Easy fix
"...effectively handing over control of the firewall if the device is reachable over the internet."
Just put the device behind a firewall. Is that so difficult?
Posts by Mister Dubious
71 publicly visible posts • joined 8 Aug 2019
WatchGuard sounds alarm as critical Firebox flaw comes under active attack
Windows 11 update breaks localhost, prompting mass uninstall workaround
One token to pwn them all: Entra ID bug could have granted access to every tenant
NASA won't name the Shuttle picked to move to Texas
Problem PC had graybeards stumped until trainee rummaged through trash
Saturday 26th July 2025 02:32 GMT
Re: Pharmacists
"They said "mostly". What fraction of software does Therac-25 represent?"
A small fraction. A vanishingly small fraction. Would YOU like to visit the victims' survivors and explain that their bereavements are statistically insignificant? Would YOU like to visit the families of drivers and bystanders killed or maimed by "Full Self-Driving" cars and tell them everything's fine because Ms. PacMan never hurt anyone? Or for a less gruesome example with far more victims, would YOU like to comfort the former owners of gone-with-the-hack cryptocurrency with "Hey--You've got your health; who needs money?" Back to one of those wars in Iraq: Would YOU like to explain to the victims of a non-intercepted SCUD that the systematic clock drift in the Patriot(?) missile systems was just a minor flaw?
Software in and of itself isn't perilous (maybe AI is, but I'm not qualified to judge). But software is written to be used, and the use context can be almost arbitrarily dangerous. That, in fact, was a root of the Therac disaster: A bit of code that had been used in lots and lots of devices and "hardly ever" made trouble suddenly found itself in control of a potentially lethal ray gun, and then the inadequacy of "mostly harmless" was tragically exposed. But you're right: "most" of the patients got the right treatments, and only a trifling few were killed and maimed.
Friday 25th July 2025 15:54 GMT
Re: Pharmacists
"Our screwups mostly don't kill people" writes a self-described "graybeard" who never heard of the Therac-25.
From <https://en.wikipedia.org/wiki/Therac-25>:
"The Therac-25 was involved in at least six accidents between 1985 and 1987, in which some patients were given massive overdoses of radiation. Because of concurrent programming errors (also known as race conditions), it sometimes gave its patients radiation doses that were hundreds of times greater than normal, resulting in death or serious injury."
(Flame icon in recognition of the "mostly harmless" Therac.)
‘I nearly died after flying thousands of miles to install a power cord for the NSA’
Saturday 19th July 2025 20:36 GMT
Re: Vintage Kit from the 1980's
Danish Navy job -- Was this in the late 1970's to early 80's? My then employer put me on a team preparing a response to a Danish RFP (Request For Proposal) that sounds very like the system you describe. Scariest moment came when it was my turn to present a chunk of our proposal to the visiting Danes, all in full uniform with at least four stripes if not more, all with sternly chiseled Nordic faces, all apparently taller sitting down than I was standing up, and all glaring at me. Our bid didn't win...
Concerning the "intersection with a huge berm:" Our proposal included a sort of conceptual diagram of the system, showing how one computer acted as fail-over for the other, how they managed to be electrically isolated, and so on. Each computer had its own eighty-megabyte disk drive, "medium-sized" for that era. The diagram labelled each as "80MB" which was easily misread as "BOMB" ...
NASA keeps ancient Voyager 1 spacecraft alive with Hail Mary thruster fix
Friday 16th May 2025 14:30 GMT
Re: Brilliant
A mild rant: Musk has the gall to call his rocket "Starship" and his SpaceX company town "Starbase," even though there's no chance that any of his works will ever get closer to some other star than to Sol. The Voyagers are almost one light-day distant from us; Elon's eccentricities have never made it as far as one light-second. His "Star"-stuff is as suitably named as is "Full Self-Driving."
So your [expletive] test failed. So [obscene participle] what?
Your graphics card's so fat, it's got its own gravity alert
Cheap 'n' simple sign trickery will bamboozle self-driving cars, fresh research claims
Saturday 8th March 2025 15:55 GMT
Meat drivers
> Maybe meat drivers are just much better.
Many years ago I relocated within the United States and applied for a driver's license from my new jurisdiction. My awareness of traffic regulations was (lightly) tested with a series of photos of driving situations, each with a multiple-guess "What should you do?" question. One picture comes to mind whenever I contemplate "self-driving" cars: The photo was of a four-way intersection with a traffic signal suspended over the middle and showing red--but there was a uniformed policeman in the middle of the street waving me forward. Would a Tesla or Waymo or Cruze obey the signal, or would it follow the policeman's directive? Would it follow the instruction of a non-uniformed school crossing guard? How about a random Joe Jerkface in some kind of emergency?
"Scanning officer's badge number ... Verifying badge with police database ... HTTP 503 ..."
Techie fluked a fix and found himself the abusive boss's best friend
Homing pigeon missiles, dead trout swimming, butt breathing honored with Ig Nobel Prize
Microsoft Dynamics 365 called out for 'worker surveillance'
Fraud guilty plea flies from Boeing to swerve courtroom over 737 Max crashes
T-Mobile US drags New Jersey borough to court over school cell tower permit denial
Thursday 20th June 2024 19:13 GMT 
Building site
The Wanaque Planning Board was entirely right to refuse an "application to build a cell tower on invalid grounds." The least, nay, the VERY least T-Mobile ought to do is choose valid grounds for their erections. Put a tower on invalid grounds, and who knows what might happen? It could sink into the grounds all the way up to its knees, it could topple the first time the underground troll rolled over in fitful sleep--heck, it could get SICK and DIE from hanging around with an invalid!
It's that most wonderful time of the year when tech cannot handle the date
Thursday 29th February 2024 22:18 GMT
One of the classics
One of the best descriptions of the "unless 400" rule was found in a VAX/VMS Software Problem Report (SPR). I can no longer find the original, but a transcription is still available from Hewlett-Packard at [http://h41379.www4.hpe.com/openvms/products/year-2000/leap.html]. Highly recommended reading!
OSIRIS-REx's stuck asteroid sample canister finally cracked open by NASA
BreachForums admin 'Pompourin' sentenced to 20 years of supervised release
Monday 22nd January 2024 19:13 GMT
Re: "forbidden to use the internet"
Isaac Asimov got there first (I think).
Spent a few hours failing to find an Asimov(?) short story about a computer fraudster whose punishment involved psychological conditioning that made it impossible for him to use or even touch computers. They were omnipresent in the imagined setting, so he couldn't play on-line chess, he couldn't order food in a restaurant, he couldn't apply for or hold a job, he was essentially cut off from society. He tried to enlist a lawyer to get his sentence lightened, and the lawyer promised to try but held out little hope. In the lawyer's opinion, "The punishment fits the crime" (the Gilbert&Sullivan reference reinforces my belief that it was an Asimov story).
Missing tomatoes ketchup with ISS crew after almost a year lost in space
Sunday 17th December 2023 01:58 GMT
Musical Memories
Can't help thinking of the greatest movie theme song EVER:
Attack of the killer tomatoes!
Attack of the killer tomatoes!
They'll beat you, bash you,
Squish you, smash you,
Chew you up for brunch,
And finish you off for dinner or lunch!
(... and there's MORE WHERE THAT CAME FROM! Mwaa-haa-haaaa!)
Intel shows off backside power and stacked transistors at IEDM
AMD thinks it can solve the power/heat problem with chiplets and code
Friday 8th December 2023 21:36 GMT 
Long way to go?
In 2021 AMD aimed to improve efficiency thirtyfold by 2025. As 2023 shuts down they've achieved a 13.5x improvement. El Reg calls this "just 13.5x" and opines that AMD "still has a long way to go."
As I see it they need only another 2.3x improvement, which they should attain (if they keep on at the rate they've achieved over the past two years) sometime in the Spring of 2024, comfortably ahead of deadline.
Or if they keep up the pace all the way through 2025 we should expect a 13.5x13.5~=182-fold improvement.
Mathematics is FUN!
OpenCart owner turns air blue after researcher discloses serious vuln
Sunday 26th November 2023 22:26 GMT
But who's in the stew?
"Next time, let Open Cart BURN and stew in the mess."
I may have missed something, but how would a successful exploit harm OpenCart? It's not their servers getting pwned, it's those of the poor sods who installed the stuff. (Or maybe the poor sods' customers whose account info got swiped from the pwned servers...)
Question from an ignorant pre-victim: When I connect to an on-line store, how can I tell whether they're using OpenCart? If my info is going to get hacked, I'd prefer to order my purple pills and latex novelties somewhere else...
Copilot coming to Windows 10 to help navigate the OS's twilight years
Musk's mighty missile is ready for launch once FAA says OK
Thursday 7th September 2023 21:56 GMT
Re: Elon
The proposed launch is only an early attempt at flying the beast, and I'm old enough to remember the USA's early attempts to reach orbit (every month or so they'd blow up a fresh Vanguard). Putting Elon actually on board so untested a craft seems unreasonable.
However, requiring that he be physically present in Port Isabel during the launch, outdoors and unshielded... Now, THAT seems entirely just.
Twitter name and blue bird logo to be 'blowtorched' off company branding
Now Apple takes a bite out of encryption-bypassing 'spy clause' in UK internet law
Malwarebytes may not be allowed to label rival's app as 'potentially unwanted'
Wednesday 7th June 2023 15:38 GMT 
Bashing the competition
Memories...
Long ago I worked for a document-editing and -management company. We were not the only such company (just the best:), so we had competitors. All the competing products featured spelling checkers, and one competitor's checker flagged $OURPRODUCT as a misspelling and suggested $THEIRPRODUCT as the correction.
Should we have sued?
Aussie tech worker payroll scheme operators found guilty of tax fraud
Learn the art of malicious compliance: doing exactly what you were asked, even when it's wrong
Meet the merry pranksters who keep the workplace interesting, if not productive
Monday 26th December 2022 22:24 GMT
Silence! Silence, I say!
Years and years ago -- decades and decades, actually -- my employer installed a new phone system. It could do magic! It could forward extensions, manage ad-hoc instant conference calls, play "I'm not here" messages and take voice mail, ... We all supposed some unknown descendant of Graham Bell and Gandalf must have built the thing. (You remember "years and years ago," right?)
Our working quarters were cubicles of various sizes; mine was a two-desk billet. One day a happy gathering in a nearby four-holer grew annoyingly loud, and my office mate decided to put our whiz-bang new phone to good use. She dialed an outside number, then patched in the neighboring phone for a spur-of-the-moment conference call, and hung up as soon as the neighbor answered. And he heard something to the effect of "... that our sins will not doom us nor condemn our immortal souls, for a loving Father knoweth us and knoweth our frailties and ..."
The external number she'd called was Dial-A-Prayer. The racket ceased -- I guess she'd put the fear of the Lord into them.
Elon Musk starts poll with one question: Should I step down as head of Twitter?
Twitter will lose 32 million users by end of 2024, Insider Intelligence predicts
Wednesday 14th December 2022 16:13 GMT
Re: Twitter costs
According to a story in the New York Times, Musk has directed his people not to pay its vendors nor its landlords. That ought to produce a noticeable savings, I'd think.
There may, of course, be some slight service disruptions when landlords padlock the offices and vendors cease delivering goods and services. How well does a Twitter server room run when the electricity is shut off for non-payment?
NTT Data adopting datacenter inspection robots to relieve humans of some chores
Unlucky for some: Meta chops 13% of global workforce
Crypto exchange Bittrex coughs up $53m to end claims of US sanctions busting
Wednesday 12th October 2022 16:44 GMT
Shrinkage
It turns out the $53 million is actually only $29 million. Fines totaling the larger amount were assessed, but "FinCEN said it would credit the fine to be paid to OFAC towards the total fine they imposed, meaning Bittrex will pay $29 million in total" according to Molly White of "Web3 Is Going Just Great."
Bittrex' owners can afford a few more beers than we'd hoped.
Google Japan goes rogue with 5.4ft long keyboard
Tuesday 4th October 2022 15:57 GMT 
Time? Or rate?
The story subtitle speaks of doubling "development time," while the body text speaks of doubling "development speed." Seems to me that doing both at once would be quite an impressive feat...
True story: A high executive at a previous employer once E-mailed a company-wide dispatch announcing the launch of a new system for filing expense reports. The improved system would, he said, "maximize response time." With talent like that in the exec suites, is it any wonder the company failed and vanished?
Solaris is in maintenance mode – but Oracle added a significant feature anyway
Remember the humanoid Tesla robot? It's ready for September reveal, says Musk
James Webb, Halley's Comet may be set for cosmic dust-up
Twitter sues Musk: He can't just 'change his mind, trash the company, walk away'
Bipolar transistors made from organic materials for the first time
Oracle plans US database for electronic health records
Sunday 12th June 2022 21:02 GMT 
Been there, done that
A quarter-century ago, the state of Massachusetts (USA) released anonymized hospital visit records to any researcher who wanted them.
A graduate student promptly sent Governor William Weld's records to him.
(Accounts of the exploit are everywhere on the Net; search "William Weld re-identification".)
Biting the hand that feeds IT
