mersenneforum.org  

Go Back   mersenneforum.org > Extra Stuff > Soap Box

Reply
 
Thread Tools
Old 2020-06-16, 01:00   #287
kladner
 
kladner's Avatar
 
"Kieren"
Jul 2011
In My Own Galaxy!

97×103 Posts
Default

Quote:
Originally Posted by retina View Post
Quote:
I would be perfectly happy with a five-year update cycle for my refrigerator
I would be perfectly happy with a refrigerator which had controls and did not need updates. Same with vacuum cleaners, speakers, and who knows what other things which should not need to call home to keep functioning. "Honey, my chainsaw needs a BIOS update." This smiley should not be smiling. Rolling the eyes is not a humorous gesture.
kladner is offline   Reply With Quote
Old 2020-06-22, 08:31   #288
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

52·229 Posts
Default Yay. More trouble in paradise

https://www.tomsguide.com/news/ripple20-iot-flaws
Quote:
Millions of smart-home, networking and other so-called Internet of Things devices, including HP and Samsung printers and even the IT-management components on enterprise-grade PCs using Intel CPUs, are vulnerable to hacking over the internet -- and sadly, many of those devices may never be patched.

Researchers at Israeli cybersecurity firm JSOF discovered 19 separate vulnerabilities in a two-decade-old small TCP/IP stack — a networking-software code library — developed by U.S. company Treck, Inc.
So who is affected?
Quote:
"A single vulnerable component, though it may be relatively small in and of itself, can ripple outward to impact a wide range of industries, applications, companies, and people," the JSOF report says. "Affected vendors range from one-person boutique shops to Fortune 500 multinational corporations."

Unfortunately, it's not that easy to identify which devices are vulnerable to the Ripple20 flaws. JSOF said it "will be providing scripts for the identification of products running Treck upon request" and provides a contact email address at ripple20@jsof-tech.com, but it's not clear who will get to see the information.
So what is the solution?
Quote:
[crickets]
retina is online now   Reply With Quote
Old 2020-06-23, 20:34   #289
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

2×13×443 Posts
Default

Quote:
Originally Posted by retina View Post
https://www.tomsguide.com/news/ripple20-iot-flaws So who is affected?So what is the solution?
I think they misspelled the company's name, it clearly should be "Dreck Inc.", not "Treck".
ewmayer is offline   Reply With Quote
Old 2020-07-19, 03:30   #290
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

165D16 Posts
Default Remotely bricked

https://www.theregister.com/2020/07/...off_explained/
Quote:
It was speculated by netizens and some media reports that a HTTPS certificate error was to blame. However, it's been suggested to The Register that the cause of the failure was an XML file downloaded by the network-connected devices from Samsung servers during periodic logging policy checks.
And connecting to the Internet wasn't to help the owner in any way, it was to spy on them.
Quote:
One thing you have to understand is that these internet-connected Blu-ray players in question are programmed to log their activities and send copies of this information to Samsung. This telemetry is sent to the tech giant's servers when the player's firmware is told to check for a software update. These logs include things like when you opened, say, the Netflix app and when you closed it on the player.
And the fix?
Quote:
"We are aware of the boot loop issue that appeared on certain 2015 Samsung Blu-Ray players and are offering free mail-in repairs to customers who have been impacted,"
So no problem, just go through all the time wasting and hassle of packaging and sending it, and experience the joy of no longer having "your" device for use while you wait for it to be returned.
retina is online now   Reply With Quote
Old 2020-07-19, 14:05   #291
kriesel
 
kriesel's Avatar
 
"TF79LL86GIMPS96gpu17"
Mar 2017
US midwest

23·19·29 Posts
Default

Quote:
Originally Posted by retina View Post
https://www.theregister.com/2020/07/...off_explained/ And connecting to the Internet wasn't to help the owner in any way, it was to spy on them.And the fix?So no problem, just go through all the time wasting and hassle of packaging and sending it, and experience the joy of no longer having "your" device for use while you wait for it to be returned.
Reminds me of a printer design error I encountered a while back. On first powerup out of the box, complete its system configuration. If not completed in the first powerup, it's bricked, back to the factory it goes, zero pages printed in its life. Designing for end users to RTFM first and follow directions flawlessly and power to be perfect for the duration was a poor and costly design decision. Which unfortunately multiple manufacturers seem to have made alike. I've seen it in the past few years from both Canon and Epson; no data on other brands.

Last fiddled with by kriesel on 2020-07-19 at 14:07
kriesel is online now   Reply With Quote
Old 2020-07-19, 14:27   #292
Dr Sardonicus
 
Dr Sardonicus's Avatar
 
Feb 2017
Nowhere

3,457 Posts
Default

Quote:
Originally Posted by kriesel View Post
Reminds me of a printer design error I encountered a while back. On first powerup out of the box, complete its system configuration. If not completed in the first powerup, it's bricked, back to the factory it goes, zero pages printed in its life. Designing for end users to RTFM first and follow directions flawlessly and power to be perfect for the duration was a poor and costly design decision. Which unfortunately multiple manufacturers seem to have made alike. I've seen it in the past few years from both Canon and Epson; no data on other brands.
Usually, an "error" is made inadvertently. This practice would seem to be deliberate, which begs the question, "Why would they do that?"

I assume the problem is "costly" because the makers are picking up the tab for getting the "out of the box" problem fixed.

So why would they deliberately arrange matters so their printers are unnecessarily difficult to set up, and appallingly inconvenient to have fixed if anything goes wrong during setup? It wouldn't seem to make any sense.

But the thought did occur to me, that this may be a "stupidity test." If customers are willing to accept this state of affairs (rather than, say, marching en masse on the offending companies' corporate headquarters and burning them to the ground), then the companies can count on being able to pile it higher and deeper on their victims customers.
Dr Sardonicus is offline   Reply With Quote
Old 2020-07-19, 14:38   #293
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

52×229 Posts
Default

Quote:
Originally Posted by Dr Sardonicus View Post
But the thought did occur to me, that this may be a "stupidity test." If customers are willing to accept this state of affairs (rather than, say, marching en masse on the offending companies' corporate headquarters and burning them to the ground), then the companies can count on being able to pile it higher and deeper on their victims customers.
It is just laziness and arrogance on the manufacturers part. And it is perpetuated when they see that those "stupid lusers" actually don't have a real choice since all the manufacturers are the same.
retina is online now   Reply With Quote
Old 2020-08-09, 06:20   #294
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

10110010111012 Posts
Default It's okay because it was an "accident"

https://www.theregister.com/2020/08/08/ai_in_brief/
Quote:
Your Google Home speaker may have been quietly recording sounds around your house without your permission or authorization, it was revealed this week.

The Chocolate Factory admitted it had accidentally turned on a feature that allowed its voice-controlled AI-based assistant to activate and snoop on its surroundings. Normally, the device only starts actively listening in and making a note of what it hears after it has heard wake words, such as “Ok, Google” or “Hey, Google,” for privacy reasons. Prior to waking, it's constantly listening out for those words, but is not supposed to keep a record of what it hears.

Yet punters noticed their Google Homes had been recording random sounds, without any wake word uttered, when they started receiving notifications on their phone that showed the device had heard things like a smoke alarm beeping, or glass breaking in their homes – all without giving their approval.

Google said the feature had been accidentally turned on during a recent software update, and it has now been switched off, Protocol reported. It may be that this feature is or was intended to be used for home security at some point: imagine the assistant waking up whenever it hears a break in, for instance. Google just bought a $450m, or 6.6 per cent, stake in anti-burglary giant ADT
We pinky swear that "accidents" like this will never happen again. Please ignore all the previous times we already said that, this time it's for reals, promise.
retina is online now   Reply With Quote
Old 2020-08-09, 19:53   #295
kriesel
 
kriesel's Avatar
 
"TF79LL86GIMPS96gpu17"
Mar 2017
US midwest

23·19·29 Posts
Default

Quote:
Originally Posted by Dr Sardonicus View Post
But the thought did occur to me, that this may be a "stupidity test." If customers are willing to accept this state of affairs (rather than, say, marching en masse on the offending companies' corporate headquarters and burning them to the ground), then the companies can count on being able to pile it higher and deeper on their victims customers.
It's a stupidity test all right, but applied more to the company's stockholders than to its now former prospective customers. Wasting a tech support person's time, and the retail store's time, and the company's cost to round trip ship and repair, seems a high price to pay for stupid code design and no paper-clip-wire hole to access a factory-reset switch. The shippers do well as a result though.
Marching across an ocean to Canon corporate headquarters did not occur as practical to me, considering it only cost me hours to select, buy, haul, unpack, try, consult tech support, repack, and return the bad printer and extra black toner cartridge for a 100% refund, then go elsewhere to buy a different manufacturer's printer, and very warily start it up.
The farce may have been foisted on multiple printer manufacturers by some contract software firm in another country that "had a better idea" and bare bones pricing.
Note, life span of companies is shrinking. Pure coincidence I'm sure, nothing to do with putting MBAs and lawyers in charge of technology dependent companies and outsourcing globally to people who don't know your product or market or culture, ensuring in-house expertise is lost and not replaced. https://economictimes.indiatimes.com...w/50775384.cms
https://www.bcg.com/en-ch/publicatio...f-corporations
https://www.cnbc.com/2017/08/24/tech...-20-years.html

Another head-shaker is what drek passes for documentation these days.

Last fiddled with by kriesel on 2020-08-09 at 20:05
kriesel is online now   Reply With Quote
Old 2020-08-10, 12:01   #296
Dr Sardonicus
 
Dr Sardonicus's Avatar
 
Feb 2017
Nowhere

66018 Posts
Default

Quote:
Originally Posted by kriesel View Post
The farce may have been foisted on multiple printer manufacturers by some contract software firm in another country that "had a better idea" and bare bones pricing.
That sounds reasonably likely.
Quote:
Another head-shaker is what drek passes for documentation these days.
That's been true, and getting truer, for decades, even in the most mundane items. It was decades ago now, my mom's brother gave her an electric blow-dryer. Mom called me and said I had to see the instructions. Her favorite of the lot: "Do not use while sleeping." A lot of the directions were in "jinglish."

I recently bought a lawnmower. I wound up calling the manufacturer because the dealer had overfilled the crankcase with oil. I had already drained the excess (they'd put 20 ounces in a crankcase that holds 15 ounces), but was curious about what would have happened if I had started it up overfilled. The nice lady rep I talked to informed me that it would have blown a lot of white smoke, but the engine (and, to my mind, more importantly the warranty) would have been OK. (Note, however, that if you try running the engine with no oil, both the engine and warranty will be destroyed.) She also said that this overfilling by dealers is a common problem, caused in part by the fact that the manufacturer supplies the oil in bottles that contain more oil than the engines hold. It seems most times the customer just starts it up anyway, but when they detect the problem beforehand and call with concerns about it, "I tell them to do what you did."

My mower has a Briggs and Stratton engine that will very likely far outlast the rest of the mower. So much so, it says right on the outside of the case that you never need to change the oil -- "Just check and add." The first thing I had to do was check and subtract. The rep assured me that many people are now intimidated by changing the oil in a lawnmower. It has been made more difficult by the fact that there's no drain plug underneath, so you have to run it out of fuel before you tip the mower to drain the oil. But I'm a total klutz, and I can do it, so anyone can.

I had another question that surprised the rep: How much does the fuel tank hold? It wasn't in the manual. A Google search had only disclosed a tentative answer. That lady was good, but this brought her to an impasse. She looked and looked, and found that a number of different fuel tanks were used in the model I had. She said the only way to be certain was to find the number stamped on the outside of the tank and look it up at Briggs and Stratton. I opted for an alternate method -- a Pyrex measuring cup and a clean funnel designed for use with gasoline.

Speaking of fuel, and crappy documentation, the documentation for my mower says you can use up to E10 gasohol. Not me. Heck, the people who sell mowers, weed whackers etc. will tell you that using ethanol-free gas helps avoid lots of maintenance problems, especially with carburetors. The grass and the weeds do not stop growing while your machine is being serviced. By consulting a list of stations that sell ethanol-free gasoline in the U.S. and Canada I found a gas station fairly close to where I live that sells the good stuff.

BTW, in the "offering convenience is a license to print money" department, it seems another thing that intimidates a lot of people these days is mixing gasoline and 2-cycle oil as "premix" for use in 2-cycle engines for chain saws, weed whackers, etc. Stihl, which makes such things, offers "Motomix" premix. I've seen Motomix offered at six dollars a quart. And God knows how long it sits on the shelf before purchase.
Dr Sardonicus is offline   Reply With Quote
Old 2020-08-10, 12:24   #297
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

52×229 Posts
Default

https://www.zdnet.com/article/smart-...a-mac-address/
Quote:
"Even with safety-critical systems like locks and furnaces, there is little in the way of requirements to make the products secure, and there is even less security oversight," Young said. "As we've seen with Mirai and other IoT botnets, devices on the Internet do not even need to be safety critical to wreak havoc when they fail."

Tripwire's findings build upon a slew of critical issues discovered in the UltraLoq by Pen Test Partners. In June 2019, the penetration testing company disclosed mobile app API security failures leading to user information exposure, as well as the means to reset lock PINs, thereby potentially locking a victim out of their own property -- or granting attackers access. It was also possible to pick the lock locally over Bluetooth in what the researchers called a "trivial" attack.
retina is online now   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet down question ctteg Information & Answers 2 2018-03-13 17:57
DSL Internet Disconnection Issues Stargate38 Hardware 15 2013-12-14 17:47
PCs not connected to internet kdelisle2005 Software 3 2011-06-22 03:09
Too Much Internet Access. M0CZY Software 3 2005-10-17 15:41
LL Tests Over Internet JuanTutors Software 6 2004-08-17 12:09

All times are UTC. The time now is 15:26.

Sat Sep 19 15:26:53 UTC 2020 up 9 days, 12:37, 1 user, load averages: 1.35, 1.42, 1.41

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.