I've an HP netbook that I wone as a prize - and some dumb-ass engineer at HP switched the role of the function key and the 'special' functions.
So when you press the [F5] key (good old refresh) the damn thing does a Suspend instead. And then there are all the other weird features it enables that are of no use.
I'm still trying to work out what to fscking do with it - basically it's unusable. About all I can think of is dropping it into a blender and feeding the debris to the fool who thought a non-standard keyboard is a good idea.
It would be interesting to see what patents Google will be picking up with this. It's hard to see US$3.2 billion in value given the limited range of products Nest currently sell, however if there is some latent IP that Google can leverage then there might be some cool stuff coming out of this.
Isn't it strange that there is a group within Microsoft that can turn out such great tools for for languages developed outside, but where they are touting Powershell as a strategic tool you are stuck with a toolset that lives back in the 80s ?
Why can't Microsoft put out a Visual Studio plugin for Powershell with full intellisense, breakpointing, inspections, etc. ?
The only thing they did in response was to modify their online web shop so that Australian customers could only see the AU$ price and conceal the US$ prices out of shame.
I bought a copy of VMware Workstation last year via their online store.
On their site you could choose what currenty to pay in - the conversion to Australian $ added around 40% to the price. What stung was at the time the Australian dollar was stronger than the US$, so in theory the price should have dropped.
I actually phoned up and queried why - the lady at the other end told me that it was due to the exchange rates when they set the price and not the rate at that point in time. However that would only have been the case if they had set the price several years previously.
Now they have fixed the problem by not letting you chose the currency - they force you to pay their inflated Australian prices, even though all you are buying is a license key.
It sure makes those US hosted proxy services look attractive.
It would be really handy to be able to easily identify web sites that are registered with GoDaddy. That way we could politely request that the admins use an alternative registrar.
Have a look at the current pricing for VMware Workstation 7.1
If you pay in US$, they want $189.00
Currently AU$1.00 buys US$1.03 according to the TV, making that approximately AU$183.00
Click on the pull down option on th VMware store to convert the pricing to AU$, it becomes AU$277.00 - a markup of AU$94.00 or approximately 50%.
I've rung and asked them why the difference - and got some bulls**t about there being annual price adjustments based on the current currency conversion. The only problem is the last time that AU$ was low enough for that was back in the 1980's.
Many education departments have licensing arrangements and good discount structures with Microsoft.
This is a product that they will be able to order from right out of the catalog, and at better prices than people are talking about here.
There are certainly many cheaper products out there (my favorite right now is the 'ET-STM32 Stamp') but if I was looking to build up an embedded computing curriculum for a school, these gadgets are well worth a look.
10 million cipher-text objects with plaintext customer details is an interesting target for cryptoanalysis.
If you know the card details of some of the people whose cards you have encrypted copies on, you have both plaintext and ciphertext to work on. And to make it even better credit card numbers have a checksum algorithm built into the number, so you have a method of testing the resulting decrypts for validity.
Why do I think that someone is probably running some GPU assisted EC2 machines at Amazon on these now ?
The only 'secret' protecting those cards is how the numbers are encrypted.
They don't appear to have an actual chip at the moment. From looking through their web site they have a design that can be downloaded to an FPGA, and a software simulator. That is a very long way from a real product.
Why would anyone think this is a viable idea for the open source community ?
Maybe if someone like AMD got behind it ?
Without a long term commitment from a reliable manufacturer to supply these at a competitive rate for 5+ years there is a large risk that people investing in designs using this chip will be left high and dry. They would be far better to look at some of the ARM derivatives where at least you are not locked into a boutique supplier.
The only thing that could make this a useful idea would be the availability of FPGA chips at the same price point - not holding my breath there.
You can probably view the last allocation of IPV4 address blocks as a signal to look at your end of life planning process.
For a business it's a case of looking at upcoming purchases, and to either require that new purchases are capable of IPV6 out of the box, or otherwise have business units accept the lack of conformance and prepared to write the equipment off sooner.
Once vendors start seeing requests for IPV6 compatible equipment, they will either need to supply it, or watch business go to their competitors.
As far as 'board level governance goes', for the moment it's simply having a strategic plan that leads the organisation towards IPV6, an indicative date to aim for (say 5 years from now - little to fear now), and a statement that the detailed technical work needs to wait until there is enough technology and expertise on site to plan and implement the cutover.
Unlike Y2K there's plenty of time to do this without too much shock or fear - but ample time to get infrastructure and skills.
All SIM cards have the ability to specify a PIN to lock access.
The vendor who built this system should have used an encoded PIN to tie the SIM to the embedded system it was built into. That way the SIM on it's own is fairly useless without the rest of the electronics.
They also should have had a 'phone home' facility so that whoever is monitoring the system would have noticed when the systems were compromised.
Fitting tamper switches to the enclosure (door opened, removed from pole, etc would have been smart.
Checking the bills on the cards to see where they are calling, how much has been spent, etc would have been smart
That would of course require someone to be routinely monitoring the system (it's not like traffic lights are there to save lives is it) so that things like this are not a surprise.
This really sounds like a system built by the cheapest tenderer - not unusual for a government organisation.
I've purchased GSM SIM cards on plans with no ongoing costs - you only pay for the data transmitted.
If the devices are not reporting frequently, and only need to send short messages indicating faults or general device stats (eg a daily 'all is well' SMS) then the transmission costs are quite low.
Embedded GSM modems are not particularly expensive either. You can buy a SMT GSM module from Sparkfun for under $50, and they are even cheaper wholesale.
The other technologies all need the deployment of a complementary data network. Given that most modern cities have some form of cellular network that is maintained by someone else, cellular is very cost effective.
While you can get into the 'nuts and bolts' of the solution the vendor is offering (you have not bought it yet have you ?) you can minimise some of the risks you may face by transferring them to the supplier.
Have someone perform a risk assessment on the system - and focus on the quantitative aspects (ie what the cost to the community will be if it fails). Make sure that the contract has compensatory and insurance options in excess of those amounts, so that it is in the vendors 'hip pocket' best interests to ensure it does not fail. And of course make sure that the contract has provisions for review, should the potential impacts change or the vendor changes company name, is bought out, etc:-) (yes - i've seen that happen)
You could also have someone do a thorough risk analysis of the system (google up the NIST SP800-30 document) as well as have them supply a complete inventory of hardware, software, and services they will be using to deliver the solution. Again, NIST have an online database where you can look up what vulnerabilities are known for some IT products.
Have the vendor perform a detailed risk analysis of the system - see what they think are problems, and what are not. Where you see gaps - ask them and see what color their faces turn.
Have a look around to see what failures or disasters you have seen in SCADA systems, refer those scenarios to the vendor, and ask them what technical measures they have taken to ensure that a similar act could not happen to them
You should also have your own people clarify and document their own roles and responsibilities with the system - don't assume that you have the resources on hand to manage your side of the situation responsibly - again a risk analysis will help out there.
We need to get a list of the so called assets they are puting up for sale, and place bids.
If everyone put a formal bid in for $1 for something, and sent them in, we'd have SCO sucking up even more cash.
There have been many attempts by people to track down stocks of iPads in shops - now Apple is building a database of what iPads are where.
Considering the other attractive, valuable goods their owners may also have the value of this data to criminals will be quite high.
Of course it is safe (you can trust Apple) and their servers are secure (nobody ever hacked a Mac) and their partners can be trusted (AT&T are a good company).
Physical space is the least interesting point of this article. Other things would be:
What racks are they using (at least 42RU in height) ?
How do they get power into these (4 chassis, each with 6 x 15A power inlets) ?
Are they using rack top switches, or is there more equipment?
Are they using liquid cooled doors - if so whose ?
I once tried to get answers from HP on how to power their equipment at this density - they diddn't have a clue. It's worth remembering that each of these chassis has six power supplies, each rated at up to 2.2KW. Even allowing for a 2N configuration, that's a massive amount of power, and a lot of cables.
Slashdot Mirror
They have a contact page available at http://www.bletchleypark.org.u... - tell them what you think yourself
So when you press the [F5] key (good old refresh) the damn thing does a Suspend instead. And then there are all the other weird features it enables that are of no use.
I'm still trying to work out what to fscking do with it - basically it's unusable. About all I can think of is dropping it into a blender and feeding the debris to the fool who thought a non-standard keyboard is a good idea.
It would be interesting to see what patents Google will be picking up with this. It's hard to see US$3.2 billion in value given the limited range of products Nest currently sell, however if there is some latent IP that Google can leverage then there might be some cool stuff coming out of this.
Why can't Microsoft put out a Visual Studio plugin for Powershell with full intellisense, breakpointing, inspections, etc. ?
Sad :-(
... sounds like something from a Dr Who plot line.
Buy two of their 27" screens (about the same price) and enjoy all the extra pixels.
The only thing they did in response was to modify their online web shop so that Australian customers could only see the AU$ price and conceal the US$ prices out of shame.
Great documentory on the Russian initiatives for remote operated vehicles - very clever stuff !
On their site you could choose what currenty to pay in - the conversion to Australian $ added around 40% to the price. What stung was at the time the Australian dollar was stronger than the US$, so in theory the price should have dropped.
I actually phoned up and queried why - the lady at the other end told me that it was due to the exchange rates when they set the price and not the rate at that point in time. However that would only have been the case if they had set the price several years previously.
Now they have fixed the problem by not letting you chose the currency - they force you to pay their inflated Australian prices, even though all you are buying is a license key.
It sure makes those US hosted proxy services look attractive.
It would be really handy to be able to easily identify web sites that are registered with GoDaddy. That way we could politely request that the admins use an alternative registrar.
If you pay in US$, they want $189.00
Currently AU$1.00 buys US$1.03 according to the TV, making that approximately AU$183.00
Click on the pull down option on th VMware store to convert the pricing to AU$, it becomes AU$277.00 - a markup of AU$94.00 or approximately 50%.
I've rung and asked them why the difference - and got some bulls**t about there being annual price adjustments based on the current currency conversion. The only problem is the last time that AU$ was low enough for that was back in the 1980's.
US companies regularly rip off Australians.
This is a product that they will be able to order from right out of the catalog, and at better prices than people are talking about here.
There are certainly many cheaper products out there (my favorite right now is the 'ET-STM32 Stamp') but if I was looking to build up an embedded computing curriculum for a school, these gadgets are well worth a look.
Are they collecting data on what apps their users use ?
Are they sending it back to Motorola for analysis ?
Does it mention anything about this in the customer documentation?
10 million cipher-text objects with plaintext customer details is an interesting target for cryptoanalysis.
If you know the card details of some of the people whose cards you have encrypted copies on, you have both plaintext and ciphertext to work on. And to make it even better credit card numbers have a checksum algorithm built into the number, so you have a method of testing the resulting decrypts for validity.
Why do I think that someone is probably running some GPU assisted EC2 machines at Amazon on these now ?
The only 'secret' protecting those cards is how the numbers are encrypted.
Powned
It's main claim to fame was that you could take your existing CP/M code, and with a few changes make it run on their new product.
Of course all it did was suck programmers across to this new platform where people just stopped writing the old stuff.
Has someone reopened the old play book ? Hello, Bill - is that you back again :-)
Why would anyone think this is a viable idea for the open source community ?
Maybe if someone like AMD got behind it ?
Without a long term commitment from a reliable manufacturer to supply these at a competitive rate for 5+ years there is a large risk that people investing in designs using this chip will be left high and dry. They would be far better to look at some of the ARM derivatives where at least you are not locked into a boutique supplier. The only thing that could make this a useful idea would be the availability of FPGA chips at the same price point - not holding my breath there.
For a business it's a case of looking at upcoming purchases, and to either require that new purchases are capable of IPV6 out of the box, or otherwise have business units accept the lack of conformance and prepared to write the equipment off sooner.
Once vendors start seeing requests for IPV6 compatible equipment, they will either need to supply it, or watch business go to their competitors.
As far as 'board level governance goes', for the moment it's simply having a strategic plan that leads the organisation towards IPV6, an indicative date to aim for (say 5 years from now - little to fear now), and a statement that the detailed technical work needs to wait until there is enough technology and expertise on site to plan and implement the cutover. Unlike Y2K there's plenty of time to do this without too much shock or fear - but ample time to get infrastructure and skills.
Sonys electronic dice keeps coming up 4 :-)
The vendor who built this system should have used an encoded PIN to tie the SIM to the embedded system it was built into. That way the SIM on it's own is fairly useless without the rest of the electronics.
They also should have had a 'phone home' facility so that whoever is monitoring the system would have noticed when the systems were compromised.
Fitting tamper switches to the enclosure (door opened, removed from pole, etc would have been smart.
Checking the bills on the cards to see where they are calling, how much has been spent, etc would have been smart
That would of course require someone to be routinely monitoring the system (it's not like traffic lights are there to save lives is it) so that things like this are not a surprise.
This really sounds like a system built by the cheapest tenderer - not unusual for a government organisation.
I've purchased GSM SIM cards on plans with no ongoing costs - you only pay for the data transmitted.
If the devices are not reporting frequently, and only need to send short messages indicating faults or general device stats (eg a daily 'all is well' SMS) then the transmission costs are quite low.
Embedded GSM modems are not particularly expensive either. You can buy a SMT GSM module from Sparkfun for under $50, and they are even cheaper wholesale.
The other technologies all need the deployment of a complementary data network. Given that most modern cities have some form of cellular network that is maintained by someone else, cellular is very cost effective.
Isn't it possible that the thieves worked this out, and only targeted the lights with the antennas ?
Have someone perform a risk assessment on the system - and focus on the quantitative aspects (ie what the cost to the community will be if it fails). Make sure that the contract has compensatory and insurance options in excess of those amounts, so that it is in the vendors 'hip pocket' best interests to ensure it does not fail. And of course make sure that the contract has provisions for review, should the potential impacts change or the vendor changes company name, is bought out, etc :-) (yes - i've seen that happen)
You could also have someone do a thorough risk analysis of the system (google up the NIST SP800-30 document) as well as have them supply a complete inventory of hardware, software, and services they will be using to deliver the solution. Again, NIST have an online database where you can look up what vulnerabilities are known for some IT products.
Have the vendor perform a detailed risk analysis of the system - see what they think are problems, and what are not. Where you see gaps - ask them and see what color their faces turn.
Have a look around to see what failures or disasters you have seen in SCADA systems, refer those scenarios to the vendor, and ask them what technical measures they have taken to ensure that a similar act could not happen to them
You should also have your own people clarify and document their own roles and responsibilities with the system - don't assume that you have the resources on hand to manage your side of the situation responsibly - again a risk analysis will help out there.
And of course get it all in writing.
We need to get a list of the so called assets they are puting up for sale, and place bids. If everyone put a formal bid in for $1 for something, and sent them in, we'd have SCO sucking up even more cash.
Considering the other attractive, valuable goods their owners may also have the value of this data to criminals will be quite high.
Of course it is safe (you can trust Apple) and their servers are secure (nobody ever hacked a Mac) and their partners can be trusted (AT&T are a good company).
What racks are they using (at least 42RU in height) ?
How do they get power into these (4 chassis, each with 6 x 15A power inlets) ?
Are they using rack top switches, or is there more equipment?
Are they using liquid cooled doors - if so whose ?
I once tried to get answers from HP on how to power their equipment at this density - they diddn't have a clue. It's worth remembering that each of these chassis has six power supplies, each rated at up to 2.2KW. Even allowing for a 2N configuration, that's a massive amount of power, and a lot of cables.