I'd agree that it's a bit concerning to see that Cisco announces newly found hardcoded credential every month.
On the other hand the reason they are announcing these constantly is that they are actually auditing their devices and their firmware and find these. So that is a good thing as they seem to care about security nowadays and do training etc. to teach their developers _not_ to hardcode shit anymore.
At that point, I am more likely to trust Cisco than the other random vendor who never has any backdoors they fixed...
What reason does this even have to exist, except as a hobby project that is not meant to see the light of day?
I really cannot think of one.
It all started making sense to me when I realized that Felix is one of the Slack Desktop client developers. https://twitter.com/felixriese... says he is also an electron committer/contributor.
This should probably never have seen the light of day but if you consider what a disaster the Slack client is... I am not sure Windows 95 is necessarily much worse...
As the other posters in this thread said: X10 is pretty much dead for other reasons as well. I have never really used X10 much but I've always found it super infuriating to have this noticeable delay between pressing the button and the light actually turning on. It's short enough that it is not causing problems but it is long enough to tell that something is going on. The reason for this is just the slow transmission speed of (IIRC) 20bps. That is terribly slow compared to more modern systems such as Z-Wave.
I never really liked Z-Wave and other protocols though. The technology is fine, but the politics are terrible. It's like every single vendor has decided that they want to own the system and nobody else is allowed to play. Typical example is Philips Hue trying to lock out other vendors such as Osram on their Hub. That was rolled back but it still leaves a bad taste in my mouth.
Since then I've been looking at giving KNX-RF a go which is a professional (read expensive) smart-home standard originally developed in Europe. https://en.wikipedia.org/wiki/... has the details but the nice thing is that it exists for twin wires, wireless and IP. They had a powerline transmission mode but I think that is dead. What I like the most though is that they seem to have managed the cross-vendor functionality very well. Every switch will work with every actuator and the protocol is fully bi-directional.
The only annoying thing I found so far is that there's an entry fee of about thousand buck to buy the programming software...
You can quite clearly see what happened by looking at the pictures presented by the Bavarian newspaper.
http://www.merkur.de/bilder/2016/05/04/6373067/1613361945-unfall-icking-sportwagen-gaulke-PXHG.jpg - You see the curve there in the background? The one behind the black and the white BMWs?
The driver went around that corner in her father's car, lost control and slid off the road into the grass. Probably either distracted, bad driver or just too faster for physics...
Normally not a problem, you probably fucked up the under-carriage a bit and the front bumpers, but nothing a few days in the shop couldn't fix.
But the girl got unlucky. Right after the corner is a small stub road leading into the field for the farm equipment. The black and white BMWs will help with lining up the viewing angles of the pictures.
The car hit the stub road and the effect must have been similar to driving up a ramp for an Evel Knievel styled jump:
http://www.merkur.de/bilder/20...
That allows you to reconstruct the flight path: Lift-off at the stub road, front hits the ground first, momentum carries the car forward and leads to the first roll as the front is still embedded in the field. Car is hitting with the trunk next, still rolling with ample forward momentum which means the car will not be burried in the field but land on the wheels next. And that's where the car came to rest.
You can look at the bumper and other plastic parts strewn all over the place, they match up nicely with that order.
If you now look at the car at rest http://www.merkur.de/bilder/20... and http://www.merkur.de/bilder/20... you'll see how the glass is not completely shattered? This means little impact force onto the passenger cell and most of the impact just hit the front. Not even a direct frontal impact but mostly torsion forces hitting the bottom of the car front from the impact into the field.
Based on all that evidence I'd say the 5 kids in the car were supremely lucky that they hit an empty field in a decent car. The airbags came in very handy, no doubt.
But I think it is a bit premature to claim this shows anything like inherent safety of Tesla or even just that electric cars are safer than over conventional vehicles...
That's purely the marketing department talking...
I predict that the tech industry will not contribute to someone who opposes their agenda.
If I owned any business that hired tech people, I would contribute a token amount to this dude, and more to his opponent. Unless his opponent were more against this whole thing.
But it's way easier to buy someone off now and have him enact the policies you'd want than to wait until the next election and hope for his opponent to make it.
Most companies have understood how to invest and just spend similar amounts of money on both parties. There are minor differences of course in preferences for industries etc. but at the end of the day they do not matter anymore.
Which is of course another reason why voters in the US have the choice between pest or cholera when it's election time and nothing ever really changes anymore.
I predict that this senator will be swimming in campaign contributions from the tech industry in the future.
And of course he'll see the light afterwards and understand how misguided he was as he was lacking crucial information about the desolate state of the US STEM sector and increased allotment of H1B visas is the only short-term solution to the industry's plight...
But of course, long term solutions will be found. Certain industries have already shown that with depressed wages it is indeed cheaper to manufacture certain items in the US again. I am sure a similar solution can be found for the IT industry...
And I am sure you realize that the 2factor Authorization as currently designed and utilized by Apple only protects against your account data being used to purchase things from the AppStore and interact with your account.
Details are at http://support.apple.com/kb/ht5570 and quoting from there:
It requires you to verify your identity using one of your devices before you can take any of these actions:
Sign in to My Apple ID to manage your account
Make an iTunes, App Store, or iBooks Store purchase from a new device
Get Apple ID related support from Apple
All iCloud communication is still unprotected. Bzzzzt. Neeext!
I believe you are misunderstanding the slide in question.
The slide indicates the Google Frontend Servers and has a note saying "SSL Added and removed here!:-)" https://pbs.twimg.com/media/BX1tUzrIIAEsQW3.jpg:large
You believe this means "Google is adding SSL and we're removing it", which is (thank $deity) wrong. We're in big trouble if the NSA could actually decrypt SSL.
What they are saying instead is that encryption is offloaded to the frontend servers and that the backend communication is not encrypted. This makes them smile because that way they can tap the fiber links running between the datacenters and carrying the unencrypted data. That data can then be stored and analyzed.
That makes no sense. Software licensing costs are always prohibitive at scale. For a single machine it doesn't matter if you're adding 1k for the software or not. If you're doing that for 25 machines, it suddenly becomes a lot more important.
There's a bunch of larger websites around which have somewhere between tens and thousands of database servers around. Usually in a replicated setting which is very heavy on reads and has basically no writes which means they shard their databases in such a way that they fit into available memory and reads never go to disk.
In such a setting, your software being free is a very important point. Per server or per core licensing kills you there.
The usual option then is to go with MySQL or PostgreSQL. The latter has only relatively recently gotten acceptable replication so if you've been around a while you nearly always default to MySQL.
If you're at such a size, you either negotiate a very decent support contract or you forgo that anyway and hire the knowledge in house. I do have worked for a company which did both, I do know that at least Facebook has gone for the latter by hiring Domas. No clue what support contracts they do have. Same for Google. If you're at that size, Monty will gladly listen to your needs and Percona will make you a very good deal for support.
Suddenly MySQL or MariaDB looks like a pretty great database with much better support options and costs than Pg or Oracle. Forget about MSSQL, you're not running anything on Windows at scale.
While your experienced copper thief knows about the dangers of stealing power transmission equipment and knows that fiber is useless to a scrapyard there are enough people who do not know.
I do have a bunch of friends living around Johannesburg on a farm who only have wireless internet access as there's always someone who steals the copper cables for the phones.
And they have regular power outages because an idiot just fried himself stealing live wires from a transformator. Sure, one down but how does the saying go? A new idiot is born every day.
And if you have two idiots born on the same day, one will steal live transmission wires and fry himself and another one will steal the fiberglass and be disappointed at the scrapyard. Your internet is down either way at that point...
Slashdot Mirror
I'd agree that it's a bit concerning to see that Cisco announces newly found hardcoded credential every month.
On the other hand the reason they are announcing these constantly is that they are actually auditing their devices and their firmware and find these. So that is a good thing as they seem to care about security nowadays and do training etc. to teach their developers _not_ to hardcode shit anymore.
At that point, I am more likely to trust Cisco than the other random vendor who never has any backdoors they fixed...
What reason does this even have to exist, except as a hobby project that is not meant to see the light of day?
I really cannot think of one.
It all started making sense to me when I realized that Felix is one of the Slack Desktop client developers. https://twitter.com/felixriese... says he is also an electron committer/contributor.
This should probably never have seen the light of day but if you consider what a disaster the Slack client is... I am not sure Windows 95 is necessarily much worse...
As the other posters in this thread said: X10 is pretty much dead for other reasons as well. I have never really used X10 much but I've always found it super infuriating to have this noticeable delay between pressing the button and the light actually turning on. It's short enough that it is not causing problems but it is long enough to tell that something is going on.
The reason for this is just the slow transmission speed of (IIRC) 20bps. That is terribly slow compared to more modern systems such as Z-Wave.
I never really liked Z-Wave and other protocols though. The technology is fine, but the politics are terrible. It's like every single vendor has decided that they want to own the system and nobody else is allowed to play. Typical example is Philips Hue trying to lock out other vendors such as Osram on their Hub. That was rolled back but it still leaves a bad taste in my mouth.
Since then I've been looking at giving KNX-RF a go which is a professional (read expensive) smart-home standard originally developed in Europe. https://en.wikipedia.org/wiki/... has the details but the nice thing is that it exists for twin wires, wireless and IP. They had a powerline transmission mode but I think that is dead. What I like the most though is that they seem to have managed the cross-vendor functionality very well. Every switch will work with every actuator and the protocol is fully bi-directional.
The only annoying thing I found so far is that there's an entry fee of about thousand buck to buy the programming software...
You can quite clearly see what happened by looking at the pictures presented by the Bavarian newspaper.
http://www.merkur.de/bilder/2016/05/04/6373067/1613361945-unfall-icking-sportwagen-gaulke-PXHG.jpg - You see the curve there in the background? The one behind the black and the white BMWs?
The driver went around that corner in her father's car, lost control and slid off the road into the grass. Probably either distracted, bad driver or just too faster for physics...
Normally not a problem, you probably fucked up the under-carriage a bit and the front bumpers, but nothing a few days in the shop couldn't fix. But the girl got unlucky. Right after the corner is a small stub road leading into the field for the farm equipment. The black and white BMWs will help with lining up the viewing angles of the pictures.
The car hit the stub road and the effect must have been similar to driving up a ramp for an Evel Knievel styled jump: http://www.merkur.de/bilder/20...
The car rolled length-wise and must have hit the ground twice before coming to rest on the trashed wheels again. You can see the impact points in the field nicely on http://www.merkur.de/bilder/20... and http://www.merkur.de/bilder/20....
That allows you to reconstruct the flight path: Lift-off at the stub road, front hits the ground first, momentum carries the car forward and leads to the first roll as the front is still embedded in the field. Car is hitting with the trunk next, still rolling with ample forward momentum which means the car will not be burried in the field but land on the wheels next. And that's where the car came to rest.
You can look at the bumper and other plastic parts strewn all over the place, they match up nicely with that order.
If you now look at the car at rest http://www.merkur.de/bilder/20... and http://www.merkur.de/bilder/20... you'll see how the glass is not completely shattered? This means little impact force onto the passenger cell and most of the impact just hit the front. Not even a direct frontal impact but mostly torsion forces hitting the bottom of the car front from the impact into the field.
Based on all that evidence I'd say the 5 kids in the car were supremely lucky that they hit an empty field in a decent car. The airbags came in very handy, no doubt.
But I think it is a bit premature to claim this shows anything like inherent safety of Tesla or even just that electric cars are safer than over conventional vehicles... That's purely the marketing department talking...
I predict that the tech industry will not contribute to someone who opposes their agenda.
If I owned any business that hired tech people, I would contribute a token amount to this dude, and more to his opponent. Unless his opponent were more against this whole thing.
But it's way easier to buy someone off now and have him enact the policies you'd want than to wait until the next election and hope for his opponent to make it.
Most companies have understood how to invest and just spend similar amounts of money on both parties. There are minor differences of course in preferences for industries etc. but at the end of the day they do not matter anymore.
Which is of course another reason why voters in the US have the choice between pest or cholera when it's election time and nothing ever really changes anymore.
I predict that this senator will be swimming in campaign contributions from the tech industry in the future. And of course he'll see the light afterwards and understand how misguided he was as he was lacking crucial information about the desolate state of the US STEM sector and increased allotment of H1B visas is the only short-term solution to the industry's plight... But of course, long term solutions will be found. Certain industries have already shown that with depressed wages it is indeed cheaper to manufacture certain items in the US again. I am sure a similar solution can be found for the IT industry...
And I am sure you realize that the 2factor Authorization as currently designed and utilized by Apple only protects against your account data being used to purchase things from the AppStore and interact with your account.
Details are at http://support.apple.com/kb/ht5570 and quoting from there:
It requires you to verify your identity using one of your devices before you can take any of these actions:
All iCloud communication is still unprotected. Bzzzzt. Neeext!
I believe you are misunderstanding the slide in question.
The slide indicates the Google Frontend Servers and has a note saying "SSL Added and removed here! :-)" https://pbs.twimg.com/media/BX1tUzrIIAEsQW3.jpg:large
You believe this means "Google is adding SSL and we're removing it", which is (thank $deity) wrong. We're in big trouble if the NSA could actually decrypt SSL.
What they are saying instead is that encryption is offloaded to the frontend servers and that the backend communication is not encrypted. This makes them smile because that way they can tap the fiber links running between the datacenters and carrying the unencrypted data. That data can then be stored and analyzed.
MySQL only for small places?
That makes no sense. Software licensing costs are always prohibitive at scale.
For a single machine it doesn't matter if you're adding 1k for the software or not. If you're doing that for 25 machines, it suddenly becomes a lot more important.
There's a bunch of larger websites around which have somewhere between tens and thousands of database servers around. Usually in a replicated setting which is very heavy on reads and has basically no writes which means they shard their databases in such a way that they fit into available memory and reads never go to disk.
In such a setting, your software being free is a very important point. Per server or per core licensing kills you there.
The usual option then is to go with MySQL or PostgreSQL. The latter has only relatively recently gotten acceptable replication so if you've been around a while you nearly always default to MySQL.
If you're at such a size, you either negotiate a very decent support contract or you forgo that anyway and hire the knowledge in house. I do have worked for a company which did both, I do know that at least Facebook has gone for the latter by hiring Domas. No clue what support contracts they do have. Same for Google.
If you're at that size, Monty will gladly listen to your needs and Percona will make you a very good deal for support.
Suddenly MySQL or MariaDB looks like a pretty great database with much better support options and costs than Pg or Oracle. Forget about MSSQL, you're not running anything on Windows at scale.
Good idea, unfortunately useless in practice.
While your experienced copper thief knows about the dangers of stealing power transmission equipment and knows that fiber is useless to a scrapyard there are enough people who do not know.
I do have a bunch of friends living around Johannesburg on a farm who only have wireless internet access as there's always someone who steals the copper cables for the phones.
And they have regular power outages because an idiot just fried himself stealing live wires from a transformator. Sure, one down but how does the saying go? A new idiot is born every day.
And if you have two idiots born on the same day, one will steal live transmission wires and fry himself and another one will steal the fiberglass and be disappointed at the scrapyard. Your internet is down either way at that point...