* Posts by the reluctant commentard

19 publicly visible posts • joined 10 Mar 2020

How to run an LLM on your PC, not in the cloud, in less than 10 minutes

the reluctant commentard

brew install ollama

For those running HomeBrew, installation on MacOS is as simple as running 'brew install ollama' from a terminal prompt.

Venturing beyond the default OS on Raspberry Pi 5

the reluctant commentard

NVMe on a Pi5 - kernel bug

If you're experimenting with other OS'es on a Pi5, you may also be the type that has bought an NVMe HAT to use an NVMe drive. If you do, make sure you use a very recent kernel or Raspbian (which uses a 6.1 kernel). It seems the 6.5 kernel has a bug which meant that drives were not getting enumerated and initialised correctly at boot time.

Symptoms are that when booting Raspbian from an SD card the NVMe drive was recognised, but (until earlier this week), booting Ubuntu 23.10 and your drive was not recognised. Ubuntu 23.10 with the latest kernel finally got the fix, but some of the other distros listed here may not (yet) have it.

These days you can teach old tech a bunch of new tricks

the reluctant commentard

Re: Booting DOS?

I'm no expert either, but I believe it is because DOS uses functions provided by the BIOS (Basic Input Output System) to drive the hardware. UEFI doesn't have such functions, so DOS can't work. See for instance https://en.wikipedia.org/wiki/BIOS_interrupt_call

Good news for Key Group ransomware victims: Free decryptor out now

the reluctant commentard

As the decryptor only works for a specific version, it may be that the operators already realised and fixed their mistake in later versions. So you wouldn't be telling them anything they didn't know already.

To the author: The company is called EclecticIQ, not ElectricIQ. I can just imagine the wailing of their marketing people having gotten their blog on the front page of TheRegister only to find their name misspelt.

Two teens were among those behind the Lapsus$ cyber-crime spree, jury finds

the reluctant commentard

Re: computer intrusion, blackmail, and fraud

The article says he was released on bail, it makes no mention of whether or not that bail came with any conditions such as not being allowed to use computers etc. I'm pretty sure that conditions of that sort will have been imposed, that would make sense.

Jailing an under 18 year old while awaiting trial is a very heavy measure and is only reserved for the most serious of crimes I expect.

the reluctant commentard

Re: Hold on...

I think the article explains the difference quite clearly: a panel of experts has established that the defendant is mentally unfit to stand trial, which means he cannot be convicted.

But at the same time, the jurors were asked to determine if he had done the things he was accused of. A "yes" means the case can be officially closed as the party responsible (not the "guilty party") has been established, it is just that said party will not have a conviction on their record.

It also means the victims can be confident that the persons behind the attack were indeed identified and dealt with.

TETRA radio comms used by emergency heroes easily cracked, say experts

the reluctant commentard

Re: Spectacularly irresponsible.

Yes, that is a *much* better article than this piece, as it also points out:

* There are 4 encryption algorithms used, TEA1, TEA2, TEA3, and TEA4. The weakened key vulnerability only affects TEA1

* TEA1 is for "export use only" and (as john.w has pointed out, most European forces use TEA2)

* In 2006 an Italian manufacturer pointed out to the US embassy that TEA1 had a "less than 40 bits" key length when an initial application for an export license for TETRA equipment to Iran was turned down, suggesting this weakness was pretty well known within the industry.

So the world does not appear to be ending (or at least not over this, anyway) but it does show why security by obscurity is generally a bad idea. But it's a pity this article didn't point out these factors, without this context this article is a bit alarming and sensationalist.

In the battle between Microsoft and Google, LLM is the weapon too deadly to use

the reluctant commentard

Re: you are looking at a rabbit and assuming that it has the potential to evolve into a bear.

I had a pretty good idea of what that video was going to be before clicking on it and I'm glad to say I wasn't disappointed!

PC tech turns doctor to diagnose PC's constant crashes as a case of arthritis

the reluctant commentard

Re: South don't work in the North

Once read an article by a Philips engineer on all the magic that went into making CRTs (talk about a whole field of knowledge that is now no longer much in demand) and he stated that the factory in Eindhoven where they made colour TV sets had a room where they could emulate earth's magnetic field in any location on earth to allow for correct calibrating of the tube for that location - so yes, it seems earth's magnetic field did matter.

Apple's M2 MacBook Pros, Mac Mini boast more cores, higher clocks and bigger GPUs

the reluctant commentard

Re: You can run Windows, but...

You can run Windows on M1 & M2 Macs using UTM, which is free. It has to be Windows 11 for ARM which is currently in Insider Preview and can be downloaded from Microsoft provided you sign up for the Windows Insider program, which is free.

I have followed one of the howtos and it does indeed work, it was rather nice to see an ancient Windows application from 2005 run on Windows 11 on a completely different architecture.

Here is a link to a HowTo: https://2ality.com/2022/06/windows-on-macs-via-utm.html

LastPass admits attackers have a copy of customers’ password vaults

the reluctant commentard

Re: The cloud is just someone else's computer

Although it is good to question how 1Password approaches this whole concept of password vault security, the article was actually about LastPass which is a completely different company.

Here's how 5 mobile banking apps put 300,000 users' digital fingerprints at risk

the reluctant commentard

Where did these fingerprints come from?

Genuine question, as the article does not make this clear. As far as I know, Apple's TouchID and FaceID don't allow apps to grab fingerprints or face scans. That data always stays on the device (which is why when you switch iPhones you always have to set it up again)

Instead, when an app requests authentication, all it will get is a "yes" or a "no" (Apparently in the case of TouchID iOS won't even tell *which* finger was presented, just that *a* valid finger was presented) but certainly not the data the scanner read.

If this is the case, then where did that fingerprint data come from?

I'm assuming Android works much the same.

Tweaks to IPv4 could free up 'hundreds of millions of addresses'

the reluctant commentard

They don't even need to replace them - just deploy different firmware. Virgin is Liberty Global, in The Netherlands that's Ziggo which uses the exact same modems and does support IPV6 including prefix delegation.

Pentester pops open Tesla Model 3 using low-cost Bluetooth module

the reluctant commentard

Re: Smartfobs, relay attacks and latency being the 'defence'??

Normally with systems like these, whether keyless or a key with a fob with buttons, if no doors are opened within a certain time of the car unlocking, it will simply lock itself again.

Auctioneer puts Space Shuttle CPUs under the hammer

the reluctant commentard

CuriousMarc's next project?

Once he's done resurrecting Apollo era electronics, maybe CuriousMarc and his team can turn their attention to these pieces of NASA technology?

https://www.youtube.com/channel/UC3bosUr3WlKYm4sBaLs-Adw

We're not getting back with Galileo, UK govt tells The Reg, as question marks sprout above its BS*

the reluctant commentard

Re: You are joking?

Not necessarily a defence force. But because, as the relentless march of digitisation continues, more and more devices and processes (logistics, distribution, navigation) all start to depend on satellite navigation.

Having that under control of a third party which can switch it off (or when push comes to shove will always prioritise good service over their geographic area above good service over yours) means that you become very dependent on that third party.

Strategically it may make sense to ensure that such a vital service for your digital society is under your control.

Whoa, someone actually texted you in 2020? Oh, nvm, it's just Boris Johnson, telling you to stay the f**k at home

the reluctant commentard

Re: I don't get why we need a system

The systems in use in South Korea, the US and The Netherlands (amongst others) don't use text messaging at all, but rather a feature built in to (I believe) 3G and up: cell towers can transmit these Alert messages to all phones within their range and they will then show these messages as Alerts and play an alarm sound (even if they are set to silent although that is up to the phone)

This works better than SMS because you can reach *all* phones regardless of operators within a certain geographic area (including phones from abroad for instance) and the messages don't get lost, marked as spam, ignored, etc.

The functionality is baked in to the mobile standards specifically to be able to alert all phones within the boundaries of whatever disaster is unfolding.

Microsoft nukes 9 million-strong Necurs botnet after unpicking domain name-generating algorithm

the reluctant commentard

Re: Financial analysis?

You don't need to register them all, you just need to register *one* - the domains are used by bots to connect to their command and control (C2) server. Once they connect to one, they will continue to use that one for as long as that domain is "up".

If you seize the domain, take down the server or interrupt C2 communication in any way, the bot uses the Domainname Generation Algorithm (DGA) to generate a list of *possible* new domains - that list may be as large as 50,000 domains for that particular day. It then just goes down the list trying domains until it finds one where a C2 is alive and waiting for it - that would the one domain the botnet herder registered.

If it fails, it will just generate a fresh list the next day and try again, right until it finds a C2 server.

Many DNS queries for non-existent domains (NXDOMAIN responses) are a sign you have a bot which is trying to find "home" on your network.

House of Lords push internet legend on greater openness and transparency from Google. Nope, says Vint Cerf

the reluctant commentard

Re: Feet of clay

I too attended the lecture and I had the exact same experience, he just gave a history of the net (in which nothing new was said) and that was it.

I left thoroughly disillusioned, like you.