* Posts by Kayakerdude

14 publicly visible posts • joined 28 Mar 2022

TETRA radio comms used by emergency heroes easily cracked, say experts

Kayakerdude

Re: Spectacularly irresponsible.

There have been 18 months of fixing time.

If the manufacturers didn't listen to the exploit notifications, if they didn't inform the customers, if they didn't offer a mitigation path, then it's the manufacturers that you lay all of the blame and cost on.

You can also blame your government for not doing the right thing here, especially with the year and a half they had to fix things.

You do not shoot the messenger here.

Oh, and it's been well known that there has been cracked weaknesses for over a decade, and there are open-source tools that already get a lot of info from TETRA transmissions, including the audio. You can be absolutely sure that there are bad-actors with access to TETRA Comms for a long time now.

Twitter engineer calls out Elon Musk for technical BS in unusual career move

Kayakerdude

Re: An old Dilbert

Look up "velocity factor".

It's the ratio between the speed of an electromagnetic wave in a conductor compared to c.

The speed of an EM wave in a conductor can be very significantly slower than c. The speed of an EM wave in some coax cables can be down to 2/3rds that of light in a vacuum. It becomes very relevant for those that are involved in amateur radio and are building their own antennas, as the velocity factor changes the physical lengths that antenna elements resonate at.

It also comes into play with those working with multiple antennas where the signals are combined via phasing lines (sections of coax of carefully chosen length) so that there's appropriate constructive interference seen by the receiver. That concept is taken to the extreme with electronic steering of arrays like the radars in most current warplanes.

The world was promised 'cloud magic'. So much for that fairy tale

Kayakerdude

Re: Give me some of what he's been drinking

Therte's a world of difference between paying for on-prem HA and paying Amazon for equivalent HA. The cloud setup is more expensive to architect, and for the use cases I have worked on, significantly more expensive to migrate to.

There's also a world of difference between AWS as a whole being considered as the entity of importance when looking at availability. Plenty of AWS segments have become unavailable to the end user, which is directly causing customer downtime.

It's the equivalent of measuring someone's workrate by the amount of hours they're alive, and not the amount of hours they're present in the office. Two completely different metrics. You've presented one metric that is effectively meaningless to most customers of AWS, who have suffered specific outages as a result of AWS downtimes.

AWS is not a panacea by any definition other than yours.

Twitter employees sue over lack of 60-day layoff notice

Kayakerdude

He cannot end up ahead. The maths do not support your assertion.

He's already in the hole for a billion a year in interest alone, to be paid to various non-US agents and he's likely to end up losing his security clearance because of that set of debts usable as leverage against him. Why else would the entities that agreed to fund him actually fund him? Not to make a profit as that was never going to happen.

Twitter will not in any way be able to generate a billion a year in net profit - and certainly not after Elon goes after the advertisers the way he has.

No further income stream as advertisers drop out, huge debts that will not be servicable fromn within Twitter itself, a firing of the majority of the useful people that were keeping Twitter together - this all makes it a wonderful scene to watch as the man-child tries to temper-tantrum his way to success to be met with abject and very public failure.

I for one have the popcorn ready with some shadenfreude topping.

Kayakerdude

Re: The situation in Ireland is perhaps more interesting

The clues are in what you wrote:

"that they can justify" - that justification is not to themselves, it's to the likes of the Courts. Cannot be as arbitrary as you appear to wish it to be.

"Acted reasonably" - also not determined by the company performing the layoffs, but to be determined by the WRC and similar.

What you think you read and what the reality is, do not match up. Your attempt to supply your own reality does not work in this case.

.

Actually - looking at your posts on this subject along this thread - you really are an undereducted inelequent with an exhibited lack of useful knowledge, and you have the viewpoints of a Muskovite and a MAGA-type Republican. I wonder how close to the mark those monikers are...

I wish I could ignore you, but I suspect in real life you will soon get "ignored" by someone you piss off. That would be *great* to see.

Kayakerdude

Re: Any Publicity Is Good Publicity

He's also rather boring really. Neither a good engineer nor a good project manager, fired from the board of X.Com for being an overbearing micromanager before the business entity became paypal.

What he is, is a kid who got rather lucky with Daddy's mining money, and not really much else.

There are some people out in the business world that I' like to go for a pint with. Elon is far from one of those. Always gives me the impression that he just can't a) understand a joke and b) can't take the joke when expressed at him.

I am enjoying the fact that this Twitter takeover is the first time he's likely had to put in actual work into anything in recent decades, and we can all see that the stress is getting to him, and he's cracking apart and quite publicly too,

I suspect Elon's reputation as a "successful businessman" is about to take a Trump turn, and be exposed for exactly what it is. Not that at least.

Kayakerdude

Re: handling layoffs

According to Matt Farah (he of The Smoking Tire youtube channel, whose wife is amongst the laid-off, this 3-month items is verified as false in her case at least.

Version 252 of systemd, as expected, locks down the Linux boot process

Kayakerdude

Re: Then why ?

Considering that TPM does absolutely nothing for the end user, it has not been surprising that uptake of Win11 and it's apparently hard requirement for TPM has been poor.

TPM is an attempt to benefit the corps that funnel media to the end user, to benefit the corps that funnel subscriptions to the end user, and possibly corps to manage their employees.

Nothing actually genuinely useful to the end user that isn't already done better locally.

I for one will continue to use Linux versions unpolluted by Poettering et al. Shoddy coder, shoddy code, unwanted cruft.

As for it being "optional"? Just you wait to see how optional it'll be when spinning anything up on any MS cloud instance.

No thank you, not needed, not wanted, and TPM will continue to be disabled in my PCs' bios.

'I wonder what this cable does': How to tell thicknet from a thickhead

Kayakerdude

Re: He made a discovery

Nice if you could get a decent reel of it and the termination connections.

Personally I do like a long bit of Messi & Paolini Ultraflex-10. Incredible performance of coax.

Hackers remotely start, unlock Honda Civics with $300 tech

Kayakerdude

Re: almost never use remote key fob features

The transmission range of the keyfob is the same no matter whether it's triggered by a button press on the fob, or a challenge from the car.

The car will often have multiple antennas - usually one in each handle, one in the boot, one in the center console, and one by the steering wheel - and the car will "verify" by comparing the signal strength seen by the antennas to the location of the pressed button, to give enough info whether to perform the desired action or not. If for example the keys are in the boot and someone presses the soft button on the driver door handle, the car will not lock as it's clear that the keys are not close to the driver's door. If all doors are closed and the in-boot antenna or center console antenna strengths are highest, the car will also not lock as the key is likely still in the car.

My car's a 2011 Cayenne, and this is how the keyless-go is set up. As far as I can see, there's no longer a facility for a physical key to unlock the physical steering column lock or to disable the electrical locks, but the driver's door can definitely be opened with the physical key present and hidden in the keyfob. Without a successful challenge-response sequence, none of the major electricals will activate.

As an amateur radio license holder, I legally own a few HackRFs, including one set up as a PortaPack with the Mayhem (!) firmware present. There's a specific module for car key store and replay, though very few cars are susceptible, as most have a rolling keycode.

Kayakerdude

Re: almost never use remote key fob features

Relay attacks are also truly feasible on contactless payments, for exactly the same reasons.

Only foiled by the requirement to enter the PIN on the terminal, or having enough contactless cards in the wallet that picking one signal out is nigh-impossible, or having a shielded wallet to start with.

Kayakerdude

Re: Steering Wheel Lock Anyone?

Radius of curvature of those firehoses when pressurised and flowing means the bend needed to get over the roof isn't as feasible as the direct route. There are specific reasons why the runs need to be as straight as possible as far as is possible.

If the direct route is through the illegally-parked car, tough on that car owner, but that's what one can expect when parking illegally - there are likely to be consequences.

Kayakerdude

Re: Geek

Because the $10 transmitter firmware is not very likely to be able to differentiate the frequency in use, nor to control the output frequency.

Your question is similar to this:

"Why would anyone use a VGA projector when an LED torch will also provide light of the same colour"

The HackRF has enough bandwidth to be able to get the detail of the transmission from the keyfob, where the ten dollar transceiver almsot certainly would not.

(source:- am a HackRF owner, legally allowed to given I'm HAREC-certified.

Help, my IT team has no admin access to their own systems

Kayakerdude
IT Angle

Re: Passwords

More interestingly, the actual phrase as written out and typed out is far more secure from cracking attempts, as it's much longer and has a huge amount more entropy than a shorter set of letters.

If you have keepass installed you can check the amount of entropy bits used when you type the password into the appropriate field when adding a new password entry.

The generally-accepted "best" password generation idea for mortals to use, is to take four words independent of each other. XKCD has a good pointer on this if you google for "correct horse battery staple"