* Posts by Maelstorm

242 posts • joined 14 Jun 2015

Page:

Intel couldn't shrink to 7nm on time – but it was able to reduce one thing: Its chief engineer's employment

Maelstorm

As these chips keep getting smaller and smaller, we are pushing the bounds of physics. That's probably what the problem they are experiencing is. I have to wonder about the reliability of their competitor parts.

Maelstorm
Joke

While Intel has been having a lot of problems shrinking their kit, their petard is impressively small as of late.

WTF is cloud-tethered compute? We're not sure either, but it just made a hype cycle for the first time

Maelstorm
Joke

Re: cloud-tethered compute

In Soviet Russia, you don't go down on the internet, the internet goes down on you.

Maelstorm

Re: cloud-tethered compute

Us older folks remember computing in the 1980s and 1990s. Cloud computing is nothing more than a VM running on a remote server, and yet there is so much hype about it being the next great thing. Running a server on a VM is nice because you can move the VM to different hardware as the situation changes. So now we are seeing a resurgence of centralized computing. Instead of mainframes like the days of yore, it's now clusters running server software on virtual hosts. In the past 40 years, the names have changed, but the concepts remain the same. It's still a form a client/server computing.

Seven 'no log' VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet

Maelstorm

Re: White label VPN service

To expand on that, if the reselling VPN provider uses multiple VPN vendors, each vendor could be logging different things. Then nobody would know who is logging what.

Maelstorm
Joke

In Soviet Russia, you do not log the VPN connections, the VPN connections log YOU.

Twitter mass hacking: Bill Gates, Elon Musk, Jeff Bezos, Mike Bloomberg, Biden, Obama, more hijacked to peddle Bitcoin scam

Maelstorm

Let me guess.... Erotica 1...err...Erotica 2. #1 got banned after that audio surfaced awhile back. He came back as #2.

Maelstorm

Re: Obviously found a security hole in Twitter

Or an inside job. Twitter might have more issues than a few account hijackings.

Maelstorm

Jita huh? Jita as in Jita 4-4? I'm probably one of the few who actually got the reference, if it's what I'm thinking it is.

Android 11 will let users stop device-makers from killing background apps, says Google

Maelstorm

What really needs to happen...

What really needs to happen is for Google to allow root on devices so the users can manage things themselves. Granted, this will cause a lot of problems from ordinary users, but it will solve a lot of problems at the same time.

Baroness Dido Harding lifts the lid on the NHS's manual contact tracing performance: 'We contact them up to 10 times over a 36-hour period'

Maelstorm

Food for thought.

I don't know how it is in the UK (I have read the news), but here in the US, and specifically New York, they are subpoenaing people who refuse to cooperate with the contact tracers. Those who still refuse to cooperate will have a $2,000/day fine levied at them. That should be illegal here, but they are doing it. Probably best if people leave New York.

Linux kernel coders propose inclusive terminology coding guidelines, note: 'Arguments about why people should not be offended do not scale'

Maelstorm

Re: Loaded words replaced by euphemisms

The big problem that I have with this is that descriptive words that are used to define things in code are being frowned upon to satisfy the <1% of the population who thinks master-slave, black/white list, etc... is racist. The question that I have to ask these people is that once you label everything racist, then the term is so diluted that it becomes meaningless.

I for one will not bow-tow to the mob. The code directives stay put.

You may be distracted by the pandemic but FYI: US Senate panel OK's backdoors-by-the-backdoor EARN IT Act

Maelstorm
FAIL

Not Good.

You cannot have law enforcement only backdoors because then everyone would have access to the backdoor and the encryption will be useless. The science says that you cannot have security with backdoor access. You can't change the science. Then there is the issue with state laws. You have 50 different states, and each one can pass their own legislation. This is a bad bill all the way around.

I was screwed over by Cisco managers who enforced India's caste hierarchy on me in US HQ, claims engineer

Maelstorm

If it was me, I would refuse the NDA and the records seal. If they try to enforce it, tell them we are going to trial and we are going to air all of your dirty laundry in court. That might get them thinking about what their next move is. If he wins, then the settlement will be on his terms.

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

Maelstorm
Flame

What the?

So when did Apple start to dictate to the end user about website certifications and how long they are supposed to be? The length of time should be a matter of administration, not being shoved down people's throats. This, and other reasons, are why I do not purchase Apple products. Apple caused this, they should bear the burden of their actions. But they won't, so the rest of us has to deal with the fallout of their decisions.

Faxing hell: The cops say they would very much like us to stop calling them all the time

Maelstorm

Spamming the wrong caller ID

When I worked for the local telco, we had a few complaints where people would be calling in complaining that they were getting called by other people they didn't know. Turns out that the people that were calling our customer received a call with the customer's phone number. So they call back to see what they wanted. It took us weeks to finally track it down. We found a company (who shall remain nameless) near a national laboratory who had an ISDN PRI (ISDN over T1). Their PBX was programmed to send out the wrong number for the caller ID. I ran a protocol monitor on the PRI D-Channel (call control signalling channel, which is channel 24 on the T1) and caught them sending out false caller ID in the call setup message to our switch. How did we resolve it? I got a hold of a manager buddy of mine in Traps and Traces and gave the proof to him. He called them and told them (A manager has WAY more authority than I did) they had a problem and to fix it ASAP.

It went away for awhile, then the problem came back with a different number. This time we had a suspicion of who was doing it and did another protocol monitor and yes, they were doing it again. Did the same thing. It went away for awhile, and then came back a third time with yet another number. I tend to keep documentation about the problems that I worked, so this time, I talked to my manager and told him this customer keeps doing it. So this time, the vice president of Network Operations got involved and got legal involved. They threatened the customer to either fix their PBX, or we were going to the PUC to get authorization to permanently disconnect their service and force them to pay for our time in tracking this down...all three times. Remember, the first time it took us weeks of detective work to track it down, and the company billed at $125/hour.

Maelstorm

Re: Also works the other way round

Or multiple wrong numbers in a row "I keep pressing redial and I keep getting you".... no shit sherlock.

Yeah, that one. I had a few tickets dealing with a brain-dead or defective customer. They called in a ticket saying that they CCO, get wrong number. The give the number, I get someone down in the central office to hop on their line to make the call, and it goes through. So I check the routing tables and such and I don't see a problem. This takes about 30 minutes. So I call the customer to tell them NTF (No Trouble Found). Then they explain to me what they were doing.

That's when you tell them to find the box the phone came in, package it, and return it to where they bought it because they are too fucking stupid to use a phone.

Maelstorm

The thing about a fax is that it's mostly secure unlike email. So if you're sending critically sensitive information, a fax is better than email. In fact, a courier with a sealed package that contains an encrypted disk is even better.

Maelstorm
Joke

When I worked for the local phone company, we would get vendors that called in to help them with their connection to our network. Many of them were clueless. So, a common thing I would do is:

"What's your fax number?"

"Why?"

"I want to send you some documentation."

"Ok. It's ......."

So I draw them a picture and fax it to them. It's insulting, but they never really caught onto it.

Windows Server to require TPM2.0 and Secure boot by default in future release

Maelstorm

Well now....

Well now, this may push administrators to alternate operating systems such as Linux. Not every IT department can afford new server hardware every year. Many IT departments are cash strapped as it is. Now to mandate new hardware when upgrading an operating system is a joke.

Remember that backdoor in Juniper gear? Congress sure does – even if networking biz wishes it would all go away

Maelstorm

And here we go again...

Perhaps this needed to happen to prove that government access only backdoors in software and equipment does not work and end the entire backdoored encryption debate. Having flawed encryption is worse than having no encryption at all because flawed encryption creates a false sense of security. Experts have testified before Congress indicating that the science says no.

Maelstorm

Re: Peace and Quiet

The thing to consider here is that certain members of Congress do have top secret security clearances, such as those individuals on the intelligence oversight committee. The NSA cannot override a congressional subpoena. They can take it to court to get it squashed if there is something truly sensitive, but I doubt that.

Russia drags NASA: Enjoy your expensive SpaceX capsule, our Soyuz is the cheap Kalashnikov of rockets

Maelstorm
Joke

In Soviet Russia, you don't launch the rockets. The rockets launch you.

Maelstorm
Boffin

They knew this was going to happen.

Although I commend our Russian comrades on assisting NASA to get our astronauts and supplies into space and aboard the ISS, this was bound to happen when we here in the U.S.A regained the ability to launch crewed rockets. But with the Crew Dragon capsule costing $55m a seat vs. Russia's $90m a seat, I think that the Russians need to check their math. Since the Dragon can seat 7 passengers, any room that isn't used can be used for extra cargo, supplies, fuel, oxygen, etc.... Plus the Dragon is reusable, so the cost is actually less than that in terms of materials in the long run. The Soyuz capsule design dates back to the 1960s and has had a number of design modifications since then, but it's still the same basic design from back then. This would indicate that the Soyuz design is a good design because that design has been flying for 60 years now. Why reinvent the wheel if something is working?

With that being said, however, the problem with reusable components is that due to the extreme environments that these components are subjected to, failure is always an option. Lessons from the past have revealed the folly of reusing components and the rigorous inspection regime that is required after each and every use. SpaceX must inspect every square inch of every component of the launch vehicle and the capsule before it can be used again. Fatigue cracks have a way of sneaking up on you in metal structures and components. Just ask any aircraft manufacturer such as Boeing, Airbus, Lockheed Martin, etc... about that in their airplanes. I'm not sure what materials the Dragon is made from, but any material will fail over time. Even carbon fiber has it's failure modes.

Additionally, NASA itself is reusing tried and true designs for their new Space Launch System (SLS) which will be the most powerful rocket ever. They are using the designs of the Space Shuttle rocket engines in it. Once again, if something works, why change it?

Brit MP demands answers from Fujitsu about Horizon IT system after Post Office staff jailed over accounting errors

Maelstorm
Flame

As a developer, I take offense at your insinuation that software development is not professional and lacks ethics. When I went through my computer science degree, I took a mandatory course called Ethics in Business and Computer Science. According to the Association of Computational Machinery (ACM), there are a set of rules that all professional software developers. You can read it here: ACM Ethics. Fujitsu is not an American company and I have no idea what their ethics are. One of the major violations here was do no harm. In this instance, considerable harm was done with people going to jail, getting their pay cut, and committing suicide.

I find it ludicrous that in the U.K. legal system that a private entity can haul you before a judge, present evidence, and then have you jailed even though you are innocent. Not only that, because money is involved, there should be audit trails to trace where the money came from, and where it went. Here in the U.S., every transaction is logged. A private entity can call law enforcement and have an official investigation conducted to find the truth. Only then can a prosecutor (on the government payroll) can bring the defendant before the court on formal charges. Furthermore, if they actually took the time to do it, a proper manual audit would prove the computer was in error. The issue is that most people believe what the computer tells them, even in this day and age with all the crap on the internet.

Maelstorm

Re: I sure rightpondian corporations are Jealous

True, but in order to jail someone, the police needs to be called, an investigation conducted, and charges filed by the District Attorney. Then there's an arraignment where the defendant pleads guilty or not guilty.

If not guilty, then the case has to be tried in court. Here in the U.S. we have two different types of trials: A bench trial in which the presiding judge makes the determination and the jury trial where your peers judge your innocence or guilt.

Private corporations must involve law enforcement if a crime has been committed and they want to jail the person.

$5bn+ sueball bounces into Google's court over claims it continues to track netizens in 'private browsing mode'

Maelstorm

Re: Its your choice

Those are blocked at the firewall. If my DNS server needs to look a domain up, it goes to the root servers.

Maelstorm

Re: Forensic analysis of Google Chrome's Incognito Mode

The sites themselves were beyond the scope of the examination. The examination was done to see if any information was saved to the computer using incognito mode, which there wasn't any. Yes, I did run a Wireshark session. The only thing the browser did when starting up was phone home to Google to check for updates. Apparently Chrome does this every time it starts up. Go figure. As for the other stuff, everything is becoming encrypted so it's very difficult to see what exactly is being sent.

The real threat to privacy today is browser fingerprinting, which can more or less uniquely identify you, even in a browser's privacy mode. Plugins such a Privacy Badger work to stop this, but it's quite rampant. You could delete all cookies when you close the browser, and Chrome has such a setting. But fingerprinting is hard to defeat.

Maelstorm

Re: Its your choice

Well, for me personally, I have Google Analytics blocked at my DNS server, as well as a few others that are known...doubleclick.net anyone?

Maelstorm

Re: Its your choice

It's up to the individual websites if they use Google Analytics or not. The user has no control over it. The only thing that the user can do is block the URLs that they don't like, which is a double-edged sword because some functionality of the site may break.

Maelstorm
Boffin

Re: Stupid web developers

That's the bad part of it. The reason why it's done that way may surprise you. It's to reduce the bandwidth for the server, and to reduce the cache space on the client. "How?" one might ask. Well, I will tell you:

Taking my website for instance, it uses jQuery 3.3.1. The file is 84.8kb. I also use Bootstrap 3, which has multiple files totaling 1.56mb. Now since I'm a software engineer, I have all these files and frameworks locally on my server and sends them to the client without having the client pull anything else from anywhere else. So for every client that connects to my server, I'm sending the entire framework to the client. That takes up network bandwidth. My network bandwidth. So websites, in an effort to save on that bandwidth, have the clients pull the frameworks from the framework publishers, thereby saving bandwidth on the server. Furthermore, the browser caches files based on where the file came from. So if 100 websites all use the same frameworks from the same publishers, then the client only needs to download it once from the publishers for the 100 websites that use those frameworks. That saves bandwidth on the client, the server, and the framework publishers. Furthermore, it reduces the amount of disk space used on the client. The reason for this is that only one copy of the framework is in the disk cache. On the flip side, if each of the 100 sites sent their own copy of the frameworks, the client would have 100 copies of the same files on their computer.

That is the main reason why websites pull files from other servers. It reduces total bandwidth consumption on the internet and makes things faster (which is a good thing). As you pointed out, now the framework publishers can track all the users of those 100 sites. So like everything else in life, there is a trade off.

Maelstorm
Boffin

Forensic analysis of Google Chrome's Incognito Mode

When I took a class on digital forensics, my team's semester long project was browser forensics. I personally focused on the abilities of Google Chrome's incognito mode. What I found was that this mode was actually quite good. Starting from a clean browser profile, opening incognito mode, and then browsing the internet visiting quite a few different sites, then fully closing the browser. Using Autopsy, I performed an analysis of the browser profile before and after. Nothing, and I mean NOTHING was saved in the browser profile. Now some information was saved in the operating system's paging file (Windows), but that is outside the control of the browser. However, Windows (and others I'm sure) can be configured to clear the page/swap file on shutdown, so when the machine turns off, there is no trace on the machine at all. The instructor asked if I tested that. And yes, I did.

I'm not one to sing Google's praises, but in this case, the lawsuit is flawed. Google Analytics is used by many websites regardless of the browser that is being used. Therefore, they are going to track you no matter what. Browser fingerprinting is a thing. The ISPs can see what IP addresses you are connecting to, and possibly your DNS queries. If you are using HTTP instead of HTTPS, then they can see that too. The websites themselves gets a whole slew of information when you connect to them. I know because I see it in my server's logs. I also see it in the application logs as well. I don't use adverts on my server, but Google does because that is how they make their money.

Not just its VCS console that's MIA, Atari is a no-show in court, too: Reborn biz ignores hardware architect's lawsuit over unpaid wages

Maelstorm

A few years ago...

I remember something on here a few years ago when Atari invited el Reg to view a console prototype or something. All that the reporter was shown was some pieces of plastic. If someone could dig the link up? I can't seem to find it.

Talk about a control plane... US Air Force says upcoming B-21 stealth bomber will use Kubernetes

Maelstorm
Terminator

You want Skynet? This is how you get Skynet.

Maelstorm
FAIL

I remember an incident...

I remember an incident about 15 years or so ago involving a flight of F-35s (I think). They were flying from Hawaii, USA to Okinawa, Japan. They had to have mid-air refueling to complete the trip, only they didn't. What happened was right when they crossed the International Date Line, the user interfaces of the planes crashed and would not come back. They lost radio, navigation, weapons control, beacons, transponders, autopilot, everything. However, the flight control computer was still functioning since they could still maneuver and the engines were still working...otherwise it would be a REALLY bad day. The planes were equipped with a backup radio and the refueling plane was still in the area. So they flew back to Hawaii with the refueling plain guiding them.

On the ground, they had to remove power from the planes completely to recover the systems. It was found that a software bug manifested itself when the GPS coordinates changed from -180° to +180° longitude. The manufacturer wrote a patch and applied it within two days. They repeated the flight a few days later without incident.

Watchdog slams Pentagon for failing – for a third time – to migrate US military to IPv6

Maelstorm

I can see the push for IPv6 since there are no more numbers for IPv4, and haven't been for awhile. NAT is the main solution here as you can have one public IP address and an entire A block of private addresses behind it. Besides, why does a corporate workstation in an office require a publicly routable IP address when it's behind a firewall? The problem here though is that IPv6 is missing features that IPv4 enjoys. Although it's a matter of software, getting the vendors on board to actually write standards compliant code is like pulling teeth.

Got $50k spare? Then you can crack SHA-1 – so OpenSSH is deprecating flawed hashing algo in a 'near-future release'

Maelstorm
Go

Re: Old devices

Sorry, but at some point you have to cut off support. It's the only way to move forward. If you have equipment with firmware that cannot be changed, then maybe it's time to upgrade that equipment. MS-DOS has been dead for years. They don't even make DOS boot disks for system maintenance any more. Much of the issues with different and strange limitations is compatibility with legacy equipment. The BIOS in PCs is a real example here. This is why UEFI was developed. If a piece of equipment is truly vital, I'm sure if the vendor/manufacturer has enough money thrown at them, they will figure out a solution...maybe even a new controller or new ROM that has the new protocols in it. Either way, this is a software issue.

Maelstorm

I remember in 2012...

I remember back in 2012 a worm was discovered on a computer in Iran. This worm was called Flame or Flamer. It literally spoofed the Microsoft software signing certificate using an unknown chosen prefix attack. This attack was different than the attack vector used in the 2007 paper. So whoever pulled it off used world-class cryptanalysis. What was the result of this certificate spoofing? It made the computer think the update was coming from Microsoft and installed it, no questions asked, when in fact it was malware.

SHA-1 has been vulnerable for a long time. If you have equipment that requires it, then I'm sorry, but you need to upgrade your equipment. As an alternative, why connect industrial equipment to the internet to begin with? That's just asking for something to happen. Best to have it on an air-gapped network so someone has to do an up-front intrusion to gain access.

You're not getting Huawei that easily: Canadian judge rules CFO's extradition proceedings to US can continue

Maelstorm
Terminator

Here's the thing...

I read somewhere recently that Meng is considered to be Chinese Communist Party (CCP) "Royalty." With that in mind, it makes sense that China is willing to go to bat for her. Lying to a bank to get transactions processed to a foreign country to bypass sanctions is a really big no-no. So, if convicted (more on this in a moment), she may face 10+ years at a nice federal resort with all expenses paid. She will get medical/psychiatric care, fed three times a day, read books, watch TV, and get free designer clothes all in orange. The only problem is that she will be spending 23 hours a day in a 5x7 foot cell.

As for getting a conviction by a jury of her peers, remember that she's "royalty." The CCP may send spies and other covert agents to either break her out of jail and whisk her out of the country, or kidnap/bribe/extort or otherwise leverage one or more jurors on her trial to get a favorable outcome. They have to come back with not guilty for her to be acquitted. If it's a mistrial, they can try her again, and again, and again. It depends on how much of her ass the U.S. prosecutors want. Even one trial will take a pretty good bite out of it.

Clearview AI sued by ACLU for scraping billions of selfies from social media to power its facial-recog-for-cops system

Maelstorm
Trollface

Re: The US produces a far superior strain of snake oil!

I bring you the white Bronco. I bring you ... FREEDOM!

That didn't work out so well for O.J. Simpson.

<ducks>

Linux-loving Windows 10 May 2020 Update squeaks in with days to spare before June

Maelstorm

Oh, Thank God!

I found Cortana less than useless. Takes up too much memory and the search feature sucks. I figured out how to kill it and keep it from starting back up...but then Microsoft made it so that the Start Menu wouldn't work unless it was running. Cortana was good for the Master Chief in the Halo game series...not good in real life. I haven't seen anything about compatibility issues with AMD hardware or ATI video drivers since I have an older ATI card (HD 5600 series). As others here have mentioned, I am quite keen to check out the new WSL2 features that are included in this update. Per my usual procedure, I'll wait 90 days before I upgrade.

Pablo Escobar's big bro and former accountant sues Apple for $2.6bn over FaceTime bug

Maelstorm
Stop

The reseller apparently assured him that the "iPhone simply cannot be exploited and will never be vulnerable to future exploits".

Damnit, I sprayed my drink when I read that. No software is bug free. Hell, even Hello World might have bugs in it if the underlying libraries have bugs. Nothing done by man is ever perfect. So the reseller lied to him. He should file the case against the reseller instead of Apple.

As for why people are after him, it's most likely revenge. Pablo Escobar was a really bad guy and ordered many people to be murdered. It's not surprising that one or more family members of his victims are looking for payback by taking their vengeance out on his family members. You can only kill someone once.

Maelstorm

Re: Special accountants rounding?

Actually no.

Here's how Escobar did the maths: The breach of contract itself has cost Escobar $100m to devote extra time and money to protect himself and his family after his location was accessed by miscreants. Apple's negligent misrepresentation of its product drove him to relocate, so that's another $500m in damages. Finally, the emotional and physical toll exerted on the former gangland bean counter also has a price of, erm, $2bn.

So it's 100m + 500m + 2b = 2.6b.

Linus Torvalds drops Intel and adopts 32-core AMD Ryzen Threadripper on personal PC

Maelstorm

Re: AMD vs. Intel: War Games v3.0

The problem that I've had with nVidia was not the performance, but the reliability of their products. Every care that I've owned that had an nVidia chip on it failed within 3 years. I'll go 10 years without replacing or upgrading the video card if it does what I need it to do. So for reliability, I go for ATI, and they have decent performance too. Hell, I still have some old 3dfx cards inside one of my server boxes. And one machine has a Hercules card in it.

Maelstorm

Re: AMD vs. Intel: War Games v3.0

Eh...I'll agree with you there. The thing about AMD though is that they definitely keep Intel on their toes.

Maelstorm

AMD vs. Intel: War Games v3.0

I'm not surprised by Linus's statement. AMD has always been the underdog to Intel, but with a superior product. I remember when the Athlon processor came out and decked Intel's clock. Furthermore, AMD chips, in general, execute instructions faster than Intel with a lower clock speed thereby reducing heat and power consumption. Since AMD bought ATI, AMD has been placing GPU cores on the same die as the CPU. This takes a byte out of nVidia's CUDA because having the GPUs on the same die as the compute cores means that the GPUs can get their data from the same highspeed buss that the compute core do, without the PCIe bottlekneck.

Hey Siri, are you still recording people's conversations despite promising not to do so nine months ago?

Maelstorm

Re: probably far beyond the ability of most people to configure

I've disabled BT on my mom's iPhone and it has yet to turn itself back on. Then again, BT is disabled on all devices.

Apple, Google begin to spread pro-privacy, batt-friendly coronavirus contact-tracing API for phone apps

Maelstorm
Terminator

Bluetooth

I've never used bluetooth. It's disabled on my phone, so the app isn't going anywhere. Besides, they can't force you to install an app if you don't want to. So this is doomed to failure anyways.

Maelstorm

Re: re: should be self-isolating

Well, I'm sure the government can find out who it is by getting the assigned phone number off the phone. However, with the latest changes in Android with respect to privacy, that might no longer be an option.

Now there's nothing stopping the PATRIOT Act allowing the FBI to slurp web-browsing histories without a warrant

Maelstorm

At least the machine that I have doesn't have a back door in the CPU. Still though, nobody really knows what is really in the CPUs of these newer machines except the CPU manufacturers themselves. Even then, the different groups of computer engineers don't really talk to each other. These capabilities have been marketed as a system management ability. So the intent is that if you have commodity hardware in a data center, you can remote manage the machine even if it's powered off. I have a Sun Server here which has that capability. I can turn the machine on and off by connecting to the ALOM and giving it commands.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020