Slashdot Mirror


User: sjames

sjames's activity in the archive.

Stories
0
Comments
34,276
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 34,276

  1. Re: Not safely on Can Intel's 'Management Engine' Be Repurposed? · · Score: 1

    There were a couple of years where the network bridge would lock up and take the main computer off the net unless you used the dedicated management connection. Other than that, around the same era, some BMCs would crash so that no management functions worked, but the main computer would keep going.

    What were your experiences?

  2. Re:Why "can never be a good idea"? on Can Intel's 'Management Engine' Be Repurposed? · · Score: 1

    And of course, now that ME is cracked, no media company will trust it, no user ever had reason to trust it, and the gigantic security holes are baked in. The question now is will Intel admit they screwed up or will they double down.

  3. Re:Not safely on Can Intel's 'Management Engine' Be Repurposed? · · Score: 1

    Yeah, some are better than others. No design is so good that a crappy implementation can't mess everything up, but at least the various issues with the BMC didn't create security holes that couldn't be fixed.

  4. Re:Why "can never be a good idea"? on Can Intel's 'Management Engine' Be Repurposed? · · Score: 2

    BMC = baseboard management computer. A small embedded system built in to the main system. The difference is that it does not share memory access or the PCI bus. Instead, it is connected to one of the serial ports, the power and reset lines, and often the USB controller. The latter allows it to emulate a DVD drive to support virtual boot media. The serial connection allows for console over LAN (if the OS has a serial console configured). Newer ones also can snoop the video chip to support a built in KVM (for OSes that can't be used over a serial console).

    The BMC often has it's own private LAN connection so management can be over a physically seperate network. They may also have a mini-bridge so they share a physical connection w/ the main system, but can be configured to use a private VLAN.

    Since the BMC is not required to bring up the chipset, it can be truly disabled if desired. It is just a remote management system.

    In general, the BMC supports IPMI. It may also allow ssh access (with a very limited shell) and/or http(s).

    There are still significant security implications if someone does manage to exploit the BMC, but nowhere near as bad as if they exploit the ME.

  5. Re:Atlanta is the heart of the US air system on Power Outage Strands Thousands at US Airport. 600 Flights Cancelled (cnn.com) · · Score: 1

    That's just the international traffic. Try this link instead.

  6. Re:Oddly unprepared on Power Outage Strands Thousands at US Airport. 600 Flights Cancelled (cnn.com) · · Score: 1

    If the luggage doesn't move, people don't move either.

  7. Re:Articles on Can Intel's 'Management Engine' Be Repurposed? · · Score: 2

    NO, it can never be a good idea. It can only go from a terrible idea to a terrible idea with some upside. Having a BMC with limited access to the main system was a good idea, but we've had those for over a decade now.

  8. Not safely on Can Intel's 'Management Engine' Be Repurposed? · · Score: 3, Interesting

    For years now, servers have had a Baseboard Management Computer (BMC) that was always on and could control power, press reset, and provide serial console over LAN. Newer ones provide virtual media and built-in KVM capabilities. At first it was an add-on card that cost an extra $50-$100, then it got so cheap it was simply built in. They spoke IPMI and in some cases also provided http and ssh interfaces. Often they have the option of a physically seperate LAN interface so you can put them on a private LAN. Those are really great for remote management.

    Since they had no access to the flash, main memory, or PCI bus, they had little of the nefarious capability of the ME. They couldn't read data off the drive or snoop the keyboard, for example.

    The ME, on the other hand, is loaded with nefarious potential, so much so that exploiting the ME means game over for the main computer. It already has all of the capabilities TFA suggests, it's just that the chintzy bastards are holding out for more money to turn it on. You can have all the bad parts for free though.

  9. Re:Atlanta is the heart of the US air system on Power Outage Strands Thousands at US Airport. 600 Flights Cancelled (cnn.com) · · Score: 2

    ATL is busier than all of those every day *Yes, including JFK). MIA is much smaller.

  10. Re:Oddly unprepared on Power Outage Strands Thousands at US Airport. 600 Flights Cancelled (cnn.com) · · Score: 4, Informative

    That's the absolutely essential. Ideally though, they could also keep enough systems running to continue moving people through. That would be computer terminals, adequate emergency lighting, baggage handling, etc. While highly arguable, I suppose TSA would claim their scanners are essential for as well.

  11. Re:I have no problem with systemd on Does Systemd Make Linux Complex, Error-Prone, and Unstable? (ungleich.ch) · · Score: 1

    I'll grant the similarity, but at least the Debian scripts don't create hard dependencies. The boot won't stop as a result. That system might refuse to implement a new configuration if it detects that the advisory dependency cannot be met, but end of the day, the links in /etc/rcN.d will be control the boot and if one fails, it will move on.

    The X- prefix provides some indication of knowledge that it's a dirty hack, but it is somewhat less problematic given the small number of init.d scripts all kept in one place rather than the huge number of such scripts swept under the rug in systemd. And, of course, you can override the whole thing using ln -s.

    Meanwhile, that makes it even more confusing why there would be a claim that systemd somehow made things easier for Debian package maintainers.

    Still, a better system would be X-Wants with the understanding that "you can't always get what you want".

  12. Re:No excuse for this on Internet Traffic To Major Tech Firms Mysteriously Rerouted To Russia (securityweek.com) · · Score: 1

    Keep in mind that BGP is an automated process. After the fact, rules may be added to limit trust, but that doesn't prevent the initial problem.

    Also keep in mind that in many cases, BGP is the only way you know anything about the routes. All you have is that router A says it has a 5 hop route to range X and router B says it has a 4 hop route to the same range. Neither A nor B is directly connected to the range in question and both are also depending on BGP.

    The stability of BGP currently depends on the lower level routers having rules to enforce some level of plausibility but at the level of an exchange, there are a lot ofseemingly plausible routes that would be incorrect. It will take a good bit of analysis to come up with mostly good plausibility rules there.

    Given what has just happened, it may be necessary to limit routes to Russia to a few choke points that are configured to only accept routes to IPs associated with Russia from Russian routers, but it would take a world-wide effort to really lock that down.

  13. Re:Russia is a Problem on Internet Traffic To Major Tech Firms Mysteriously Rerouted To Russia (securityweek.com) · · Score: 1

    OTOH, it would be a Pence that knows the president can and will be hauled off in disgrace if necessary and a GOP that knows they're facing a really tough election soon. How anxious will they be to support the tattered remains of the Trump administration?

    If they're smart, they may want to ask themselves that now.

  14. Re:Lying Liars Lie, Film at 11. on FCC Chair Ajit Pai Falsely Claims Killing Net Neutrality Will Help Sick and Disabled People (vice.com) · · Score: 1

    Don't believe the political hype. The supposed deaths from rationing in socialized medicine are not what you think. They are just cases where fantastically expensive yet futile measures are withheld at end of life in favor of palliative care that allows for a decent last few weeks rather than a truly miserable month. Naturally, for-profit medicine offers the treatment leaving the family feeling obligated to approve it (unless they simply can't, then they get to feel guilty about not being rich and/or heavily insured). In socialized medicine, the doctors make the hard decision that is ultimately better for the patient and family so the family doesn't have to agonize over it.

    For example, a couple years ago, there was a much touted "wonder drug" for liver cancer. It cost $60,000/month and a course of treatment was 6 months. The side effects were quite unpleasant. Once the dust settled, it was found to extend life by about 1 month. There were no remissions. So what'll it be, 7 really bad months or 5 good ones and 1 not so good?

  15. Re:Suggestion: Reopen Mental Hospitals on Robots Are Being Used To Shoo Away Homeless People In San Francisco (qz.com) · · Score: 1

    If you watch the homeless people, a fair percentage of the older ones will be showing obvious signs of tardive dyskinesia (AKA the thorazine shuffle). They were in the mental institutions before they closed and were tossed out on the streets without regard for their ability to take care of themselves.

  16. Re:Come on, this just has to be some ... on Robots Are Being Used To Shoo Away Homeless People In San Francisco (qz.com) · · Score: 1

    I just have to wonder did it say in a raspy metallic voice "vision inpaired, I can not see!"?

  17. Arbeit macht frei?

  18. Re:Many veterans end up homeless on Robots Are Being Used To Shoo Away Homeless People In San Francisco (qz.com) · · Score: 3, Insightful

    People coming home from WWII got ticket tape parades and a booming economy. In an era where a high school diploma could net you a decent job, they had advanced training on top of that. As a society, it was understood that the women pressed into the work force by necessity would be vacating those jobs en-masse as soon as the troops came home. Even manual laborers made enough for a single income to modestly support a married couple.

    Does any of that ring true for Vietnam?

    Gulf veterans get respect, but no booming economy, no jobs being vacated, and everyone thinks you need a degree to pump gas (I'm only slightly exaggerating on the last one).

  19. Re:Many veterans end up homeless on Robots Are Being Used To Shoo Away Homeless People In San Francisco (qz.com) · · Score: 1

    How fortunate for them. Some people come through better than others, and some wars are worse than others.

    I know a guy who got struck by lightning and suffered no ill effects. According to your reasoning, the only natural conclusion is that lightning is harmless and anyone who seems to have died from it is just malingering.

  20. Re: It's a problemtunity on Robots Are Being Used To Shoo Away Homeless People In San Francisco (qz.com) · · Score: 3, Informative

    Actually, many of the homeless have varying degrees of mental illness. People on welfare often get stuck on it because they lose the benefits faster than earned income fills the gap.

  21. Re:I have no problem with systemd on Does Systemd Make Linux Complex, Error-Prone, and Unstable? (ungleich.ch) · · Score: 1

    I would be interested in knowing what one or more of those are.

  22. Re:I have no problem with systemd on Does Systemd Make Linux Complex, Error-Prone, and Unstable? (ungleich.ch) · · Score: 2

    I read just fine. The workaround is in initramfs, but that's just because systemd is incapable of handling it. Prior to that, the old sysV init handled it just fine.

    Not that when I first tested systemd, it was on a working test dummy with a btrfs. It worked just fine before, including when I degraded btrfs. Then I 'upgraded' to systemd and it wouldn't boot. It wouldn't just fail to mount the btrfs (non-root), it just dropped to an emergency shell with no remote services running.

    Note that at one time, systemd was supposed to be the init in initramfs as well, but that went away when systemd started depending on everything including the kitchen sink and it proved that design flaws meant it could never bring the system up without help from an old school init being involved first.

    As for production, I never had a machine get stuck on the way to halt until systemd got involved. It was nice back when I could just run halt and expect the machine to power itself off within 5 minutes.

    But thank you for exemplifying one of the other problems with systemd. In the face of genuine bug reports, the answer is generally NOTABUG, WONTFIX, CLOSED, no matter what the bug is. That includes such embarrassments as mistakingly thinking rm -r should traverse UP.

    There are some ideas in systemd that might actually be useful if it lost it's my way or the highway attitude and was made to work cooperatively with other systems.

  23. Re: I could stand on fifth avenue and shoot someon on Trump Signs Law Forcing Drone Users To Register With Government (thehill.com) · · Score: 1

    WOW, that was a whole bunch of backflips you did there to avoid saying The Donald just created new regulations.

  24. Re:I have no problem with systemd on Does Systemd Make Linux Complex, Error-Prone, and Unstable? (ungleich.ch) · · Score: 1

    Funny thing is, you were so desperate to deny the systemd bug that you pulled up the wrong issue entirely.

    The initramfs HAS to handle the RAID for the root filesystem, naturally. Non-root RAID is supposed to be handled after transferring control to the actual init.

    Same for non-root btrfs.

    If there's an idiot or liar in this thread, it isn't me.

  25. Re:Drones as weapons on Trump Signs Law Forcing Drone Users To Register With Government (thehill.com) · · Score: 1

    ISIS also uses guns. Lots and lots of guns. Do you see where things get interesting yet?