* Posts by cantanko

10 publicly visible posts • joined 25 Sep 2015

Millions of Gigabyte PC motherboards backdoored? What's the actual score?


Re: You missed a question.

Can confirm - running one of the listed boards and Bitlocker. Deleted file, confirmed it was gone, rebooted, still gone, rebooted again and it was back. Domain now intercepted via DNS and the service disabled, but still very unpleasant.

So according to recent shenanigans you can have Asus but no warranty or Gigabyte but firmware-enforced back doors. What do we think ASRock or MSI are going to do?

Supercomputer lab swaps lead-acid UPS batteries for alkaline gear


Apples for apples?

Stories that just parrot the PR release really frustrate me. OK, fine, bring it to my attention, but perhaps enrich it a little and do better than the original? It's very frustrating when you have quantities (5200 alkalines) compared to weights (20000lbs lead-acid). Also, energy storage amounts? The original press release you reference has this data verbatim for the new cells: Why not just include it (1MWh for 5200 cells, meaning ~192Wh/cell)? Otherwise just post the link to the press release :-D What about the relative energy density? That's NOT included in the press release - why not ask? That _would_ be interesting.

Rant launches Eric Raymond's next project: Open-source the UPS


Re: Lack of clue

LiPo wasn't mentioned - rather LiFePO4 - Lithium Iron Phosphate. Used for traction batteries in many EV conversions as you can beat on them all day and rather than have a LiPo temper tantrum, they just sit in a corner and sulk (and bulge a bit). Very different technologies...

Newsflash: Car cyber-security still sucks


Not exactly novel...

Ask any owner of a P38A (1994-2000) Range Rover: _ANY_ 433MHz-ish signal would wake up the body electronics control module, energise the dash and so on, just in case it was an actual valid unlock command, draining the battery in the process. Seem to remember there were many after-market companies modding the BECM to prevent this. Many others just chopped the antenna so you could only unlock the car whilst being right next to it :-D

Intel Atom chips have been dying for at least 18 months – only now is truth coming to light


First gen 22nm FinFET / 3D transistor / whatever?

Can't help but wonder if it's a "version one syndrome" type thing - not sure of the chronology, but the process node and the tech used seems to fit...

Sony kills off secret backdoor in 80 internet-connected CCTV models


Looks like it was known about in 2013...

One of those hashes is a near googlewhack - the top result shows someone in a forum searching for a plaintext version back in 2013, so presumably one can assume they've been open to the world since at least then...

Arista CloudVision Portal bug revealed, plus evidence it's been used


Intentional typo?

bundle vs bundles in that example: not sure the published grep would catch it as the sample output is missing the trailing "s"...

Bundling ZFS and Linux is impossible says Richard Stallman


Re: @boltar - Question

I seem to remember that the nVidia drivers use a shim that is compatible with both GPL and nVidia licenses. As it's only the shim that compiles against the GPL code, the issue is sidestepped (again, IIRC)

Hacker predicts AMEX card numbers, bypasses chip and PIN


Don't think for a minute it's only AmEx...

My UK bank, who for the moment shall remain nameless, presented me with a predictable replacement card number which the original scammers tried to predict in a subsequent phishing e-mail.

All the bank did was increment the second-to-last digit and recompute the final Luhn check digit. Turns out that most card numbers are in the format AAAA BBBB BBBB BBCD where A is the issuing bank's range, B is the card account number, C is the (sequential) issue of the card and D is the check digit; i.e. the only thing that changed between cards was digit C being incremented.

Very, very uninspiring. Went into a bank branch with a pad and a pen to explain this to them and ended up on a videoconference to someone somewhere. End result was a completely new card number being issued, but it took a lot of shouting to get that done...

Official: North America COMPLETELY OUT of new IPv4 addresses


IBM's /8

IIRC, IBM's isn't even advertised; and from memory the range is used by zOS / whatever they're calling it now for inter-mainframe comms on private networks. I understand they don't _need_ it, but allocating it to someone else and suddenly making it routable might cause... entertainment, shall we say, for zOS users :-D