* Posts by Chairman of the Bored

933 publicly visible posts • joined 19 Apr 2017


Between you, me and that dodgy-looking USB: A little bit of paranoia never hurt anyone

Chairman of the Bored

Re: My superiors?

@AC, I totally agree with you this should be an actionable offence. We have the lockers, signs, a polite but firm receptionist and so forth. There is no excuse to have a device in the room...

...but it all depends on who you are: in the service we called this "different spanks for different ranks." Sucked then, sucks now.

I have no doubt that I or any other working stiff could get sacked for bringing a phone in ... but execs get a free pass. And this REALLY pisses off the workforce. Technical types crave consistency, and this includes consistency in policy and its application. Stuff like this can grow a little seed of discontent into a full-blown insider threat problem... why do we insist on tempting fate?

And this is not just in IT policy - my team was rocked recently when we lost a good man because his accesses were yanked. He and the wife were separated. He started seeing a new gal and got popped for moral turpitude. I won't claim that my guy's decision making process was sound, but what burns is the manager who sacked him had a well-known affair going on with his admin... including some navel exploration and offshore drilling done on company time. WTF, over?

Chairman of the Bored

USB bricker?

I presume the concept involves a USB device that attempts to brick a host.

Most ports are indeed defended by TVSes. But volume and board area are low and cost is definitely a consideration. What you find is decent ESD performance and low/moderate hardness against conducted EMC threats.

See: https://www.st.com/en/protection-devices/usb-port-protection.html?querycriteria=productId=SC1489 for a typical approach.

Any reasonable EE student with with DC/DC converter design experience can build you a thumb device that will overmatch the protection. What I dont know is whether you just destroy a USB bridge IC and bring down part of the USB bus, or can cause more extensive damage.

Chairman of the Bored

Fun Def Con talk on on USB impersonation

Please look up Dr. Phil Polstra's talk "One Device to Pwn Them All"; DefCon 23.

Video link, if you don't mind being tracked, hacked, and perhaps sacked:


Chairman of the Bored

My superiors?

I find one wanker - a senior executive - texting away on a personal iFone at the start of a sensitive briefing. Phones are not even allowed in the entire building, let alone in a brief. So I quietly and politely ask if I can take the phone to the front desk for him.

Slightly embarassed, my Dear Leader gives me the phone and I secure it.

Upon my return I find him banging away on a BlackBerry, and there is another BlackBerry as backup. Oh, FFS!

A couple of days later some swinging dick working for Dear Leader attempts to slap my wrist for embarassing Dear Leader.

With leadership like this what difference does it make what sort of USB stick is left in the executive head? Parking lot? Tossed through open window of BMW parked in the "executive reserved" space?

Persuading world+dog to love Microsoft's AI assistant a step too far for Acompli founder

Chairman of the Bored

"100M+ users depend on every day"

He's either barking mad, or just a punter about to flunk the next whiz quiz - for cause. Either way I think I can see why he is being encouraged to succeed elsewhere.

Web Foundation launches internet hippie manifesto: 'We've lost control of our data, it is being used against us'

Chairman of the Bored


An outstanding new noun that I shall plagiarize immediately. It seems to concisely summarize an accretion of futility.

Roscosmos: An assembly error doomed our Soyuz, but we promise it won't happen again

Chairman of the Bored

Aerospace quality

I work with a guy who used to be an aircraft heavy maintenance tech. We were discussing formal tool and component accountability procedures for a high quality line we are working and I asked how rivets and other fasteners in aircraft are accounted for as they are not serialized.

Tech: "They're not"

Me: ?

Tech: "You sweep and vacuum out the rivets and fasteners from wing tanks and whatever the best you can. That's why the fuel system has strainers and filters."

Me: ??

Tech: "Well, yeah, they have their limits. Thats why on your Airbus or Boeing the fuel intakes are not in the lowest part of the tank. Sometimes if the wing is gutted we will pull all the crap out of the sumps. Usually they're there forever"

Me: whimper

Tech: "To really eff things up you need a socket head floating around or similar, that's why we have accountability at that mass level. Every part, every shift"

Nikola Tesla's greatest challenge: He could measure electricity but not stupidity

Chairman of the Bored

Re: Noted scientists

Maxwell! Go on, then, have an upvote. Einstein himself stated:

"Since Maxwell's time, physical reality has been thought of as represented by continuous fields, and not capable of any mechanical interpretation. This change in the conception of reality is the most profound and the most fruitful that physics has experienced since the time of Newton"

When I worked in a computational electromagnetics R&D effort the supers were named "Maxwell" "Faraday" "Dirac" "Gauss" "Petunia". Three Brits, one German, and a HHG reference in an American lab...

Sputtering bit-blasters! IBM's just claimed densest tape ever record

Chairman of the Bored

Re: Long live tape !

Anyone here remember the Iomega Jazz drives that were supposed to be our small business archive salvation circa 1995? Or zip disks for that matter?

I happened upon a box of Jazz cartridges a month ago and had a nearly irresistible urge to destroy them. Not just destroy ... but go completely retro. Annihilation with extraordinary prejudice!

Death to perfidious media! (looking at you, RDX)

Watch closely as NASA deploys the world's biggest parachute at supersonic speeds

Chairman of the Bored

Re: Empathy

Aye! But at least I got to launch...

Chairman of the Bored

Re: I like the PPE the technician is wearing

38Deg with humidity. I think you need to start drinking immediately!

Would love to go to Oz; colleagues who have worked there have enjoyed the country and its people immensely.

Chairman of the Bored

Re: Good news

Good news w Venus is the atmosphere is crazy already one can burn petroleum like its the 80's! CO2?

No worries, the atmosphere is something like 96.5pct CO2. 150ppm sulfur dioxide. Sulfuric acid clouds. Kind of like the rust belt town I grew up in, just slightly more badass.

Now if we can somehow do nuke-powered carbon sinks... one wonders...

Chairman of the Bored

I like the PPE the technician is wearing

Official Range Safety Certified, Gov't issue ... flip flops?

Having worked on similar ranges and dealing with the Range Safety mafia I salute our hero's refusal to wear the fully enclosed, steel toed, multi-kilogram, nearly non-removable foot anchors that are required - even at sea state zero in Virginia heat and humidity.

I might recommend a trip to a nearby West Marine store for a decent pair of boat shoes though.

Pirate radio = drug dealing and municipal broadband is anti-competitive censorship

Chairman of the Bored

Re: Murica, land of freedom!

Work out what the words are based on context? No way, that's f$ckyngh ridiculous!

Apple might be 'collateral damage' in US and China trade dust-up

Chairman of the Bored

Re: 3D Printing reply

"... I doubt that 3D printing is going to massively improve on the economics of this."

My firm is heavily invested in 3D for rapid prototyping. But what really amazes me is what happened when we put a 3D machine in the machine shop:

Productivity and quality of the conventional shop shot upwards. With the 3D machine the guys print all sorts of jigs and rigs to make their production, build, and inspection processes more effective. Need a bespoke tool? Draw and print rather than 'make do' with a standard but less optimal tool.

Yes, Americans, you can break anti-piracy DRM if you want to repair some of your kit – US govt

Chairman of the Bored

Chipped valves?

Here you go- this is a bit nontechnical but it gets the point across:


I have some actual papers on this, but alas I'm on travel and armed only with a landfill Android. If more is needed reply and I will dig up the links when I return to civilization.

Chairman of the Bored

Circuit board repair


Repairing circuit boards is really not that big of a deal. Id encourage you to get a solder trainer board (*) and learn it... its an extremely rewarding skill and opens up some amazing hobby and career opportunities.

I've really never had an employee who could not get at least to the point of soldering leaded quad flatpack components. Most could do leadless QFP. Ball grid arrays, alas, requires some rather pricey kit and specialist training.

The only thing I'd caution is that life is too short to skimp on good tools. A decent soldering station (Metcal or Pace) and a good binocular microscope are a must. Also, take the time to make sure your work area is ergonomic.

(*) or go on oshpark.com ... go to the 'sharing' tab, and order a circuit board that does something fun rather than just a practice board.

Chairman of the Bored

Re: What does that really mean?

Sounds like my first marriage. I think this calls for a stiff drink!

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

Chairman of the Bored

Too bad Linus swore off swearing

Situations like this go beyond a little "golly gee, I screwed up some C"...

Our brave El Reg vulture sat through four days of Oracle OpenWorld to write this cracking summary just for you

Chairman of the Bored

"Impenetrable barrier?"

Let's see...

Highly complex software systems? Check

In same network? Check

Can't wait to see what the next Def Con will present about that one!

I used to think barriers are impenetrable, but then I've got to explain why I have these kids running around...

Apple boss demands Bloomberg Super Micro U-turn, Russian troll charged, NSA hands out cash, and more

Chairman of the Bored


So West Haven pays off criminals? There is form- the adjacent town of New Haven {used to be | is} a significant node in the American Mafia network.

The city fathers probably mistook the ransomware rip off for a more familiar shakedown or protection racket.

F5: Don't panic but folks can slip past vulnerable firewall servers, thanks to libssh's credentials-optional 'security'

Chairman of the Bored

I like the defensive programming reminder from AWS

I'm not a good programmer and my knowledge of formal cs-jitsu is poor. I can't get an object to do what I want it to if I beat it with a cosh.

But! My embedded code has worked very well.

That's because I try to pre-compute everything I can ahead of time and load up ROM with lookup tables and whatnot. No ROM? Fine, static structures. State machine? No problem. I'm going to give you a table of pointers that cannot be modified at runtime. And because the state machine exists as a table ... we can formally evaluate its truth.

Lookup tables and fixed point arithmetic... I consider it a personal accomplishment if I can avoid having to do any floating point math - even in instrumentation systems.

Raspberry Pi fans up in arms as Mathematica disappears from Raspbian downloads

Chairman of the Bored

Re: Idle thought, at what point does fedex's bandwidth beat your ISPs?

"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway." -Tanenbaum

"Well, go on then, get this disk pack to Norfolk! Step on it!" - my boss, long ago

Chairman of the Bored

Re: On the other hand...

@GrumpenKraut, well please have an upvote and pint on me. The Sage tool looks very interesting and I will definitely explore this.

This is why I love the ElReg forums... people know stuff and we all learn!

Chairman of the Bored

On the other hand...

...I get the arguments about pre-installed apps and bandwidth wastage. The appropriate implementation would have been a .pdf on the Desktop instructing users downloading an 'educational' image how to install Mathematica. Or, have an image for download optimized for secondary- and post-secondary education that has Mathematica installed. Problem solved.

We need to remember that a primary goal of the RPi Foundation is the creation of a computer that is cost effective enough for even extremely poor school districts throughout the world. I think the theory is that we will build global wealth and address income inequality by helping others get the tools they need to build up themselves and their societies. Will it work? Who knows ... but I sure think this is a more decent and ethical approach than hand-outs and whatnot that just build dependency and help the richer people maintain a degree of smug superiority. AND we get and outstanding piece of kit; what's not to like?

To that end Wolfram Research (Mathematica) contracted to provide free access to Mathematica. This tool is absolutely fantastic for the physical sciences, theoretical and applied mathematics, and electrical engineering. I've used it for all three and one of my organizations spends literally tens of thousands of $ annually on contracts with them and does so gladly. My first exposure was on a NeXT Workstation (remember those?) at university in 1992, at which time we were told it would revolutionize pure mathematics. It did. And now Wolfram (the man) wants to share his creation, I say let's raise a pint but also eliminate the download pain.

Sure, offering this free on educational kit is kind of like offering hits of an addictive substance ... the marketing hope is obviously that students will get hooked on Mathematica and when they are in a position to purchase software later in life will tilt the scales in Wolfram's favor. Worked for Apple back in the day. But I'm just happy if we get disadvantaged students to the point in life where they are making software decisions.

Disclaimer: Yes I'm a major fan. But I also use MathCAD, Matlab, GNU Octave, Maxima ... basically whatever tool will make a specific job easier. I am a software polygamist.

NASA chief in Moscow: 'We will fly again on a Russian Soyuz rocket'

Chairman of the Bored

Re: What did the OP really mean to write?

@AC, excellent points. I've definitely been in the position of trying to perform a full, comprehensive study into a failure and felt the pressure of having a Harvard Preschool of Management type declaring "we will be done by X" when we haven't even estimated a value for X.

Failure investigations are difficult to plan for and budget, but hey - if you're just a politician everything looks easy.

Chairman of the Bored

What did the OP really mean to write?

He wrote "bullish tone" but I think I might have misread it as "bull$hit tone"

Administrators... I've known too many.


The Obama-era cyber détente with China was nice, wasn't it? Yeah well it's obviously over now

Chairman of the Bored

You keep using that word.

I do not think it means what you think it means.

$word =~ s/inconceivable/drop-off/g

For me and my logs, 2016 fits a long-running pattern. A monotonic increase in Chinese(x) activity. Mostly idiotic port scans and occasionally something that makes me sit up straight and think

(x) yeah, I know attribution is tough in a spoofed or multi-hop environment, yadda yadda

Uncle Sam gives itself the right to shoot down any drone, anywhere, any time, any how

Chairman of the Bored

There is a very simple way to limit the law

Include language restricting drone engagement to Prohibited Airspace (think Washington D.C.) and maybe... just maybe... some classes of Special Use Airspace. My vote would be to contemplate drone engagement in active Restricted Areas (think major sporting events, nuclear power plant sites). [×]

If you feel a burning desire to engage drones in a certain area, man up and go through the NOTAM process and either activate existing restricted airspace or stand up a new one. That way the other airspace users know what the heck you are doing.

If something is an imminent danger? As in credible mass casualty weapon employment? Well, Intl Law holds that states have an inherent right of self defense. No need for a regulation. Blast away and explain it on CNN later.

[×] given 9/11, small aircraft crashes into the WH, the Mathis Rust incident on Red Square... It's unclear to me how any of this works in practice.

Want some of that sweet government contract money? Obama's CIO gives tips to land deals with Uncle Sam

Chairman of the Bored

Re: contracting

@disgruntled yank,

Cannot speak for three letter agencies, but have some DoD and other experience. No different than the rest of US Gov't.

My favorite comment concerns cluster computing on the NMCI net (choose one of 'Navy/Marine Corp Intranet' or 'No More Computer on Internet')...

I ask, "How's it goin'?"

Answer, "Um, sir... these f$ckers. Well, they put the cluster in clusterf$ck..."

Chairman of the Bored


Let me ignore the river of marketing BS flowing from FireEye for just a sec (*)...

...Maybe the reason smaller firms are noncompetitive is due to the fact they cannot afford the legal teams necessary to navigate through our Byzantine contracting process. I don't think this has anything to do with quality of personnel, availability of personnel, or so forth. I've seen several small- to mid-size firms absolutely at the top of their game technically unable to get Gov't contracts because they either (1) couldn't get all the paperwork together to work before their competitors caught up; or (2) saw how much $ the paperwork was going to cost them and just said "screw it ... we're not going to sell direct to the Gov't ... let's market to their prime contractors"

See: https://news.vice.com/article/why-cant-startup-companies-get-us-government-contracts

(*) Ok, I respect FireEye products but think the BS spouted here can work two ways. Do I want to hire a vendor who is so tightwad they cannot afford sufficient staff and everyone must work 80+ hour weeks? Do I want to hire a vendor who is constantly "up" because they are playing catch up?

Working your ass off is not always a sign of extreme competence.

30 years ago, NASA put Challenger behind it and sent a Space Shuttle back out into the black

Chairman of the Bored

How's this for thoughtful?

Starting with the STS-26 return to flight mission and continuing until the end of NASA's manned program, the Shelton family would send a bouquet of roses to Mission Control. One red rose for each astronaut on mission, and one white rose in remembrance of those who had been lost.

Apparently it took NASA a while to figure out who was sending them. A simple but thoughtful gesture that probably means a lot to those who hold life and death responsibility over astronauts riding perhaps the most complicated gadget ever manufactured.

Also, as a parent I've got to hand it to the mom and dad - setting an example like that is top shelf parenting technique.

US mobe owners will get presidential text message at 2:18 pm Eastern Time

Chairman of the Bored

Re: Amber Alerts?


+1 for the insightful reply and useful link!

Chairman of the Bored

Amber Alerts?

With the Prez Warning at least its fairly clear what offices generate the warnings.

But what about these Amber Alerts? I've wondered who exactly decides what unlucky kid gets featured on these. I know that the actual number of non-family forcible abductions in the US are actually fairly low ... out of something like 800,000 missing persons reports per year something in the low hundreds are what we would think of as classical kidnapping events. But I've seen precisely one Amber Alert in two years, living in the boonies but within an easy drive of major population centers. Put another way, if one of my kids disappears and there is some witness that saw them in a vehicle - does a non-connected, 9-5 working schmuck like me rate getting an alert sent out?

A guy I know had a kid disappear; witnesses saw her walk off a school bus and get coaxed into a car that drove away. His first clue was when she didn't arrive home. He had one hell of a hard time getting the police to take things seriously. Ultimately it did work out OK; it turns out that the ex-wife and in-laws decided to play a rousing game of "capture the flag" using a human being. Poor form, that.

Chairman of the Bored


...my phone is now supposed to warn me about the president? How very interesting.

Laser-sharp research sees three top boffins win the Nobel Prize in physics

Chairman of the Bored

This year's Ig Nobel in Literature is pretty good

Probably better than the legit Lit prize. See:


Chairman of the Bored

Re: "Especially glad to see a 96 year old get the prize."


Excellent points. I'd like to understand the selection process. At least for the hard sciences Nobels, I read the announcements and always come away impressed, humbled, and inspired.

For the Literature and Peace prizes? Not so much.

Chairman of the Bored

Congrats to all...

...these people have brains working on a much higher plane than mine.

Especially glad to see a 96 year old get the prize. I had a somewhat aged superstar employee return from a personnel review ready to go postal. Seems the branch head didn't believe he had done significant contributions, since "...most real science and engineering is done by men in their 20s and 30s. Most Nobel prizes are won by young people..."

The BH of course is a proud Harvard Preschool of Management grad. I might pee on him if he is on fire, but I'm conflicted

NASA's Kepler telescope is sent back to sleep as scientists preserve fuel for the next data dump

Chairman of the Bored

A pint!

Sounds like the mission planners and systems engineers have overcome a great deal over the last nine plus years. While waiting for data, I think they need something to wet their whistle

Rookie almost wipes customer's entire inventory – unbeknownst to sysadmin

Chairman of the Bored

Re: Got you beat, my story begins with "My Wife's...."

@FuzzyWuzzys, dang.... 10 quid only. Plus flowers, honey-do's and probably a lot of subservient behavior. You got off easy!! Question becomes ... how long was the stay on the couch :(

Chairman of the Bored

Re: One simple trick...

@Chris Evans,

Yes there are a number of things you can do. Just like Windows a quick ctrl-C will abort a rm operation taking place in an interactive shell. Destroying the window in which the interactive shell running rm is running will work, too (alt-f4 in most window managers or 'x' out of the window)

If you know the process id of the rm process you can 'kill $pid' or do a 'killall -KILL rm'

Couple of problems:

(1) law of maximum perversity says that the most important bits will be destroyed first in any accident sequence

(2) by the time you realize the mistake there is no time to kill rm before law 1 is satisfied

The OP's mad dive for the power button is probably the very best move... provided you are right there at the console. And provided the big red switch is actually connected to anything

Chairman of the Bored

One simple trick...

...depending on your shell and its configuration a zero size file in each directory you care about called '-i' will force the rampaging recursive rm, mv, or whatever back into interactive mode. By and large it won't defend you against mistakes in a script, but its definitely saved me from myself when running an interactive shell.

It's proven useful enough to earn its own cronjob that runs once a week and features a 'find -type d' and touch '-i' combo on systems I like.

Glad the OP's mad dive for the power switch saved him, I wasn't so speedy once. Total bustification. Hence this one simple trick...

Now if I could ever fdisk the right f$cking disk, I'd be set!

One Project to rule them all: Microsoft plots end to Project Online while nervous Server looks on

Chairman of the Bored

Been doing this 30 years...

...pencil and paper, viewgraphs, lotus 1-2-3 spreadsheets, m$ project in its various incantations of demon speak...

...and I've learned many valuable secrets, young grasshopper. Chief among these is, "The very finest way to remain on schedule is to write a new one daily."

This truth is invariant across all known PM tools and strategic planning fad.

You're welcome!

Linux kernel's Torvalds: 'I am truly sorry' for my 'unprofessional' rants, I need a break to get help

Chairman of the Bored

Good on you Linus

Nothing is so hard as to change our own behavior at middle age. It's taken me decades to move past some of the sharper uses of my tongue, and I still f$ck up routinely, but I'm a more effective engineer when I have self control.

Where it gets difficult is when something happens that requires the strongest possible condemnation, and when working with former NCOs who speak entirely in acronyms and curses...

Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day

Chairman of the Bored

And we can avoid...

...giving the third and fourth degree to employees who make mistakes. We all screw up security sometimes.

We need to hold people accountable but if you make penalties for even slight infractions truly Draconian, people just won't report problems. And problems do not get better with age.

Python joins movement to dump 'offensive' master, slave terms

Chairman of the Bored

We've come a long way from Black Perl

P'raps my favorite piece of code. I'm slightly relieved it doesn't achieve anything though: https://en.m.wikipedia.org/wiki/Black_Perl

The OP mentioned Los Angeles for some reason. Been there, lived that. Not sure how well the 'master/slave' construct is understood there. I think 'pimp/ho' might be more comprehensible.

A boss pinching pennies may have cost his firm many, many pounds

Chairman of the Bored
Paris Hilton

I had a manager decree...

...that an already INSTALLED 100BaseT infrastructure in a new build be downgraded to 10BaseT because she thought the higher speed would result in a higher total cost of ownership. No ship. The techs just said, "uh... yeah, sure! We did exactly what you said." Mumble mumble.

Top antivirus tool nuked from macOS App Store – after it phoned browser histories to China

Chairman of the Bored

Re: That's the problem with AV apps

@DougS, Enterprises forcing users to install dodgy AV apps per BYOD? In my experience, heck yes.

I've definitely suffered far more at the hands of bad AV thab viruses. I'm thinking cleaning up the radwaste left behind by McAfee products here.

And then we have the Good for Enterprise app ecosystem - a system that sucks so badly it is indistinguishable from malware. I wonder what sort of attack surface Good presents... hmmm.

Pluto is more alive than Mars, huff physicists who are still not over dwarf planet's demotion

Chairman of the Bored

I really feel for Pluto...

As I age my hair get thinner and the mass of the ass...? Well, still increasing. But I still cannot clear out all the straphangers and yes men out of my division...

Trainer regrets giving straight answer to staffer's odd question

Chairman of the Bored

Re: My rule on tools:

Oh heck yeah; +1 on that insight.

Life is too short to waste getting a substandard tool to more or less work, and there is a real satisfaction involved in using decent tools.

Besides, my dad always said, "Every job takes a minimum amount of money. You can try to cheat on cost but at the end of the day, why not just pay your dues up front and save some time and frustration?"