I found the most interesting part (the second half of the article) was that SiiG has "no interest in supporting optical drives", when the reviewer was having problems using this drive with a SiiG controller.
I guess I can now confirm that I have no interest in buying anything from SiiG.
Sun Microsystems has far more than a couple of years in them. They have too many active customers that could sustain Sun on maintenance fees alone.
I once worked for US West (a local phone company) and they had entire ROOMS full of nothing but SUN equipment - actually running. I worked in IT for them and I still can't imagine what all of these systems did.
Anyway, the article is pretty clear that the new Chip platform is simply being eliminated because it's a needless step inbetween their IV and the new processors that are lining up for release... in 2 years.
So I guess this means I'm feeding a troll that didn't read the article.
The article went on through the whole thing and at the very end it says that the layoffs are not specific to those design teams. This is why I read the article, I found it difficult to imagine them laying off highly skilled engineering teams at that size and scale.
Anyway, I'm very happy to see that they are not planning on putting out an interim processor. I wouldn't take kindly to that as a consumer or enterprise buyer (I've been both).
As a consumer, I don't want to buy something with only a 2 year shelf life (less used product will be available in the future). As an Enterprise buyer - they won't have all the bugs out due to low volume.
They say that no airline crash was ever the result of a single failure. There are always at least three systems, sub-systems, either human, computer (but usually both) that lead to an airline crash.
In the case of HVAC fire systems, there are probably over 500,000 installations of HVAC systems, and these are tested under real fire conditions several times a year (where the type of feedback seen in this blackout investigation is made, each time).
One thing that makes this less desirable from a software marketing standpoint is that in the short-term (early adoption), there is no 'negative' labels, where 8 negative labels means that your program could be considered 'safe' computing.
Further, there are several games that ship with Microsoft DirectX. That modifies your operating system. The program's package can't be labelled without the (wrench icon), unless it comes with installation instructinos about how and where to download the required ActiveX features.
In otherwords, sometimes the labelling will simply get in the way of the whole truth.
50 state governments are in the USA, not to mention countless county and city governments, all of which supply aid in some form to those
with special needs.
Let's describe the job of a Relay
Operator:
No matter what the phone call, or what the
content of that phone call is, the Relay
Operator must, by law continue the
conversation.
When a deaf person is feeling
lonely they might decide to
call a phone entertainment line,
man or woman, having to type this in,
and say what the deaf person types.
Like the job of a relay operator isn't
bad enough, now the operators have
to deal with Nigerian poor grammer while
perpetrating fraud.
I would point out here that UNIX was not Open Source, the BSD branch of UNIX became open source, and Linux was an OpenSource implimentation of several UNIX kernel features. But System V based UNIX (HP/UX, AIX, Solaris, SCO, etc.) are still 100% closed source systems.
I think this is true of any device. Certainly, it's usually possible to downgrade an upgraded product. For Cisco IOS (for instance) it's possible to load an older version of the IOS firmware.
I don't get the point though, once upgraded - the vulnerability (or known backdoor is closed), so a downgrade would, in theory, have to be a concious decision on the part of the administrator of the equipment.
Yeah, but - any Cisco admin worth his salt is rarely faced with a security problem in any form. Most of the vulnerabilities listed for Cisco IOS (my experience with Cisco) have been port blockable - with a notable exception.
That said, the propogation of problems from this will be from people who buy this type of equipment, but don't hire a Cisco admin at all. In Soviet Russia, the wireless network hacks you. That's to say, when I find my network is being 'worked' within the next several months, chances are, it'll be from one of these switches - where someone gave themselves access, and are now attacking me from the parking lot of "joebob-widget-mfg.com".
My comment, "post on slashdot isn't exactly what would qualify as a secret", was really in direct reply to On Lawn's post
Basically I was clarifying both that a 'backdoor password change' and a removal of the backdoor would itself would both require the same firmware be changed by the end user in the same way. This isn't a case of changing an NVRAM* set password, as the backdoor was hard-coded into the firmware.
Of course, it's also interesting that the required code changes to modify a hardcoded password would be far less intrusive (thus my theory in the first post) than completely removing the back-door functionality.
*NVRAM - My familiarity with Cisco products is from a WAN Router IOS software point of view. Userid/Password sets are set in and area of NonVolitile RAM that is not modified when the firmware is updated.
I've only ever had to do a Cisco upgrade once... Yes, it's TFTP, Sorry about that.
Very informative about the wireless firmware upload though. Is it then possible for Cisco to do this remotely through the internet as well? (can you substantiate the post I was originally trying to debunk)?
Efficient routers tell you what the feature is, what the impact is, and there is a physical method by which to defeat the vulnerability (lock the door).
On the other hand, Cisco's backdoor can be accessed remotely and wirelessly. So physical security will not help.
Most Cisco device updates need a local area network available with Simple FTP. SFTP is unreliable over WAN connections (especially one that's brought administratively down for a firmware update).
Of course, these are wireless routers, so the implications may be different.
The problem here is that these routers are WIRELESS. All you need is proximity to use the secret ID. Block my MAC, I tell my MAC to use another address. Block all wireless, then what's the point of having a wireless product.
The advisory (that link in the story) was pretty clear that there isn't a way to disable the use of this backdoor without a firmware upgrade.
Yeah, but their official advisory (pretty easy to get if you are a registered customer), says to install a firmware fix. That fix, be-it an actual removal of the userid/password, or a paranoid password change, is just as installable, either way.
And a post on/. isn't exactly what would qualify as a secret now, is it?
That's the point. If you have a disgruntled employee about to release said exploit, etc. Fire him, change the 'hardcode' password, put out an unappologetic advisory. Have people install the new firmware (with the new password).
Nobody but a few key developers have a clue that the fix is not actually a fix.
It's just a theory, and if you look at my post, I fully admit - it's paranoid.
Slashdot Mirror
Although I fully admit- starting MS Word will (Max CPU) kill a disk record before just raw HD access.
Does anybody have any early reviews on this model? Does this one have problems with SATA controller cards like the model in the article?
I guess I can now confirm that I have no interest in buying anything from SiiG.
I once worked for US West (a local phone company) and they had entire ROOMS full of nothing but SUN equipment - actually running. I worked in IT for them and I still can't imagine what all of these systems did.
Anyway, the article is pretty clear that the new Chip platform is simply being eliminated because it's a needless step inbetween their IV and the new processors that are lining up for release... in 2 years.
So I guess this means I'm feeding a troll that didn't read the article.
Anyway, I'm very happy to see that they are not planning on putting out an interim processor. I wouldn't take kindly to that as a consumer or enterprise buyer (I've been both).
As a consumer, I don't want to buy something with only a 2 year shelf life (less used product will be available in the future). As an Enterprise buyer - they won't have all the bugs out due to low volume.
In the case of HVAC fire systems, there are probably over 500,000 installations of HVAC systems, and these are tested under real fire conditions several times a year (where the type of feedback seen in this blackout investigation is made, each time).
I think this should support Raindance's pointIs it still labelling if I put it at the bottom of my EULA?
Further, there are several games that ship with Microsoft DirectX. That modifies your operating system. The program's package can't be labelled without the (wrench icon), unless it comes with installation instructinos about how and where to download the required ActiveX features.
In otherwords, sometimes the labelling will simply get in the way of the whole truth.
Hook, Modify, Remote Control, Self-Updates and even Stuck.
It's also just one more layer of obfuscation between the scammer and the mark.
50 state governments are in the USA, not to mention countless county and city governments,
all of which supply aid in some form to those with special needs.
Let's describe the job of a Relay Operator:
No matter what the phone call, or what the content of that phone call is, the Relay Operator must, by law continue the conversation.
When a deaf person is feeling lonely they might decide to call a phone entertainment line, man or woman, having to type this in, and say what the deaf person types.
Like the job of a relay operator isn't bad enough, now the operators have to deal with Nigerian poor grammer while perpetrating fraud.
I would point out here that UNIX was not Open Source, the BSD branch of UNIX became open source, and Linux was an OpenSource implimentation of several UNIX kernel features. But System V based UNIX (HP/UX, AIX, Solaris, SCO, etc.) are still 100% closed source systems.
I don't get the point though, once upgraded - the vulnerability (or known backdoor is closed), so a downgrade would, in theory, have to be a concious decision on the part of the administrator of the equipment.
That said, the propogation of problems from this will be from people who buy this type of equipment, but don't hire a Cisco admin at all. In Soviet Russia, the wireless network hacks you. That's to say, when I find my network is being 'worked' within the next several months, chances are, it'll be from one of these switches - where someone gave themselves access, and are now attacking me from the parking lot of "joebob-widget-mfg.com".
I believe that this qualifies as admission of inclusion. (I found this while searching for something else, and thought it appropriate here.)
I had stupid fast typing, so the correction is important.
Don't sweat it - I don't even use the 'enemy' setting.
Basically I was clarifying both that a 'backdoor password change' and a removal of the backdoor would itself would both require the same firmware be changed by the end user in the same way. This isn't a case of changing an NVRAM* set password, as the backdoor was hard-coded into the firmware.
Of course, it's also interesting that the required code changes to modify a hardcoded password would be far less intrusive (thus my theory in the first post) than completely removing the back-door functionality.
*NVRAM - My familiarity with Cisco products is from a WAN Router IOS software point of view. Userid/Password sets are set in and area of NonVolitile RAM that is not modified when the firmware is updated.
Very informative about the wireless firmware upload though. Is it then possible for Cisco to do this remotely through the internet as well? (can you substantiate the post I was originally trying to debunk)?
Yes, Trivial FTP. I've only ever had to do this once. Sorry
On the other hand, Cisco's backdoor can be accessed remotely and wirelessly. So physical security will not help.
Of course, these are wireless routers, so the implications may be different.
The advisory (that link in the story) was pretty clear that there isn't a way to disable the use of this backdoor without a firmware upgrade.
Yeah, but their official advisory (pretty easy to get if you are a registered customer), says to install a firmware fix. That fix, be-it an actual removal of the userid/password, or a paranoid password change, is just as installable, either way.
And a post on /. isn't exactly what would qualify as a secret now, is it?
Nobody but a few key developers have a clue that the fix is not actually a fix.
It's just a theory, and if you look at my post, I fully admit - it's paranoid.