Posts by MCPicoli

Re: Apple don't like it?

About your footnote...

Because, of course, for Apple the option of simply complying with something that will save money and reduce waste for everyone is not an option. Apple must do *everything* the Apple Way, fuck everyone else.

Apple may choose to open their connector and communication standards to everyone for almost free (as is the USB-C), ensuring interoperability of Apple equipment with other manufacturers of phones and accessories, but let me stop deluding myself with my utopic dreams.

OK you may pay Apple to certify your cables and chargers, but god forbid you try to create an Android Phone with a lightning connector...

I'd say fuck Apple, comply or get out.

Re: Haynes Manuals

You brought many, many old memories back!

I remember the part of being my dad's assistant, long neverending hours of him working fixing the old clunkers of my family. I enjoyed every bit, to the tune of my mom saying I couldn't "assist" anymore until I had all homework and chores done. Lots of trouble, lots of "extra" bits and bobs, but in the end my dad always managed to put everything back together, and miraculously it even worked.

Except for the two times he tried a full body paint job. Something got wrong both times and the cars ended with a not-so-desirable-for-the-time "matte" finish. Not fixed, he and mom used the cars for several years after.

Re: Quality

In my personal experience, chinese-made chips are inferior, both in design and manufacturing, but each year, year after year, they're getting less inferior and more refined. Most "new" designs from them still have some problem or limitation, but less and less. For many, the difference simply doesn't matter anymore.

How much time until they're as good as any western chip or better?

(my experience revolves around MCUs, radio/cell modules and simple logic ICs)

Re: Shakespeare

"Damascene moment"... Sincerely, I had to google it up. Thank you, for enriching my vocabulary with obscure expressions.

Re: Picture

The chip at the upper left corner seems to be the one with something (SRAM) stuck over it.

Re: Ponzi

Your line of thinking is mostly flawed, since you may not simply decide to sell your coins for "X" dollars and it be magically executed, depriving other traders from getting any and collapsing the exchange. Most crypto coins like BTC or ETH are essentially "zero sum" games. You may call crypto any scammy name you want, but a Ponzi it is not.

In an exchange you buy coins *from other users* and NOT from the exchange, unless the exchange is a "user" of itself as well. For someone to buy some, someone has to sell.

If suddenly everybody wanted to sell, the price would collapse, since now there are a lot of coins for not so much dollars (from users willing to buy them) but in the end <new price> x <amount of coins> is _exactly_ equal to the amount of dollars available from buyers.

And the exchange, as usual, makes a pretty penny from their share of the transactions.

In that sense, users would lose a lot of money because they bought high and sold very low (close to, but not equal to zero), but would never get nothing from their coins, barring exit scams, "hackers" stealing the wallets, etc. In the worst case of the exchange not having liquity for that coin, nothing blocks transfer to another exchange where there would be a little value left.

OK, I will concede the case where the coin collapses so hard that it has _zero_ liquidity, then you will lose exactly the value you "invested" and not one cent more.

However, if you start "investing" in derivatives, futures and other complex "financial instruments" involving crypto, then you may lose your pants. For example, if you bet that the value would go up and borrowed a lot of money to buy crypto now, and the value crashed, you'd be in deep trouble.

Re: Ahh, thefts...

Place my father worked before retirement had a policy that all tools and equipment that was going to te decomissioned/dumped/trashed had to be physically destroyed or otherwise mangled to "beyond any chance of repair" condition before, and any and all company markings removed.

It was sad to see lots of equipment in working condition, but completely obsolete, get the hammer/blowtorch/angle grinder treatment, but ended the sporadic cases of newer kit suddenly being deemed "not economical to repair" but misteriously disappearing from the bin later that night.

Re: Still laughing..

Same here, I wouldn't mind being sent this kind of "trash". My wife, on the other hand...

Re: Annoyingly low on RAM

Well, I'd be *really impressed* if you managed to do any kind of modern and safe internet cryptography using only 256 bytes!

Not a traditional USB drive

The ironkey is NOT like a traditional USB drive. Imaging the drive would yield nothing since traditional brute-forcing the encryption used would take a very long time even with plentiful computing resources. The actual decryption key is generated and stored inside the chip, and is based on locally-generated entropy as well as the user-supplied password.

If the user supplies a bad password too many times, all that the drive does is delete its own internal key, rendering the contents encrypted. Optionally it can also wipe the drive or even destroy it.

Therefore, if it was even possible to copy the image from one Ironkey to another new, not locked drive, it wouldn't work since the internal "random key" would be different.

The drive is also designed to be tamper-resistant making attempts of removing the chip for further analysis on external equipment quite risky.

Re: Am I the only one who is confused ...

AMD enabling even ECC single-bit-correction on their lowly consumer platforms is already a huge step forward!

Re: ~/.procmailrc

Positive example restoring faith in humanity is Dell's Service Tags. Almost always easily readable and almost always in easy-to-see places.

Re: With great power comes great incompatibility

Nice museum...

...and my productivity goes down the drain...

Re: chewed wires

My parent's parrot had a nasty habit of chewing cables. Ethernet, speakers, mouse and keyboard, telephone, none was spared. Except for power cords. Never chewed on one, not even once. She is now 36 years old and still going strong.

As you can see, that worked pretty well for the Iranians and Stuxnet.

Also, several ways of exfriltrating data without an internet connection were already devised.

Finally, you have to define what is "trustworthy code".

And have unbribable guards.

Blanket bans aren't healthy

Simply banning "something with a spindle" from being used in backups isn't a good practice. It's just a measure out of fear and misunderstanding.

I know, we get traumatised and scarred from past mistakes and disasters. Been there, done (and suffered) that.

Understanding each backup medium and realising its strengths and limitations and planning accordingly is much better!

I do not think this is your case since you've already stated following many other good practices, however once someone starts putting too much faith - without constant reasoning about "why" - in some well established procedure, disaster follows.

Re: How things have changed...

First of all: Where are the sources beyond "I was around"? If true, there HAS to be written record somewhere?

1) Reaching a MTTF of 10 years is independent of whatever architecture you are using, from the software point of view. "Bug free" software (or 99,99x% bug-free software if you like) will run bug-free regardless of clock speed. Hardware is another history.

1a) Why are we using 3GHz processors anyway? The old shuttle-era processors did the work, why suddenly do we need 3000x more processing power? OK, it allows for more complex scenarios, and a lot of "quality-of-life" improvements, but at some great cost in terms of development/bugs.

2) And why is is bad? Or, in other words, what does error-prone "advanced" programming constructs gets you? Use them in non-critical places only, stick with tried-and-true "simple" programming where it matters.

3) Again, WHY do we need millions of LOC? Keep it the simplest possible. Less code, well designed, made, audited and tested relates (but no assurance) to less problems.

4) Source or I'll call it bogus. And let me tell you, if several tens of billions of dollars and several human lives are in play, so be it, productivity be damned, quality (functionality, performance, security among others) FIRST, productivity after.

Hmmm cookies!

Most people:

Did I hear something about cookies? I like cookies! hmmm... yummy cookies!

...then they get all upset and enraged when the inevitable <insert your favourite nasty surprise caused by not being privacy conscious>...

...and suddenly it's all governments fault for not protecting the good citizens against evil Hax0rs.

Rinse-and-repeat.

Re: A decent backup strategy

What is preferrable:

a) Losing X hours of transactions and Y pounds and then coming back to business, vulnerabilities fixed, reputation (and ego) bruised, but alive.

or

b) Losing ALL hours of transactions (past and current), 100Y (or more) and possibly never coming back to business, everyone fired and your (company) name forever written in the hall of infamy. Also, not being allowed within 100 meters of a production datacentre.

Backups done right aren't a panacea for curing all security headaches, but for sure they're a damn good starting point.