Posts by vtcodger 2030 publicly visible posts • joined 13 Sep 2017
"Not that they're not good ideas but ..."
Indeed. Would you bet a beer that a decade after a dual stack architecture was implemented, we wouldn't be treated to weekly announcements of newly discovered "stack-inversion" vulnerabilities where the CPU is somehow tricked into using the parameter stack for addresses and/or the address stack for data?
(And yes the ideas do seem worth considering).
Back in my youth, there were places like Hyde Park in London and The Domain in Sydney where crackpots could -- on Sunday afternoons -- climb up on soap boxes and harangue "crowds" (typically three to seven people and a few pigeons). The authorities hung around to discourage fistfights and such, but there was (and still is?) general agreement that the activity was basically harmless. Social media seem to be the same thing on steroids. Maybe it's time to reduce the dose of steroids a bit, but it's unclear how to do that. And -- to cite one example -- Donald Trump's opponents would likely be quite unhappy if his frequently unhinged tweets were confined to Sunday afternoons or somehow forced to be tied to reality. They seem far more damaging to his cause than his opponent's ads. And they are free.
It's probably best to leave Section 230 alone.
"Isn't "personalized information push service technology based on data analysis" exactly what Facebook and Google do?"
Yes ... No ... Maybe ...? Perhaps it's about time our lawmakers took a good look at what Facebook and the Goog actually are up to. It might well be something we'd rather they weren't doing.
OK, so the internet/world wide web is probably doomed to flounder in a sea of greed driven bad ideas. (... and we're all gonna die). What's the alternative?
I just checked. Yep usenet is still out there. Sort of. e.g. http://news.aioe.org/ But frankly, even though it shows no sign of googleitis or ADS (Advolken Dementia Syndrome), it doesn't look all that healthy. Any other thoughts?
Two different issues I think:
1. Is cyber warfare a real threat? My bet is yes. And every year, it probably gets to be a bigger potential problem as more and more infrastructure becomes dependent on online communications. Is no one worried about what will happen to smart grids and such if our inspired and dedicated leaders manage to get into a serious pissing contest with clever opponents? That's a rhetorical question. The answer seems to be "No. What's to worry about? What could possibly go wrong?"
2. Can tanks be replaced with autonomous weapons? I should think so. The problem I foresee isn't capability. It's that battlespace communications have always been notoriously iffy. I don't think replacing static-laden voice links with multimegabyte per second digital links is likely to improve things any.
My impression of Google is that they simply want to hsve [sic] full control all of the time
They do want complete control of course. But I suspect that they are more motivated by a strong desire not to pay every web site they index for the privilege of indexing it. That looks to be where the pay-for-news road ends. They would surely see that sort of thing as a threat to their core business -- which it is of course.
While I'm not all that big a fan of Google because I think they are getting crazier with every passing year, I don't think a world where search engines are no longer financially viable would be a good thing.
NOT like self-driving cars. With cars the system must fail rarely and always fail safe. Were it not for the rarely and safe requirement, autonomous vehicles would already be flooding the roadways. With weapons systems, you can tolerate a few lethal (to the WS) mistakes.
I'm not that big a fan of Google although their search engine and maps are quite good. And "Don't be Evil" doesn't seem to have lasted all that long.
But I'm a little puzzled, how one enforces an attempt to demand payment from an indexer of public domain information without all sorts of unfortunate side affects and collateral damage. Suppose I'm writing a research paper on Ediacarian fossils and my references include a link to a newspaper article in South Australia. Am I expected to send the newspaper a royalty payment?
My impression is that Google News was deliberately designed not to transgress beyond the limits of "fair use" under US copyright law. There's lot's not to like about US "IP" law. A lot of it seems demented and/or dysfunctional. But "Fair Use" seems to me pretty reasonable.
What am I missing here?
I suppose there is a remote chance that simply pulling the cover off the fuse box and yanking out the DCM fuse might disable the "feature" while leaving the vehicle usable. If so, the car may still be acceptable. The chance that disabling the DCM will also disable Over The Air software updates -- another spectacularly bad idea that the marketing class will no doubt enthusiastically embrace -- is probably even lower.
On the whole, this move sounds like a marketing plus -- for Honda, Mazda, Kia. Hyundai. or any manufacturer who doesn't emulate it.
Hmmm. I'm sure that 90% or more of tech headlines are about cutting edge technology. But what percentage of actual semiconductor sales and profits go to products that are a generation or three behind the cutting edge? My suspicion is most. But this isn't my area of expertise.
I do happen to know that the US military, historically has somewhat favored older technologies in weapons systems that are actually going to be deployed. Why? Greater reliability. Or so I was told.
"What are these "high value" targets doing, using a Linux kernel with modules?"
My understanding -- which could be wrong -- is that a unix module is pretty much what we old time MSDOS folks used to call a "loadable device driver". All incorporating it into the kernel accomplishes is to make it a permanently loaded device driver. If it contains malicious/exploitable code before building into the kernel, it'll still contain malicious/exploitable code after incorporation?
I would have liked to know how it gets installed as well.
Hold on ... Let me check and see what today's party line is. ... Ah, yes ... It's either the Chinese. Or the Democrats. Or the fake news people. Or Iran. One thing is certain. Putin has nothing to do with it.
Seriously. If I were trying to root a Linux server and couldn't find open ports and externally accessible accounts with no/default/trivial passwords, I'd quite likely go after Windows or smartphone users on the same network with legitimate access, then try every privilege escalation exploit known to man. Keep in mind that Unix security was designed to keep users from screwing up each others' work (which it does quite well), not to provide ironclad protection against sophisticated attackers with massive resources. Someplace out in the garage I have a copy of a BTL paper by (as I recall) Ken Thompson explaining that Unix was not designed to be a perfectly secure system. I looked for a current web link to the paper, but couldn't find one.
Not exactly a bank robbery. More like designing a tamper proof safe. Then locking the combination inside.
In the unlikely event that there is any actual money anywhere in this peculiarl scheme, it should probably be turned over to a court appointed receiver who can then dole it out to creditors (if any) and investors. In that order.
I was as impressed as anyone here with the Apple II hardware. Wozniac's Apple II disc controller -- a half dozen commodity TTL (RTL?) chips that somehow interfaced to an analog device. And it worked. Four decades later, I remember looking at an Apple II disk controller board, and sort of figuring out how it might work. I was utterly astonished. So count me as a Woz fan.
But I think it interesting that this seems to be the only post that mentions the application that truly separated the Apple II from the crowd of assorted computing devices that were available back in early PC days. Visicalc actually did something unique and useful. And until Lotus-123 was launched in 1983, it was, so far as I know, the only spreadsheet show in town.
I speak from personal experience -- trying to run an office using Apple IIs (not my idea). Other than Visicalc, the available Apple II software was absolutely awful. The word-processors sucked. The leading spell-checker wasn't quite that bad -- as long as you never, ever fed it a file longer than 64K bytes -- which it would promptly trash. IMO, without Visicalc, the Apple II was a hobbiest only computer. And probably not the most cost effective choice for many/most hobbiests.
My life became vastly easier when we switched to PC clones, MSDOS, Word Perfect, etc -- stuff that (mostly) worked when used by normal people.
It's entirely possible that in the working lifetime of those now in the global workforce, the importance of manufacturing as we know it will shrink dramatically. Between robots that actually work, much enhanced 3-D printing and the possibility of shipping much stuff to folks as "kits" that any twelve year old can assemble, the classical "factory" may largely fade away in the next few decades. If that happens, and it could, the social and economic impacts will be dramatic. I doubt the transition will be smooth. Best fasten your seatbelts if that actually seems to be coming about.
Isn't that like just one guy? What am I missing?
I suspect that trafficing in cryptocurrency, using Tor, and use of mixers to further anonymize transactions are probably highly correlated. For example, paying for the 4 metric tons of crystal meth you want delivered to your driveway next Friday without leaving an auditable transaction trail is probably a bit tricky. So no, it's probably more than one guy.
Assuming that the evil exit nodes are borrowed from legitimate owners who have been a bit injudicious in clicking on emails or some such, there's probably little capital required in order to set up a bunch of corrupted exit nodes once your figure our how to do it. And the payout for a successful theft is probably pretty good. The risk wouldn't seem to be not so much being thrown off Tor as the cryptocurrency's real owners tracking you down and removing body parts until you return their cash.
When they do fail where would someone like BA get new ones?
It's entirely possible that BA has back up copies. And they might well have the files backed up to hard drives and/or tapes (Now if you're looking for a dubious storage medium, try tape). And the drives themselves? Hundreds of millions were made. There are lots around. Some still work. There are even USB floppy drives. I have one out in the garage. Rather to my amazement, it actually works ... well, at least it used to.
Can one still buy blank floppy disks? Rather to my surprise, one apparently can still get them from Walmart, Amazon, etc.
State actors aren't harmless but they are inevitable. There's no way to fix enough bugs that they can't find any.
Aside from which, state actors doubtless have considerable access to the world wide digital infrastructure, and I suspect its hardware and software are probably just as bug-ridden as the endpoint software and hardware we are familiar with. Bottom line. Today, and for the foreseeable future, you can be connected or you can be secure.-- pick (at most) one.
Of course you should have backups. But as clue points out, there's no guarantee that the bad guys won't simply delay encrypting your data until they have had sufficient time to booby-trap your backups. Load the backup. Everything is great. For about 16 hours. Then your data base is encrypted again. And the ransom amount has gone up.
Also, for many undertakings -- on line businesses, banks, medical practices, and such, ANY lost transactions are a significant problem.
There are strategies that might be useful for some operations. For example in some cases keeping short term hard copy of transaction data for a week or three might be a good idea
But overall, this seems a real problem, and not as easy a problem as one might hope.
US companies can't get into China...
There is a VERY long list of American companies active in China at http://jiesworld.com/international_corporations_in_china.htm It seems likely that if Donald the Useless continues his rather poorly thought out assault on Chinese companies in the US, the list of US companies operating in China will abruptly get shorter.
One problem with trade wars is that the enemy gets to shoot back.
Wait a minute, is El Reg implying that amanfromMars might be human?
Well, if the arbiter of human-ness is to be a computing device. And given the current state of AI. I see no reason that a "man" from Mars couldn't be classed as "human".
The real issue, I think, might be whether the Mars creature is entitled to take umbrage at such an insult and retaliate by sterilizing a couple of counties.
Surely once you've put the weapon(s) in orbit, they can be deployed faster and/or less noticeably than a ground-based attack can?
You'd think so. But mostly not. Your killer satellite won't be much if any more maneuverable than your target, so I think that just as with a ground launch interception system, you'll mostly get two short interception windows a day.
One possibility would be to build one killer unit for each target and put it into an identical orbit trailing or leading its target by a few hundred meters. Or a few meters. If you're going to do that, you don't even need to shoot. You can have the killer snuggle up to tis target, clamp onto anything that sticks out, deploy an "arm" and start tearing pieces off. Or spray painting the sensors. Doable? Almost for sure. But extraordinarily expense I should think.
Basically, satellites are by their very nature, sitting ducks. For the most part, they are about as maneuverable as the island of Manhattan. If you want for some reason to shoot one up, you'll know where to find it. What I'm kind of unclear on is what advantage there might be from launching an attack on a satellite from space rather than from the ground. In either case, you have to lift a payload to satellite altitude. I'd think that a ground launch would be simpler and more flexible.
FWIW, I once knew a bit about intercepting ICBMs -- which is, I think, far more difficult. But that was long ago and maybe things have changed in some way.
There are folks out there who have spent decades thinking the satellite intercept problem through. They surely know more than I do. And more than your average politician or newspaper reporter. It'd be nice to hear from one or more of them on this subject.
I think the device is currently in California. The logistics of getting 6.5 tonnes of extremely delicate machinery from there to the French Guiana launch site while managing the effort from Maryland would be daunting under "normal" circumstances. I can well believe that Covid-19 related quarantines and resource availability problems might well add some additional delays. After all, when you're 2000% over budget and 13 years late, what difference do a few more months make?
I sure hope that it makes it safely to its L2 station and works properly when it gets there.
Why should I or anyone else care if the Russians, Chinese, or Lower Elbownians read US Coronavirus research? We ought to give them logins. Maybe that'd somehow help humanity come up with a badly needed vaccine.
Get a grip folks.
This sort of thing is what happens when you let people who think government can't work try to run a government.
The covert operations are largely targeted at Iran, China, Russia, and North Korea, say anonymous sources
It's a good thing that "they" have opted to target folks who are too well mannered and/or have insufficient skills to retaliate.</SARC> This is a problem that may well solve itself once the "targets" start shooting back. We may be learning a lot more about CIA, NSA, and Trumpian procedures, workflows and finances in coming months and years.
Popcorn Time!!!
"Who could possibly have thought that this year's global pandemic might have an adverse impact on IT spending[?]"
Well, a few misguided souls may have suggested that with many more folks working from remote locations in response to the pandemic, travel restrictions, etc, there might be a bit of previously unexpected spending on IT infrastructure. Silly notion of course. IT is clearly even more doomed than transportation, hospitality, et. al.
"What the hell are those guys gonna due when cut loose from the Japanese office culture."
Just like the US, UK, Australia and Canada. They'll log off their computers at 1700 and join any of the neighbors who feel so inclined (most of them probably) at a local watering hole. Their wives will then breath a sigh of relief at having their husband out of the place for a few hours and go off to socialize with the neighbor's wives.
I am sure it's possible calculate position based on a signal from any three Sat's
Four, I believe -- you're working in three dimensions. But it's early here and I'm not as smart as I thought I was in the 1960s when I actually knew a little about some satellites. Anyway, I think that "all" that is needed in concept is a bunch of satellites with extraordinarily accurate clocks on board, a tracking network that can keep track of their positions with very great precision. And an impressive amount of money. That'll get you position determination within a few tens of meters. Good enough to get you or your vehicle from place to place. For precision much greater than that I believe one needs reference stations that can be used to compute very accurate current ionospheric and tropospheric delays for each satellite. Or perhaps other clever gadgetry. Lots of very smart people have spent a lot of time and effort figuring out how to do satellite position determination. I'm not one of them.
"Though I wonder if there isn't a way using something other than IR to see "through" masks to the face underneath..."
For some reason that immediately triggered a mental image of a long flexible tentacle reaching out of the phone, lifting the mask aside momentarily, then tucking the mask back into place and retracting into the phone. Too much bad Fantasy/SciFi TV I suppose.
Of course, conceptually, they could offer the user the option of a phone with no charger or headset, or, for a bit more, the "Executive Package" that includes both. But that might strain the mental limits of some of their customers -- who are, after all, a cross section of humanity -- more than a bit.
Sounds like after a mere two decades, the MSDOS UNDELETE command has been summoned back from the dead. One wonders if perhaps some other questionable improvements inflicted on Microsoft users over the years might someday be reversed.
I suppose there's no chance that the $#@&$ Registry will be replaced by less user antagonistic control structure(s)? That's probably too much to hope for.
Is that my fault?
Absolutely your it's fault. AFAICS, most "solutions" to Internet security involve either blaming the victim, and/or insisting that some incredibly complex sequence of activities will provide perfect security and can't possibly fail. You're clearly the victim. You must have done something wrong you dolt. Shape up.
(I do think that some day -- probably decades from now -- we'll have a reasonably secure digital universe. But think that it very likely won't look much like what we have today and likely not much like what we envision today.)
Apple is the only very large US corporation that doesn't have links to the US military
Indeed, it'd be interesting to know if the Chinese have a list of corporations with ties to the US Military Industrial Complex. And if so, who is on the list.
I'm also curious if there's actually something special about Huawei that makes it such a frequent target of Donald the Useless and his minions. Could be. But I can't help suspecting that somewhere in the vast criminal conspiracy that is the Trump administration some person or persons are somehow profiting bigly from the US beating up Huawei.
"Why Didn't they put in on the top?"
The two things that come to mind are:
1. Landing on Mars is quite difficult. Fewer than half the dozen of so attempted landings have been successful. They very likely put the helicopter experiment where it would be the least problem during descent.
2. This is their first attempt. If their aircraft fails during its initial flght for some unexpected reason, they probably don't want it to drop onto their rover.
It's a neat idea. I wouldn't have thought it to be practical. Good for them.
I agree that downloading code from some dude's server in God knows where, then executing that code is utterly incompatible with user security. Three problems however
1. Some useful services like interactive maps currently can't work without scripting. Interactive map, etc APIs would have to be defined and implemented in browsers before scripting can be killed.
2. There is perhaps some case for scripting of content presentation as opposed to tinkering with operating systems interfaces. Granted, the current results seem generally to be annoying at best. But they are what "customers" (guys who pay directly) as opposed to "consumers" seem to want. Personally I could probably get by in a world where stuff I don't want to see is never arbitrarily superimposed over whatever I'm trying to read based on my mouse position. But maybe everyone else loves that. Anyway, I think that in concept at least, presentation scripting could be implemented with few or no security issues.
3. Advertisers love scripting. Companies like Google will probably try any number of ill conceived schemes to accommodate the guys who pay the bills no matter what the risks to consumers of the product. After all, scripting is not a risk to either Google or the advertisers. Just to the product -- thee and me.
Perhaps I misunderstand, but in this case, I think all that is necessary is for you to visit a website crafted by a really talented hacker. The website can promise to regrow hair, smooth out wrinkles, serve up free world class porn, earn you money at seven times the prime rate or to grant you eternal youth. It doesn't have to deliver any of those things.
Would be interesting to see how well that patent is worded.
It's a patent. It'll have been created by professionals to be both completely incomprehensible and incredibly broad. Probably could be interpreted to cover anything from putting detergent in soluble pods to ordering books alphabetically on bookshelves.
I read much of the Ninth Circuit's opinion. It's actually quite well written considering that it addresses material that is stunningly dull. It's unclear to me exactly what the details are here. But it appears that Altera shifted stock option related obligations around between entities they control in such a way as to somehow minimize taxes. What seems to be at issue is the extent to which the IRS can undo that. And the answer is that the Ninth Circuit feels that IRS doesn't have to treat transactions between wholly owned entities the same way as it would transactions between independent companies if it determines that the only reason for the transactions is to hide taxable activity.
Or maybe I have that all wrong.
It's probably obvious. But not to me. Why is stock based compensation taxable to the corporation rather than the employee who receives it? It sort of sounds like the IRS is saying that the costs of paying employees in part with stock options aren't legitimate business expenses. Maybe not. But it'd be nice to have an explanation of why not.
Let me see if I have this straight. The Chinese are thought to be using their no doubt extensive and sophisticated cyber warfare capability to target ... banks? The Australian military? The Australian power grid?
Nope. They're out to batter an Australian brewery into submission???
Well, maybe. ... Are there are tanker loads of Tsingtao beer hovering in the Pacific just beyond the reach of radar from Brisbane, Newcastle, and Sydney waiting to sell their product to thirsty Australians at extortionate prices?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
