* Posts by chuckrman

9 publicly visible posts • joined 16 Nov 2016

Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks

chuckrman

Re: Just when I thought about upgrading...

Part of the problem is the cross sharing of IP with Intel and AMD. x86 is Intel IP and x64 is AMD. So often times because the basic architecture is the same x64 on x86 you will see similar holes in both manufacturers (there are nuances that separate them). The only way this really changes is if we can come up with a new standard away from x86/x64. However that means backwards compatibility and no one wants to kick that hornets nest for fear of sales loss (my opinion).

Don't touch that dial – the new guy just closed the application that no one is meant to close

chuckrman

Re: As a young broadcast engineer, unschooled in IT at the time

Agreed. A lot of what we take for granted as part and parcel of operations had to be learned from mistakes. Institutional knowledge is a thing which is why I think companies/governments/etc. are struggling right now with all the outsourcing. No matter how much documentation you provide me when I come on board, I can't digest it all and be the perfect employee day one. In the mean time you have a gap that the position I was hired for was intended to fill. Throw in the tight budgets reducing or eliminating redundancy of staff capabilities and you are treading a fine line of failure and success.

Risk management was not taken as seriously say 20 years ago as it is now. and I am sure this was an incident that caused change (as was related at the bottom of the article). Was the change perfect? Not likely but you have to start somewhere and re-architecting a tried and true process is NOT something done over night. And may be deemed too risky versus improvements to the existing process.

When the IT department speaks, users listen. Or face the consequences

chuckrman

Re: Beautiful

I agree completely. IT is here to support the business and is not the business itself (unless IT services is your business). Now given the limitations of the technology at hand I can understand that sometimes you have to rely on the user doing "the right thing" but, in general, I would have measured this as a risk and would have looked for a compensating control. Perhaps a script that was run once a day to copy the contents of the "My Documents" directory to the mapped home drive as these should be known variables. As someone earlier in the comments mentioned OneDrive, a nice aspect of this service in locations with the appropriate enterprise agreements and infrastructure you can use GPO's and have directories directly replicated up to the OneDrive as appropriate. While we can't hold the end user as having no responsibilities, we should be looking at common risks and trying to address them as commensurate with the value of the loss.

We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?

chuckrman

Can't say that I agree at all

The point of the scoring system is to draw attention to the bloody obvious. In general it works for reasons already stated in the comments. Because it is simple enough to understand.If your organization actually takes risk management seriously, it has in-house staff to do the the scoring in the context of how it affects the organization. Risk and threat modeling is not something I would expect someone outside my organization to understand as far as it applies to my organization because they lack the information to do so. I would not expect any agency or a third party organization to do a valid scoring for my organization as a general rule (auditing etc not included). They can't and even if they could it would not scale to try and keep such a vast library up to date. The simplicity scales.

Greatest threat facing IT? Not the latest tech giant cockwomblery – it's just tired engineers

chuckrman

Re: Some weird comments on here...

Some of the pride may be a result of for whom and why. I have pulled 100+ hour work weeks I am very not much proud of because it was just a band aid over a problem and I just burned out. Other times I have pulled those weeks because there was a legitimate concern or event that no one had thought of and the risk of failure was high. It is those days that I take pride in being part of team that really brought things together under extreme circumstances. The former was often due to lack of staff, sudden departures of poorly treated staff, or just really bad planning. The others had to due with what fall under the "acts of God" sort of thing, On those cases we had follow-ups and lessons learned which prepared us for next time.

Samsung pulls sheets off costly phone-cum-fondleslab Galaxy Fold – and a hefty 5G monster

chuckrman

Everything is worth what its purchaser is willing to pay for it

I feel this gadget falls into the category you have so marked. It is not directed at a specific need (that I am aware of) but is an expensive toy to me because it is not in my budget range and does not offer a feature that I would need over my existing phone.

/rant

However, I feel that you are incorrect in making the statement "so much for so little" without context. The use of "so little" is subjective without any qualifications. Someone may find that the increased screen size is worth every penny spent. This is because their qualifications are different from yours. I dislike the idea, particularly on a tech site, that it is too expensive or doesn't meet the need when neither have been defined as a qualification. It is merely something on offering and it would appear that it is not targeted as a device for everyone but a "premium" device. It is fine to make a prediction like "I don't expect this to sell well because its cost is high compared with most phones in the general population" as that is including a qualification to demonstrate why you have your point of view. Nothing wrong with having one but just making a broad statement without backing it up does not contribute much to the discussion. It is these types of devices that can open up new use cases or demonstrate an idea that needs maturing. I often hear the complaint that I wish my screen were bigger when the people around me are using their smartphones. While finger gestures allow in some cases to easily magnify something it may simply be too troublesome to use on a larger document or picture (such as a comic). Using a different device with a larger screen size may not be so practical as the smartphone is so portable and readily available because it goes everywhere with you. This is an attempt to try something different though it is not clear if it solves the problem. Cost, more room for screen clutter such as in app Ads, device longevity, and battery life are all valid concerns. It might not do the job. However you can't say for certain without trying. The attempt alone can yield value in the form of knowledge gained.

/end rant

Spies still super upset they can't get at your encrypted comms data

chuckrman
Big Brother

Different view/tinfoil hat warning

What if the whole point of the backdoor is to mask decryption capabilities. In my view point (you may decide otherwise) encryption is *always * a temporary measure. The value of encryption is to conceal information until it is no longer useful. It does not prevent something from being unknown forever. The race between encryption and decryption pretty much guarantee's that at some point an encrypted bit of information will be deciphered. However, if you start putting mandatory backdoors the question of how you got through the encryption becomes more murky. Was the encryption broken or was there a backdoor? This makes it a little more difficult for the intelligence community (of any given entity) to determine risk. Was it a product issue? Was it an algorithm issue? Was it a leak? Think of it on a lower level such as a divorce proceeding where one spouse is hiding information from the other. Does not have to be at the nation state level. This I think opens up doors on a lot of levels.

Who do you want to be Who? VOTE for the BBC's next Time Lord

chuckrman

Re: Hugh Laurie ?

I rather like him as a choice.

UK warships to have less firepower than 19th century equivalents as missiles withdrawn

chuckrman

Always an interesting topic regardless of Nation

I have often wondered why Naval Fire Support (NFS) is often poo poo'd. It seems to me that it is often forgotten and added as nostalgia in the form of a single relatively small caliber gun mount (5" or smaller). I have often thought that there should be a role for NFS appropriate to the planned operating environment. NFS should be a combination of large bunkerbuster calibur types and small secondary types of which are currently the primaries on most ships. They don't need many mounts given what automation can do.As was pointed out by a previous poster, failures happen. Have some redundancy (more than one mount). Keep in mind the enemy can shoot back.

Additionally, I rather think fighting pirates and similar missions ought to be left to the smaller ships using guns but capable enough to supplement the fleet as escorts. As such should be blue ocean types. Small ship threats can attack a fleet/cargo ship/tanker/etc anytime really. Why not adopt the approach the Somali pirates are using? A mothership (can be the NFS platform) carrying the "coastal types" as interceptors. Your interceptors are basically patrol boats with small (squad/fireteam?) troop levels and the mothership provides any big guns needed should you need to put troops anywhere. No missiles necessary (except maybe CIWS type stuff) as that is the job of the escorts.

NFS seems to be a capability gap in most of the large navies. Bullets/Shells are *a lot* cheaper than missiles, planes, aviation fuel, and etc.