* Posts by c1ue

320 publicly visible posts • joined 10 Nov 2015


California commission says Cruise withheld data about parking atop of a pedestrian


Re: In fairness

My last 2 cars were 8 series Audis - they had all around parking sensors.

Literally no other car I have ever driven since then, do. As I don't keep a car now - I rent dozens every year.

Only the very highest end cars have these parking sensor setups all around.

Many/most lower end cars have rear parking sensors these days if you count the rear facing camera. Not clear at all to me if these cars have actual physical ultrasonic sensors as my Audis did; you can analyze the rear facing camera and its "borders" to detect walls or other cars.

The FBI as advanced persistent threat – and what to do about it


Re: Baseband processor

It was either the UAE or Dubai that had a spyware install get accidentally outed. They literally shoved a spyware into every single mobile on their network in the 2000 time frame.


Re: Baseband processor

Not just installation into OS.

The service provider companies have pretty much full access to anything on the phone or coming to/from it.

But this applies to PCs too. That's the beauty of the internet...

Growing US chip output an 'expensive exercise in futility', warns TSMC founder


The commenters in this article seem to

universally be ignoring the fact that Morris Chang was trained in the IS and came out of Texas Instruments.

So he is commenting not just based on TSMC but from his own direct experience of IS based fab operations.

GPU makers increasingly disengage from crypto miners


Re: miners

Cute but wrong comment.

Bitcoin mining is getting something out - the unallocated millions of bitcoin still in limbo. We all know where this bitcoin is and mining is how you get it.

Nor is "useful", the least bit convincing. Gold has very little societal use - its value rests almost entirely on belief of its value. The same can be said for gemstones, art, stamps or any other collectible.

The cryptocurrencies aren't unique or limited - the 5000+ crypto in existence, with one coming out pretty much every week or several days, if proof of that. Nor am I the least bit convinced that even bitcoin has much of a future given its enormous electricity overhead.

But most importantly - there is a basic premise wrong with any attempts to talk about fiat vs. crypto: the law.

Fiat is mandated by law as payment for any debts, public or private. Crypto is not.

Fiat - particularly bank accounts - have all manner of regulatory apparatus around them. Crypto does not.

But, some of this can change and a little has changed already. The existence of CUSIP accounts at major financial institutions to hold bitcoin is one prominent example. CUSIP are custodial protected accounts - traditionally used for stocks and bonds but now expanded to include crypto.

Un-nuanced views on crypto are all wrong. I still think of crypto as nerd art - and bitcoin as (relatively) Rembrandt vs. shitcoins as street corner portraits, but that's just a personal view.

Search history can calculate better credit ratings than pay slips, says International Monetary Fund


I'm sorry to say but your search history is already turned over.

The only question is to how many.

The browsers do it. The forwarding links do it. The ISPs do it. Even the web sites do it.

If I can tell your search history just by forensically analyzing your computer, it means the OS can do it too. Ditto any other software or web app which operates on the same computer.


A greater compilation of idiocy, I have not seen in some time.

We already have an enormous ecosystem of advertising fraud based on bots. These bots build their user profiles precisely through mimicking "good" customer profiles via prime web site visits in order to parlay themselves into good advertising subjects - then go on to harvest ads.

These numbskulls in the IMF are proposing to use DoubleClick/Facebook Pixel type data gathering so that these same fraud gangs can now directly open credit cards and bank accounts.

-10 points for blatantly repurposing an existing business practice as "original research"

-20 points for failing to consider the myriad ways by which their already plagiarized proposal can be abused

This product is terrible. Can you deliver it in 20 years’ time when it becomes popular?


Harris Kupperman at adventuresincapitalism.com called this bubble and even spelled out how it progresses.

Financial arbitrage of the Grayscale Trust, now we're into FOMO by institutions and consumer plus institutional pumping and dumping.

Bitcoin in 2017 was all about Ponzi/pyramid/consumer pumping and dumping.

We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext'


Yet another example of the utter bollocks of "sophisticated, patient nation-state spies" - as opposed to the reality of semi- and in-competent IT setups.

What is abundantly clear is not that the "bad guys" are skilled, it is that their targets are not.

This is pure "security by obscurity" gone bad...

CEO of China’s largest chipmaker 'possibly' resigns over hiring of Taiwanese rival's production guru


Shang Yi is a legend. His assuming an active role in SMIC, if true, shows just how serious that company (and China) are about ramping up semiconductor manufacturing tech and capability in China.

Compsci guru wants 'right to be forgotten' for old email, urges Google and friends to expire, reveal crypto-keys


The proposal seems like nonsense because it wouldn't universally accomplish what it wants to:

Major email providers certainly log and have other forms of metadata on their email users. The effect of publishing keys thus only muddies the ownership waters for external entities (primarily individuals) but not for governments or the email providers themselves, or for lawyers via legal discovery requests.

Worn-out NAND flash blamed for Tesla vehicle gremlins, such as rearview cam failures and silenced audio alerts


Re: Flash wear

As earlier commentators noted: temperature and extra wear due to log files are certainly a factor.

I would bet, however, that the real cause is the fact that Tesla can (and does) access various cameras on the vehicle to fill its self driving data lakes. There is likely both a standard and "pull" type requests from the manufacturer for this data.

Writing and reading pics is a lot more wear than text files...

Ransomware crims read our bank balance and demanded the lot, reveals Scotland's Dundee and Angus College


Attackers sound like amateurs.

Doesn't seem like backups were compromised - plus the ransom demanded was clearly too high.


Re: Backups

Sounds like a law firm.

Just out of curiosity: what is the ratio of demanded ransom vs. losses suffered from the BCI of the restoration?

California backs Proposition 22: Great news for Uber, Lyft as their drivers can work as indie contractors


Just goes to show you: paying over $5 per person in the entire state, will buy you anything...

US govt ups minimum H-1B tech salaries to $208,000 a year, more than startups can hope to afford, say VCs


Startups not being able to afford H1B salaries is a feature, not a bug. Some poor slob coming over in the hopes of a mere 7 year term as an indentured servant shouldn't be working for startups - which fail 90% of the time.

Unless these VCs mean "startups" like Uber...

Another eBay exec pleads guilty after couple stalked, harassed for daring to criticize the internet tat bazaar


Will No One Rid Me Of This Troublesome Priest?

It seems highly unlikely that the behavior documented just arose spontaneously...

Thought the FBI were the only ones able to unlock encrypted phones? Pretty much every US cop can get the job done


Re: @c1ue

At the moment, this is true.

In reality, the storage doesn't require a big VM to mimic. In theory, you can do it with micro.

In addition - if we're talking law enforcement, there are many other ways to crack the nut.

For example: serve an order to the telco. You can protect the phone all you want, but the telco ultimately has 100% access...


Somewhat misleading article.

Here's the reality: a relatively new (~2 years or less) android or iPhone can not be cracked by the tools except via pin brute forcing or via the "services" - basically the companies using 0-days and cracks. And while $1950 isn't a lot for some people - it is a lot for a police department to spend and generally won't be done unless there is a strong need.

Secondly, the report doesn't mention how often the subjects give up their pin. A lot of people will when asked.

For a person who has installed 2FA and also enabled the full security features on the phone, security is going to be good.

To be clear: there is no way to protect anything electronic from an attacker with time and money. The phones can be disassembled and their SSD memories copied - at which point all you need is to know the software architecture and you can run parallel attacks on the cloud against virtual copies.

Notpetya, Olympics hacking, Novichok probe meddling... America throws the book at six alleged Kremlin hackers


Re: Hmmmm.

"reasonable and proportionate"

Interesting that you use these terms when it can be argued that this action is what prompted everyone to "take the gloves off".

Again, I don't say Russia is pure as the driven snow.

The operative statement is: "Let he who is without sin, cast the first stone".


I would suggest everyone read the full indictment.

A number of items are odd: [On or about December 11, 2017, the Conspirators created a malicious "Seoul Bus Tracker" mobile application and registered the mobile application with a mobile application store approximately 1 hour later.] with multiple other apps created and attempted distribution in a very short time frame. Pretty fast work. There is also mention of 15000 web sites defaced in late 2019 - they must be incredibly productive...

Attribution is also interesting: is the "creation date" from just looking at file time stamps? Probably from the app application process?

Then there's the attribution of "creation of components" for NetPetya, Olympic Destroyer etc. The actual charges relate to spearphishing and transmission - there is nothing in the indictment indicating the creation other than the allegation.

The indictment does say that the NotPetya transmission component was via redirecting the web address target for the MEDocs software - makes a lot of sense.

Overall: if you just look at the behavior, it looks like a ransomware gang: spearphishing, network traversal, bitcoin payment for infrastructure etc.

I look forward to see how specific attribution to these 6 people was performed.


Re: The poor GRU

Novichok is so deadly that it doesn't seem to kill anyone but heroin junkies.

Apple's T2 custom secure boot chip is not only insecure, it cannot be fixed without replacing the silicon


Re: FDE & you want to boot that disk on another machine

The point of a real backup is that you preserve the entire environment, not just data. A full disk image does that.

Secondly, a full external image is completely undetectable in-system whereas an attacker can poison your system backup if they’re in.


Some real world notes here:

T2 doesn't just "make the Mac secure" - it also prevents any type of external backup service outside of Apple's walled garden.

For example: a normal computer - you can boot up on Linux and capture a full dd image. This has its uses - for example, this image preserves all of the OS and installed software, as well as data, should something happen to the source computer. A disk failure can be remedied by putting in a new disk and slapping the image on. A computer failure can be replaced with an identical model computer and said image (really, it is the bios/motherboard).

With T2 and FDE - you can't do this. The Mac/Linux file system won't work without the T2 present, so virtual images are right out.

You can mount the image with a "recovery key" a la Bitlocker, but you have to do this ahead of time. Yes, the system is set up so that you can literally not access your own image without going through a specific sequence of events: FDE on, generate recovery key, capture image. Yes, out of order doesn't work (!)

Excel Hell: It's not just blame for pandemic pandemonium being spread between the sheets


Re: If your only tool is a hammer


Excel is powerful because Ajax allows it to reach out and access/do all manner of things.

I've created an Excel spreadsheet that would update, from a web page, the prices of my mother's 300 stocks, because her online brokerage account was so crap to understand.

How else would you do something like that? Particularly 20 years ago...

Yes, you can hire a programmer to slap together something custom - but what a waste of time and money.

Sure, it is easier to work with data these days particularly if there is an XML or similar type feed - but businesses existed before this and the Excel pages are an IT artifact just like the XP laptops fronting 15 year old Xray machines.


Re: I don't think the problem is Excel

The problem is that Microsoft's Excel programmers did a really amazing job of integrating all manner of extra capabilities into Excel.

You can query web pages. You can move data back and forth between sheets and even documents. You can bend, fold, spindle and mutilate cells and their contents.

That's the real problem: if there isn't a 100% perfect program to do something, it is easier to do it in Excel than to do "real" programming to create something custom.

So the real complaint is about Microsoft Excel/Ajax programmers being too good at what they do.


Oh great - now everyone needs to learn to code in assembly in order to tabulate a row or column of numbers?

I'll pass.


Except with Excel - you can stick in a query statement wherever you feel like without recompiling.


The OP is angry at Excel.

The OP apparently would prefer everyone use some specialized tool or language where the operations are utterly opaque.

Excel - you can see and trace everything going on. Not so for "modern" platforms.

Yes, it isn't scalable for Big Data or even medium Data - but it never pretended to be.

Being angry at something which can do so much, well enough, that it is pushed to the limits and beyond is silly since this applies to literally everything in IT.


Re: Relax...

Sorry, but the world isn't made up of data scientist wannabes.

People actually use Excel for things like modeling, tabulation, accounting and so forth.

What price your home delivery? Amazon accused of hiding real injury rate in its overworked warehouses


Sounds nice but the buyer's choice is actually irrelevant.

Amazon makes disproportionately more profits if the same human and capital resources get more done.


Re: *Sobs Openly*

I read it as: Nothing in Amazon Lingo = Profits.

Stop us if you've heard this one before: Crypto exchange cracked, Bitcoin burgled


Re: banks are robbed on an almost daily basis

Totally wrong.

Regular bank account customers are hacked all the time.

The difference is that retail customers in the US (and in many other countries) are protected by laws from absorbing most of the losses, much as retail customers in the US are protected against credit card number theft.

The lack of cryptocurrency exchange regulation - said exchanges being a combination of bank and security exchange/stock exchange - throws out this vitally important protection for the consumer along with all the "red tape" and what not.

Epic, Spotify, ProtonMail and pals rise up as one against Apple's 30% cut, call for end to Cupertino-style markets


Re: Unreal policies

Apple's app store rake isn't "somewhat greedy".

1) If it is payments and fraud protection: the credit card companies do that for 2% to 3%.

2) If it is costs: I looked at Apple's financials for 2015. The app store revenues were higher than Apple's entire personnel cost structure - which includes Apple store leases, Apple store employees, Apple developers for the entire company, Apple's entire sales and marketing people, etc.

The 30% is egregiously more than anything to do with costs - it has everything to do with monopoly access to Apple customers.

The worst thing is: Apple's iPhone business model is identical to the "razors and razor blade" model Gillette uses - except the razor is the apps/OS/email/software while the blades are the phones themselves.

The apps developers put on the app store are a significant part of the hook by which Apple can sell its immensely profitable hardware. To squeeze them is ridiculous.

Ethernet failure on Swiss business jet prompted emergency descent, say aviation safety bods


Re: FCS is not new.

How many true-industrial certifiable routers are there?

It used to take 4 years for 4-16 bit microcontroller systems to get certified for use in cars; I would think airplanes are considerably more at-risk.

FBI boasts of dark-web drug bust: 179 collared around the world, $6.5m in cash and 500kg of narcotics seized


Re: "Legalising a lot of drugs would reduce the value to criminals"

Thank you for your recreational drug promo.

Legalizing marijuana has not dropped the price; the legal stuff is a lot more expensive than the illegal stuff.

Nor has it reduced usage - illegal marijuana is still 80% of the market.

Reality is that legalization generates revenue for states. Period end stop.


Re: Not even a drop in the ocean

Quite idiotic.

The purpose of law enforcement is ... enforcing laws.

It isn't about cost efficiency, nor is the cost to do something the only or even primary criteria.

Laws without enforcement are a waste of time.


Re: Not even a drop in the ocean

I was more or less agreeing with the OP until "legalizing drugs" nonsense came out.

Really? Legalizing fentanyl is a good idea?

It's been a vintage year for bug bounty hunters, says HackerOne as it boasts of $40m+ passing through its treasure chests


$45 million sounds like a lot until you realize that ransomware payments are probably exceeding that per month - maybe even per week.

Ryuk average ransom asked jumped to almost $400K.

Throw in BEC, credit card fraud, PII sales - I think the pay to be bad is still a lot better.

Amazon staffers took bribes, manipulated marketplace, leaked data including search algorithms – DoJ claims


The only question I have is who cracked? It seems pretty clear that a member of the gang gave up the rest of them.

Strap in for the wild ride that is invest.com: A failed legal battle, millions of dollars on the line... and that Yo! app


What a sordid tale of a scam artist. And I don't mean the guy who lost the lawsuit...

Who cares what Apple's about to announce? It owes us a macOS x86 virtual appliance for non-Mac computers


The OP is ignorant.

PowerPC systems still underlie many of the core capabilities in big companies because of its hot swap capability. VMs exist in this case but still cannot replicate the hot swap nor can they replace the big iron original basis.

However, the lack of MacOS VMs is 100% Apple patent trolling.

MacOS is a flavor of Linux - there is absolutely nothing preventing virtualization besides Apple's lawyers.

Worried about bootkits, rootkits, UEFI nasties? Have you tried turning on Secure Boot, asks the No Sh*! Agency


Turning on Secure Boot also makes it a lot more complicated for offline backups.

So - would you prefer defending against the largely mythical nation state attacker (if you are not in the defense industry/intel agency/government official space) or improving business continuity interruption protection against the very virulent ransomware gangs?

AI in the enterprise: Get ready for a whole new era of smart software fueled by mountains upon mountains of data


It is turtles all the way down.

The reality is that AI is still somebody's algorithm - only justified with mountains of data.

The thing is - data in the real world is messy, ugly and generally unusable. Real world data encompasses limitations in sampling, errors in measurement, biases in focus, architectural limitations in model, and on and on.

Until there is actual intelligence - i.e. independent reasoning combined with intuition and reinforced with scientific method, "AI" is pure marketing garbage albeit very useful for killing jobs for people.

Smash-and-grabbed: Chinese AI academic cuffed by Feds after 'binning hard drive' amid software leak probe


Re: Too dumb ...

Yes and no.

People destroying (or at least attempting to destroy) HDs isn't unusual.

People taking out the storage platters and electronics - that's unusual.

Sounds like the black helicopters have come for us. Oh, just another swarm of FAA-approved Amazon delivery drones


I can't say for the less dense areas, but a UPS driver in a major city will have 200+ packages for their route every day.

Just how much money is saved by having each package loaded into a drone and said drone sent on its way?

Just how likely is it that said drones will not collide with buildings, utility wires, other drones, birds, kites, trees and what not?

For rural areas: much longer distances are involved. Sure, the drones can fly "as the crow flies" - but then again maps and survey quality deteriorate in direct inverse proportion to density even as distance traveled increases.

I suspect the operational reality of drone delivery is just not worthwhile - particularly with $5000 geolocation/sensing packages required.

And then there's GPS jammers/spoofers. Why bother with porch pirating when your loot can come to you?

As promised, Apple will now entertain suggestions from the hoi polloi on how it should run its App Store


Re: A larger share ?

Utter bollocks.

I looked at Apple 2015 earnings: the app store revenues exceed the costs for the entire company: store and employees, developers, manufacturing management, salaries for everyone in the company, etc.

The Apple App store is a profit center at 30%, pure and simple.

Visa offers a "free" product at 2.x% of revenue, so it isn't the financial aspect.

It is ludicrous to say that what Apple charges has anything to do with the costs of providing "free" product or the cost of vetting apps etc.

Furthermore, it is the apps plus email, texts etc which is why people buy iPhones repeatedly - so in fact the app developers are a key factor Apple's core product repeat sales: the software is the razor while the hardware phones are the blades.

Amazon spies on staff, fires them by text for not hitting secretive targets, workers 'feel forced to work through pain, injuries' – report


Re: Dystopian Nightmares Inc.

You might ask the same question of why would anyone drive for Uber/Lyft, deliver for DoorDash/Grubhub, etc?

Because there aren't better choices and because there is very expensive marketing.

Uber lied vociferously over what drivers get paid - the $80,000 annual income they were pushing in the early years was later shown to be completely made up.

Amazon: they offer "high" minimum wages, but people don't realize just how debilitating those jobs are. Nor are they jobs which can be handled for very long - injuries and lack of benefits are both later consequences.

Ultimately, these jobs exist because of the hollowing out of employment opportunities in the Western countries: manufacturing to China, services jobs to India, etc. have led to a dearth of opportunity for those who aren't sufficiently middle tier (software devs and managers) to the billionaire overlords.

Global heatmap of cheater density says Brazil is the worst at video games, but there's no data on China


Interesting but not so useful if gold farming isn’t taken into account

North Korean hackers pwned cryptocurrency sysadmin with GDPR-themed LinkedIn lure, says F-Secure


It isn't clear that just "disabling" macros would do the trick.

The interoperability of MS Office between its different sub-areas (Powerpoint, Excel, browser etc) via AJAX is never going to be secure - since AJAX enables delivery via Javascript libraries.