprised just how many legal weapons are with the population in some Western European countries. Finland, Germany and Switzerland come mind straight away._
Actually, Finland should not be in this group.
Government records of firearm ownership count every re-sale of a firearm as a new weapon, and fail to record disposal/de-armament. Plus, when the records were combined from prefectures, a lot of guns were just plain counted twice. So, the official statistics show 10x-20x the real gun owneship rate.
The Finnish government is anal-attentive with every other database. But the politicos prefer to give a bloated picture of gun ownership, so this database is left as-is.
On a totally unrelated note, changes are now being made to law that will end private gun ownership totally (while government is trying to pretent otherwise), so the point is moot anyway.
To be more specific, netbooks used to have have 2-4GB RAM. These numbers look like re-purposed Windows netbooks.
Windows 8 era netbooks also came with eMMCs of typically 32GB of size, which is patently small for W10, but is plenty for Debian or Ubuntu.
History:
I have a HP Stream x360: https://www.theregister.co.uk/2015/04/06/review_hp_stream_x360_convertible_laptop
1366x768 screen, Celeron 2-core, 2GB RAM and 32GB eMMC. All soldered to the board for zero upgradeability.
I ran Debian on it, until GNOME bloated itself out of the RAM. I guess Ubuntu might still run on it.
However, I opted to buy a bigger machine instead.
Originally, the Stream came with Windows 8. But even the original installation used up 15GB of space, and W10 sure didn't get any smaller. So, a lot of the Ubuntu installations may be similar post-W10 throw-aways re-purposed.
Or better yet, they could finally EOL serial-attached-mouse support. Or at least provide an off-switch that actually works.
We keep losing USB-UART dongles. Once they've been recognized as a mouse, they will never work as an UART dongle again. Have to get a new one, that this particular Windows installation has not YET deemed to be a mouse. Again and again. A real BOHICA.
There's a reason for that.
The flaws can only be exploited on platforms that run untrusted code. I.e. javascript, Flash, et.al. . BSD variants see mostly server use, so are not that much affected.
If I'd been in Intel's shoes, I would have included Adobe and Mozilla on the short list. But that's the only change I'd make (off the top of my head).
An OS where the user can't install random crap from a phishing email approaches Windows 10S or iOS in lockdown. Usability suffers as a consequence.
This is also wasteful. For protection from legal liability, it is sufficient that the machine can not be compromised without user error (i.e. user's assistance).
A likely path forward for Intel (et.al.) is to add a dedicated core with an "untrusted software" mode. This mode would disable speculative execution. Further, the operating system will have to be aware of these "untrusted processes / threads", so they can perform threat mitigations (that are now performed for all threads, sapping performance).
Of course, software such as browsers would have to support "untrusted execution" by declaring their javascript engine threads as such.
Anyone willing to make bets?
I would. By these easy steps:
1. Submerge whole hose in water, so that no air remains in hose (bucket must be large enough).
2. Squeeze or otherwise block one end of the hose.
3. Pull hose into position (out the nearest window is usually best, as sinks are typically installed too high, relative to bucket).
4. Release blockage from end of hose.
5. Enjoy, while the bucket empties itself.
Who primes any kind of hose by sucking on it, these days? Almost no liquid is anywhere near safe for your lungs or stomach lining. In some places, not even tapwater.
Well now. Seeing as the alternative, the current state of things, is that Windows 10 "Bog Standard" regularly loses sound playback and/or recording ability, as a result of a "background" driver update. Regularly, yet unpredictably...
I, for one, would much prefer a yearly full installation of the latest build, if it keeps the sound going when we have a 200+ person audience.
@ matjaggard
>Written an HTTP server for Cortex M twice? Here's a wheel, can you invent something for my car to put on the axels please?
So we can safely assume that you've never made software for mass-produced small objects with price and/or safety constraints?
@ Yet Another Anonymous coward
Ooh! I didn't know S.O. baked their own silicon. Tell me more? </sarcasm>
I imagine that S.O. maintains their own servers and codebase. Accordingly, they would have more sysadmins and Ruby developers (ref. Atwood's blog) to bounce things off of, than C/C++ folk.
Further, the algorithm modeling salary development is going to be based on data from U.S., so the maximums are going to differ from e.g. U.K.. Further, unless they paid someone for better data, the (croud-sourced) data-mass that they do have is going to be rather heavily reflecting the S.O. power-user base. Since nobody else bothers filling the questionnaire.
No Embedded or Driver development either.
Are we getting silo'd in our branches?
I mean - I can see how Stack Overflow is would be biased towards Web development, seeing as they are a web-based entity.
But... I do C/C++ for ARM Cortex-M MCUs so small that they usually don't have an OS. But whenever I happen to meet software engineers from other disciplines and happen to tell them as much, half the time their immediate reaction is bewilderment; they can't imagine a system without a full-blown OS or a file-system.
I can see how Python could be rising in popularity - among web developers. But I've yet to see a Python compiler for an ARM M0+.
..Then again, I have written an HTTP server for a Cortex-M. ...twice.
@Lee D
The slow downloads of large files get more noticeable, because general browsing tends to gain speed from an SSD. It's a known side-effect of modern browser cache usage patterns.
Hell, I sped up my own browsing experience by disabling caching. Turns out, my internet connection has a smaller latency than my ancient spinning-rust-disk.
@Youngone
I've heard good things about this one called "Raspberry Pi". An odd name, but apparently has a good HD camera, and a variety of software packages to choose from. And it's still being manufactured, too, with version 3 apparently now out. So you should be able to get software updates for it for some time.
@ AC
>"My son took an interest in horticulture and grew some very interesting plants in the garage."
This assumes having a garage, which puts you in the... something percentile.
We, the proles, do not have a garage. In fact, I do not own (or directly rent) a single piece of land. I have an apartment, in a complex of 300+ apartments.
I have 78 m2 in which to express myself (in Finland). UK average is 76 m2. Hong Kong average is 45 m2. I have seen families live in less than 20 m2. I have heard from the news that there are apartments of less than 2 m3 (yes, cubic) in China.
And you can forget trying to use the public areas for anything constructive in places like Beijing.
The trick is to give the kids something constructive to do, literally. The opportunity to create something.
But that's hard to do even here. The only creativity-encouraging toy I can find in the shop is LEGOs. There are no longer any "Little Chemist" or similar experimentation sets available. You couldn't even weave wicker baskets if you wanted to, unless you live somewhere with ready access to suitable raw materials direct from nature; no shop sells them. And under-18s don't shop in eBay.
And if that's hard here, where I can access eBay, imagine what it's like in the metropolii of mainland China.
So can you blame the young ones? When the alternatives are electronic entertainment, and getting bored out of their minds?
That's the real question here. A workstation that hangs up and/or reboots for updates regularly is useless. So they can't expect many sales if they keep the mandatory update schedule.
But on the other hand, if the mandatory updates are lifted, then people and businesses may start to use this version for everything... depending on the price.
Try a network switch, a fiber-to-copper converter and power supplies for both, all zip-tied and taped together into a single lump with cables sticking all over. I had to carry that through the airport security in Amsterdam.
Was afraid of it needing a good explanation sooner than later, so put it in the carry-on bag. They looked at it once, asked if I was MacGyver, and would have waved me right through if the swab-test hadn't given a positive for something. Re-test was negative, though, so passed right after showing a card with the word "engineer" on it.
Thing is, Amsterdam had the "all electronics separately" rule in place already. But the security actually had the training and/or brains to see that the clump had nothing capable of exploding. In the U.S., I doubt I would have flown on the same day.
@45RPM
True, that part may have been uncalled for. As they are, in theory at least, no longer a monopoly.
Point still stands, in that with 10-S they'll start charging for what used to be the "Accessories" menu.
If submitting your software to the store is no longer free (at some point in the future, if it's still free), then there will be no free replacements either.
"Mom & Pop" will never have the know-how to install Linux. Most of today's youths don't have it either, since it's not necessary for survival in the short-term.
The whole idea of "support for a CPU model" is, for the layman, absolutely insane.
The CPU is supposed to execute instructions. From a well-defined instruction set. What is there to support?
Then one day, my oh-so-expensive education revealed the horrible truth to me, in the form of the Intel CPU Errata documentation. I was enlightened. And horrified. Very, very horrified.
So, Intel "not supporting" the CPUs means that they'll no longer:
a) Accept more issues found, to their list of errata
b) Write examples and/or OS modules that side-step the processor's defects
c) Update drivers for the CPU's built-in peripherals
As far as I understand, all of the above activities should be rather complete by now anyways. So I think I shall continue the use my Debian netbook for the foreseeable future.
Do bear in mind that the americans have a good reason to fear their own government. The average U.S. police officer is likely to have zero firearms training on any sort of regular basis. So if a police officer draws a weapon and you stand still, you have a high risk of ending up collateral damage. And if you run to cover, you have a high risk of being shot at. So the only safe response is to shoot the police first. </joke>
Jokes aside, unless TSA agents have a much stricter training regime than the american cops, you can't really hold them accountable for missing stuff in luggage. After all, with no education towards real explosives, you can't demand that they'd recognize one when presented. Nevermind something more exotic, like a properly hidden blade. So it is perfectly understandable that passengers would want to carry some extra security with them. On the off chance that the terrorists try to hijack the planes, like they did on 9/11.
Except in Europe.
I get 10Mbps cable as part of the house utilities in my current apartment. I get 10Mbps 3G for 13e/month with data cap in tens of Gs and then throttling.
In my student times I got 1Gbps straight to the local backbone from the student dormitory.
An Intel i5 costs 250e minimum (including VAT) here, to give a scale of electronics cost.
For casual/RPG games, I could live with the lag.
I get along with 10Mbps 3G connection. Shared by all my computers.
Got it when moving last time, since I figured'd have to wait at least 2 months to get a cable. But I never got cable even ordered before I had to move across the country again. So glad I decided on the cheapest option.
13e/month (approx. $15 USD) plus the cost of 3G dongle and SOHO router (300e).
Had to choose between the 3 companies (in the whole country) offering 3G.
Finally settled based on who had least strings attached to the deal.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
