With the bitlocker setup I have on my machine, changes to the boot options will trigger a request for the full encryption key (and not just the PIN). How is the attacker modifying the bootloader, which is verified before the PIN is even requested?
I can understand that this attack would likely still work if the user blindly entered the 48 character recovery key after the altered boot loader was put in place - but for any security aware user, the prompt for this key (including the written warning of why the key is being requested) would alert them to the tampering.
This probably stems from Microsoft wanting to control the storage devices from 'hacking'. This includes both game content (altering the game image, or other game metadata), and video/audio content (removing content protection and copying to a PC).
Blocking different storage methods may not prevent the altering of content, but would likely make it more difficult.
This is only partially accurate. You still have to inform Windows about what configuration you are using (the relationship of each physical monitor to the others). You can also use configurations where the monitors are rotated.
The cool part of AMDs implementation of this is that in SLS mode, the application and desktop just see one very high resolution monitor. This means that games don't have to be multimon aware, and get to use one contiguous frame buffer. If you were to have the monitors in extended desktop mode, you would likely only get games on run on one monitor at a time. If you were able to stretch across multiple monitors, you would likely see 'tearing' of the image at seams between monitors. In SLS, the game/app just scales up, and goes.
The Downside is that there is very little 5700x2160 video content out there (so all you are doing is upscaling). We just need to beg the Imax/Cinerama folks to put content on a torrent.
I am sitting at the launch event right now, looking at a Linux system with 4 of these cards driving a total of 24 monitors. But the more interesting setup is a rear projection system with six projectors. No bevel - it just shows up as one very large high resolution display.
Here is a helpful tidbit. Corporations are made of people, so tax the people (who have a physical presence), and not the corporations (who don't.)
If you have income derived from a corporation, you should pay taxes in your jurisdiction. Since corporations often exist in multiple juridictions, the taxation amount become very confusing, and leads to loopholes. If one jurisdiction becomes a pain in the ass to exist in, then why wouldn't the corporation move?
And to another point: IBM has the potential to service a couple of very large markets (China/India/etc), if those markets could afford the services. Asking a Chinese company to pay the USD rate is often a non-starter. If IBM were to have a presence in China, paying the local employees the going rate, then they have a chance to compete in this market.
Offshoring jobs has the benefit of equalizing markets - making it possible for an expensive market to sell to a growing market. How is that not a Win/Win?
This has more to do with population size than anything else. In smaller communities where people know each other, rules are generally not necessary in order for the majority to assist the minority. Watch what illness or death in a small community does: you will find people providing resources to the survivors to help cope.
In larger communities, we apparently have to create rules in order to provide support to those in need. The problem here, is that those in need don't feel like they are taking from anybody - the rules often create a feeling of entitlement.
I have worked for Microsoft as a contractor. Contractors at Microsoft can only work one year before they are forced to take a one hundred day break. This break was the result of a lawsuit regarding Microsoft having too many contractors, and not hiring them as full time employees. I have watched contractors, who make no less than sixty thousand USD, go on unemployment during this one hundred day break.
I don't appreciate having to contribute to a system where career contractors get a paid three month vacation every year (yes, I know that it isn't exactly every year since the period between cycles is 465 days).
Also, 'searching' for a job is not defined as you would want. Applying for a job not qualified for (say a CEO opening) wouldn't count in my book - but from what I have heard, it does for the sake of unemployment.
I am personally glad that Microsoft secured the patent. It would be a huge nightmare for Microsoft to enforce this patent - but it does prevent some random ass company from surfacing and extorting Microsoft (or anyone else) for the IP covered by this patent.
This is actually a good way for Microsoft to keep the patent trolls at bay.
Yes, I work for Microsoft. No, I don't think Microsoft is completely altruistic.
Depends on what you consider a bug....which is a topic I am sure we all have an opinion on.
When the Zunes failed on 12/31 of last year - information came out that these were 1st generation Zunes which had boilerplate code written by a 3rd party. Microsoft had obviously slammed existing software together with essentially commodity hardware in order to get a product out into the market. This bought time to write the OS from the ground up for Rev++.
Likely, this is what happened with Intel's SSD offerings. Take existing technology, modify for SSD support, and ship a product. After Rev 1 has shipped, you can then modify the firmware to be SSD optimized (most likely done through a near complete firmware re-write), and ship in next version of the hardware. But 'oh shit', we found a bad bug in V1 firmware which causes a wear problem - we can either:
1: Fork the V1 shipping code branch, and do a sustained engineering modification which is likely to be invasive and will probably introduce new bugs.....
...or...
2: Ship the new code we have been testing over the last year as firmware update to the V1 product.
This means that the 'bug' was the whole firmware, and not just a tweak to spread the wear. And as you can expect with a complete re-write, new issues were introduced - such as a rather obscure bug when the BIOS password is changed.
As a side note, I am a bit surprised that anyone even uses disk passwords anymore, when whole disk encryption is available.
One thing that I really dislike about capitalism is the concept of the race to the bottom. I don't blame the system; I blame the consumers. If you always focus on the cheapest price, you get what the airlines are delivering to us now. Less leg room, poorer service, hidden fees - which is essentially the race to the bottom. If it were not for government oversight (something not typically found in pure capitalism) - we would likely be seeing more planes dropping from the skies - as maintenance is a huge cost to the airlines.
I work with top PC OEMs in product design and market competition scenarios. It is exceptionally frustrating to see how entities like Best Buy make up for the gap in PC sales profits. For the most part, Best Buy (I am picking on them, but they are not the only ones) will sell computers at cost, or sometimes below cost. They order machines which hit a price point (say $499 USD), with a decent processor, but crap parts and low RAM amounts. Because of the volume, there is a lot of competition for an OEM to meet the price point and move machines. Often, they themselves do this at cost, and bridge the gap with 'bundled software' - or trial crapware.
So here is the rub - the OEM is counting on the trial software for profits, and they may make $1 for every app they preinstall, and an additional $5 if the user activates (or purchases) the software. Best Buy, on the other hand, intentionally sold a machine with less RAM than it should have. The machine, therefore, runs slow with the crapware and the lack of memory. Time for an upgrade! Sell the user a couple of sticks of overpriced memory, and charge them $99 for a tech to install the memory (5 minute job) and uninstall the trial software (5 min job, as this can be scripted). That $99 + aftermarket memory is a great place for Best Buy to make their profits on the PC sale - that, and extended warranties and huge markup on cables/printer cartridges. However, part of this process is to remove the software that the OEM is counting on to make their gap.
Again, this isn't the fault of capitalism; but having consumers fixate on the price creates these situations. From my perspective, capitalism is where all parties have created win-win situations; where the buyer pays a fair price for the goods provided by the seller. As soon as the buyer fixates only on the price (such as the situation Walmart creates), then we lose the win-win deal, and likely end up with compromises that negatively impact the buyer long run.
The memory may not be bad - or can cause faults under different circumstances. A couple of things to keep in mind:
1: Bad memory won't always cause a bugcheck. It depends on what data is in the bad memory location. Bing "notmyfault.sys", and look at the option to 'randomly corrupt kernel memory'. This utility will show how one driver can corrupt the memory of another driver, and the system will keep running without any issues, or somethimes with funky behaviour. Corrupt the wrong memory on the other hand, and you see your friend the BSOD. Your system may start crashing after installing a new driver, or patching your system - moving the physical location of a binary in memory on future boots.
2: A bad power supply or component overheating can also cause these types of behaviours. These typically happen when you are running something intense, or using more of your system. A game that leverages the GPU may cause the heat in the case to rise, which in turn causes random errors. Or by taxing your system harder, you raise the power draw, and your power supply cannot keep up and begins to introduce dirty power.
I used to work along side the OCA (online crash analysis) team at Microsoft - and one thing that was found when looking through the kernel crash dump files was that systems that are overclocked had a very high instance of having corrupted stack traces. These are a bitch to individually diagnose, because you don't know if another driver on the stack corrupted the memory, or the hardware failed resulting in the corruption.
3: Viruses also cause these types of behaviours, as many try to patch the kernel, which is a moving target.
The easiest way to understand this to look at the Star Wars movies.
Episodes 4,5,6 changed movies and are treasures for what they did. These were 'made' in the 1970s.
Episodes 1,2,3 were made in the late 1990s and early 2000s using much better cinematic technology. These didn't go over so well.
It wasn't the 'eye candy' that made the movies (it helped), it was the story combined with the technology that made the movie. Someone posted here on slashdot once that the best movie for CG was "Forrest Gump", as you never knew what was CG and what was real. The CG allowed the story to be told, and didn't distract from the story.
I have used indexed views in MS-SQL to do this. There are quite a few limitations (including which SKUs support this), but essentially you can pre-aggregate the data on a view which itself is indexed.
Where the hell is image recognition in this area? You would think that we would be able to utilize computers to do much of the slide evaluation, which could go through the dozen or so slides taken for this particular case.
I am interested in seeing what happens over the next few years with the medical industry. If you can provide your symptoms to a computer, which drops the choices down to a short list of problems - these problems can be then further evaluated through specific tests. Might be Crohn's disease? A technician would then use a probe or specific tissue samples to further investigate.
What is odd to me about this is that the network should be able to treat your machine as a black box, and monitor what is coming in and out. Who the hell cares if you are running anti-virus on your personal machine? If, on the other hand, you have a virus which is sending broadcast packets out onto the network, then the IT guys should easily be able to shut down your port.
Computers are going to get viruses and malware just like humans catch viruses and bacterial infections. Anti-virus is only a layer of protection, not protection itself. The focus should be on identifying computers who are spreading sickness to be quarantined, and then offer a charged service to clean up the computer (for those who cannot find a geek to befriend).
So to fill out a patent application, you first need to carefully document what the 'new' idea is, and then keep running it through computerized spoken language translations until all possible case specific meaning is lost?
IDNRTFPA (I did not read... patent application) - but at least many of the patents of old had drawings of the concept so folks had a least a fucking clue as to what the patent applied to.
I can only imagine the poor guy who has to search through existing patents when checking to see if his idea is new.
An observation that Malcolm makes in this book is that most people defer certain topics to people who are good in the subject area. In my life, I married and accountant. I don't think about our finances except when I get in trouble - she takes in the new information and controls that aspect of our life.
My love is for computers and science - and so when there is incoming information about computers, she ignores it and I absorb it. If she has a question later, she will come to me and ask. This is the same for most IT users - they don't need to learn that the "hard drive" isn't the big box with a cdrom and a power button. When something goes wrong, they come find the person who does know how to solve the problem.
I also think that we as humans create stub understandings of topics to help make the picture of the world complete. An example of this would be on the old maps, where out in the ocean would be the statement "Thar be dragons here". In this case, an unknown was replaced with a stub understanding. You see this too here on slashdot, where a technical subject will have depth beyond most of our understandings. We overlay what we do know about the subject, and fill in the gaps with assumptions (thar be dragons). Most of us then post our opinion without really taking into consideration what we are basing off of fact, and what we have assumed.
I always wondered why it wasn't a crime to reveal the identity of an undercover CIA agent on active duty. If it IS a crime, why wasn't Libby or anyone else ever charged with that offense?
I guess this would change the prize structure for the 'Spot the fed' competition at Defcon and Blackhat. Instead of a t-shirt, you get a five year tax payer financed vacation.
Why do you think it is ok to tax the guy who buys something, tax the company they bought it from, and then tax the wages of the company employees?
The government obtains a pound of flesh from the company, regardless of who in the chain above pays the taxes. Having the headquarters move elsewhere means you cannot tax the employees - and depending on the circumstances, you might not be able to tax the buyer either.
So yeah, taxing two out of three is a "big advantage" over taxing zero (or at best, one) out of three.
Whew! I thought we were going to need to have a bailout plan for the Ethernet cable industry. Fortunately RAO industry will keep these companies alive!
I don't think you know your leaks very well. If it were planned, it would have been a leaked internal document/email.
What is happening here is an exec betting that Microsoft won't retaliate against this leak - and likely they won't. Acer is an important OEM to Microsoft.
Slashdot Mirror
With the bitlocker setup I have on my machine, changes to the boot options will trigger a request for the full encryption key (and not just the PIN). How is the attacker modifying the bootloader, which is verified before the PIN is even requested?
I can understand that this attack would likely still work if the user blindly entered the 48 character recovery key after the altered boot loader was put in place - but for any security aware user, the prompt for this key (including the written warning of why the key is being requested) would alert them to the tampering.
This probably stems from Microsoft wanting to control the storage devices from 'hacking'. This includes both game content (altering the game image, or other game metadata), and video/audio content (removing content protection and copying to a PC).
Blocking different storage methods may not prevent the altering of content, but would likely make it more difficult.
At their launch event, they saved the largest surface area for Linux (6x4 matrix = 24 monitors total).
This is only partially accurate. You still have to inform Windows about what configuration you are using (the relationship of each physical monitor to the others). You can also use configurations where the monitors are rotated.
The cool part of AMDs implementation of this is that in SLS mode, the application and desktop just see one very high resolution monitor. This means that games don't have to be multimon aware, and get to use one contiguous frame buffer. If you were to have the monitors in extended desktop mode, you would likely only get games on run on one monitor at a time. If you were able to stretch across multiple monitors, you would likely see 'tearing' of the image at seams between monitors. In SLS, the game/app just scales up, and goes.
The Downside is that there is very little 5700x2160 video content out there (so all you are doing is upscaling). We just need to beg the Imax/Cinerama folks to put content on a torrent.
I am sitting at the launch event right now, looking at a Linux system with 4 of these cards driving a total of 24 monitors. But the more interesting setup is a rear projection system with six projectors. No bevel - it just shows up as one very large high resolution display.
Here is a helpful tidbit. Corporations are made of people, so tax the people (who have a physical presence), and not the corporations (who don't.)
If you have income derived from a corporation, you should pay taxes in your jurisdiction. Since corporations often exist in multiple juridictions, the taxation amount become very confusing, and leads to loopholes. If one jurisdiction becomes a pain in the ass to exist in, then why wouldn't the corporation move?
And to another point: IBM has the potential to service a couple of very large markets (China/India/etc), if those markets could afford the services. Asking a Chinese company to pay the USD rate is often a non-starter. If IBM were to have a presence in China, paying the local employees the going rate, then they have a chance to compete in this market.
Offshoring jobs has the benefit of equalizing markets - making it possible for an expensive market to sell to a growing market. How is that not a Win/Win?
If we can help them out, why not?
This has more to do with population size than anything else. In smaller communities where people know each other, rules are generally not necessary in order for the majority to assist the minority. Watch what illness or death in a small community does: you will find people providing resources to the survivors to help cope.
In larger communities, we apparently have to create rules in order to provide support to those in need. The problem here, is that those in need don't feel like they are taking from anybody - the rules often create a feeling of entitlement.
I have worked for Microsoft as a contractor. Contractors at Microsoft can only work one year before they are forced to take a one hundred day break. This break was the result of a lawsuit regarding Microsoft having too many contractors, and not hiring them as full time employees. I have watched contractors, who make no less than sixty thousand USD, go on unemployment during this one hundred day break.
I don't appreciate having to contribute to a system where career contractors get a paid three month vacation every year (yes, I know that it isn't exactly every year since the period between cycles is 465 days).
Also, 'searching' for a job is not defined as you would want. Applying for a job not qualified for (say a CEO opening) wouldn't count in my book - but from what I have heard, it does for the sake of unemployment.
Are you really calling Microsoft a patent troll for requiring a license to use the Fat32 file system?
I think my definition of 'patent troll' differs from yours.
What - you planning on running RTM bits forever? Can't patch your machine?
I am personally glad that Microsoft secured the patent. It would be a huge nightmare for Microsoft to enforce this patent - but it does prevent some random ass company from surfacing and extorting Microsoft (or anyone else) for the IP covered by this patent.
This is actually a good way for Microsoft to keep the patent trolls at bay.
Yes, I work for Microsoft. No, I don't think Microsoft is completely altruistic.
Depends on what you consider a bug....which is a topic I am sure we all have an opinion on.
When the Zunes failed on 12/31 of last year - information came out that these were 1st generation Zunes which had boilerplate code written by a 3rd party. Microsoft had obviously slammed existing software together with essentially commodity hardware in order to get a product out into the market. This bought time to write the OS from the ground up for Rev++.
Likely, this is what happened with Intel's SSD offerings. Take existing technology, modify for SSD support, and ship a product. After Rev 1 has shipped, you can then modify the firmware to be SSD optimized (most likely done through a near complete firmware re-write), and ship in next version of the hardware. But 'oh shit', we found a bad bug in V1 firmware which causes a wear problem - we can either:
1: Fork the V1 shipping code branch, and do a sustained engineering modification which is likely to be invasive and will probably introduce new bugs.....
...or...
2: Ship the new code we have been testing over the last year as firmware update to the V1 product.
This means that the 'bug' was the whole firmware, and not just a tweak to spread the wear. And as you can expect with a complete re-write, new issues were introduced - such as a rather obscure bug when the BIOS password is changed.
As a side note, I am a bit surprised that anyone even uses disk passwords anymore, when whole disk encryption is available.
Asus admits this wasn't necessarily stable, but still - that's fast.
Car analogy: Isn't this like having a really fast car with really shitty steering? Great, you go fast - up until you don't.
One thing that I really dislike about capitalism is the concept of the race to the bottom. I don't blame the system; I blame the consumers. If you always focus on the cheapest price, you get what the airlines are delivering to us now. Less leg room, poorer service, hidden fees - which is essentially the race to the bottom. If it were not for government oversight (something not typically found in pure capitalism) - we would likely be seeing more planes dropping from the skies - as maintenance is a huge cost to the airlines.
I work with top PC OEMs in product design and market competition scenarios. It is exceptionally frustrating to see how entities like Best Buy make up for the gap in PC sales profits. For the most part, Best Buy (I am picking on them, but they are not the only ones) will sell computers at cost, or sometimes below cost. They order machines which hit a price point (say $499 USD), with a decent processor, but crap parts and low RAM amounts. Because of the volume, there is a lot of competition for an OEM to meet the price point and move machines. Often, they themselves do this at cost, and bridge the gap with 'bundled software' - or trial crapware.
So here is the rub - the OEM is counting on the trial software for profits, and they may make $1 for every app they preinstall, and an additional $5 if the user activates (or purchases) the software. Best Buy, on the other hand, intentionally sold a machine with less RAM than it should have. The machine, therefore, runs slow with the crapware and the lack of memory. Time for an upgrade! Sell the user a couple of sticks of overpriced memory, and charge them $99 for a tech to install the memory (5 minute job) and uninstall the trial software (5 min job, as this can be scripted). That $99 + aftermarket memory is a great place for Best Buy to make their profits on the PC sale - that, and extended warranties and huge markup on cables/printer cartridges. However, part of this process is to remove the software that the OEM is counting on to make their gap.
Again, this isn't the fault of capitalism; but having consumers fixate on the price creates these situations. From my perspective, capitalism is where all parties have created win-win situations; where the buyer pays a fair price for the goods provided by the seller. As soon as the buyer fixates only on the price (such as the situation Walmart creates), then we lose the win-win deal, and likely end up with compromises that negatively impact the buyer long run.
The memory may not be bad - or can cause faults under different circumstances. A couple of things to keep in mind:
1: Bad memory won't always cause a bugcheck. It depends on what data is in the bad memory location. Bing "notmyfault.sys", and look at the option to 'randomly corrupt kernel memory'. This utility will show how one driver can corrupt the memory of another driver, and the system will keep running without any issues, or somethimes with funky behaviour. Corrupt the wrong memory on the other hand, and you see your friend the BSOD. Your system may start crashing after installing a new driver, or patching your system - moving the physical location of a binary in memory on future boots.
2: A bad power supply or component overheating can also cause these types of behaviours. These typically happen when you are running something intense, or using more of your system. A game that leverages the GPU may cause the heat in the case to rise, which in turn causes random errors. Or by taxing your system harder, you raise the power draw, and your power supply cannot keep up and begins to introduce dirty power.
I used to work along side the OCA (online crash analysis) team at Microsoft - and one thing that was found when looking through the kernel crash dump files was that systems that are overclocked had a very high instance of having corrupted stack traces. These are a bitch to individually diagnose, because you don't know if another driver on the stack corrupted the memory, or the hardware failed resulting in the corruption.
3: Viruses also cause these types of behaviours, as many try to patch the kernel, which is a moving target.
The easiest way to understand this to look at the Star Wars movies.
Episodes 4,5,6 changed movies and are treasures for what they did. These were 'made' in the 1970s.
Episodes 1,2,3 were made in the late 1990s and early 2000s using much better cinematic technology. These didn't go over so well.
It wasn't the 'eye candy' that made the movies (it helped), it was the story combined with the technology that made the movie. Someone posted here on slashdot once that the best movie for CG was "Forrest Gump", as you never knew what was CG and what was real. The CG allowed the story to be told, and didn't distract from the story.
I have used indexed views in MS-SQL to do this. There are quite a few limitations (including which SKUs support this), but essentially you can pre-aggregate the data on a view which itself is indexed.
Where the hell is image recognition in this area? You would think that we would be able to utilize computers to do much of the slide evaluation, which could go through the dozen or so slides taken for this particular case.
I am interested in seeing what happens over the next few years with the medical industry. If you can provide your symptoms to a computer, which drops the choices down to a short list of problems - these problems can be then further evaluated through specific tests. Might be Crohn's disease? A technician would then use a probe or specific tissue samples to further investigate.
What is odd to me about this is that the network should be able to treat your machine as a black box, and monitor what is coming in and out. Who the hell cares if you are running anti-virus on your personal machine? If, on the other hand, you have a virus which is sending broadcast packets out onto the network, then the IT guys should easily be able to shut down your port.
Computers are going to get viruses and malware just like humans catch viruses and bacterial infections. Anti-virus is only a layer of protection, not protection itself. The focus should be on identifying computers who are spreading sickness to be quarantined, and then offer a charged service to clean up the computer (for those who cannot find a geek to befriend).
So to fill out a patent application, you first need to carefully document what the 'new' idea is, and then keep running it through computerized spoken language translations until all possible case specific meaning is lost?
... patent application) - but at least many of the patents of old had drawings of the concept so folks had a least a fucking clue as to what the patent applied to.
IDNRTFPA (I did not read
I can only imagine the poor guy who has to search through existing patents when checking to see if his idea is new.
An observation that Malcolm makes in this book is that most people defer certain topics to people who are good in the subject area. In my life, I married and accountant. I don't think about our finances except when I get in trouble - she takes in the new information and controls that aspect of our life.
My love is for computers and science - and so when there is incoming information about computers, she ignores it and I absorb it. If she has a question later, she will come to me and ask. This is the same for most IT users - they don't need to learn that the "hard drive" isn't the big box with a cdrom and a power button. When something goes wrong, they come find the person who does know how to solve the problem.
I also think that we as humans create stub understandings of topics to help make the picture of the world complete. An example of this would be on the old maps, where out in the ocean would be the statement "Thar be dragons here". In this case, an unknown was replaced with a stub understanding. You see this too here on slashdot, where a technical subject will have depth beyond most of our understandings. We overlay what we do know about the subject, and fill in the gaps with assumptions (thar be dragons). Most of us then post our opinion without really taking into consideration what we are basing off of fact, and what we have assumed.
I always wondered why it wasn't a crime to reveal the identity of an undercover CIA agent on active duty. If it IS a crime, why wasn't Libby or anyone else ever charged with that offense?
I guess this would change the prize structure for the 'Spot the fed' competition at Defcon and Blackhat. Instead of a t-shirt, you get a five year tax payer financed vacation.
Taxes.
Why do you think it is ok to tax the guy who buys something, tax the company they bought it from, and then tax the wages of the company employees?
The government obtains a pound of flesh from the company, regardless of who in the chain above pays the taxes. Having the headquarters move elsewhere means you cannot tax the employees - and depending on the circumstances, you might not be able to tax the buyer either.
So yeah, taxing two out of three is a "big advantage" over taxing zero (or at best, one) out of three.
Whew! I thought we were going to need to have a bailout plan for the Ethernet cable industry. Fortunately RAO industry will keep these companies alive!
Even better than mispelling is a well crafted ambigious use of 'lose' and 'loose'.
For example: "The Acer leak of the Win7 launch date caused Microsoft to loose this secret information."
This will cause many readers to reparse your sentence a couple of times trying to figure out what you really mean.
I don't think you know your leaks very well. If it were planned, it would have been a leaked internal document/email.
What is happening here is an exec betting that Microsoft won't retaliate against this leak - and likely they won't. Acer is an important OEM to Microsoft.
Meanwhile, Acer gets free publicity.