October 05, 2018

It's Doing it AGAIN?


Posted by: The Brickmuppet at 10:13 AM | Comments (3) | Add Comment
Post contains 4 words, total size 1 kb.

In the U.S., They Say That Only Nixon Could Go to China

In the U.K. well...

Posted by: The Brickmuppet at 07:37 AM | No Comments | Add Comment
Post contains 17 words, total size 1 kb.

October 04, 2018

Trigger Warning: Cooties


Despite the warning, this is really kind of brilliant.

Posted by: The Brickmuppet at 09:01 PM | No Comments | Add Comment
Post contains 12 words, total size 1 kb.

Ha! Ahahahahahahahahah!

The whole site went down.


When I hit "publish" everything went wonky, but this time....THIS TIME when I got that sinking feeling that comes from a post taking too long to publish....THIS  TIME I block selected the whole post and copied. And I did so the instant before I got the 504 code.



And then I pasted it into word.

And now...the blog is back up and the post is below and doesn't have to be rewritten. 

Yay!

Posted by: The Brickmuppet at 08:57 PM | Comments (6) | Add Comment
Post contains 80 words, total size 1 kb.

Are we Surprised? No. (UPDATED)

Are we terrified concerned?


Yes.

It appears that there has been a hack involving at least 30 companies, as well as the D.O.D and C.I.A.

Worse, it's a hardware issue. 

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.


One can assume that this is NOT an isolated incident. This is probably one of many, and  one can infer that very little is now beyond the reach of the CCP. On a global level, it is very likely that all those Chinese funded infrastructure projects in Oceana, Latin America, Africa and South Asia are riddled with similar, and perhaps more hard to detect bugs, possibly embedded into the very structures of the facillities.  

Pretty much every technical advancement made by compromised companies as well as state and military secrets can now be assumed to be in China's possession.

This doesn't mean they know them all yet. The sheer quantity of data that China must now have to sift through is daunting, and to be useful needs to be looked at by people who have enough knowledge in the given subject matter and sufficient imagination to be able to recognize something's merits. Encryption is a further obstacle. However, they probably have at least as big an edge on our Military as we had over the Japanese and German's after breaking or acquiring their respective codes in WW2.

This turn of events should not be the least bit surprising given that our self anointed aristocracy has off-shored much of our electronics manufacture to China (because slave labor is so cheap). Well, as we learned from Google & Facebook, if one finds something exceedingly cheap, one might well be the product.

Of course, knowing is the first step to fixing, so it should be pretty straightforward to correct this right?


Fixing this is beyond daunting.  The expense of pulling out all the old circuit boards is going to be phenomenal and replacing them is subject to the same issue. The complexities of the global supply chain means that tracking down not just the manufacturers, but subcontractors, will be next to impossible. 
Going forward, we may need to have some blockchain certification for all our electronic components, certainly for D.O.D. related applications. This is a sufficient breach of trust with sufficiently troubling ramifications that it ought to remove some of the opposition to restrictions on imports from the Middle Kingdom. 

If oughts were dollars though we would have no debt.

This is outside my ballywick, so I eagerly look forward to the perspectives of commenters on this mess. 

UPDATE: In the comments section, Pixy Misa is expressing considerable skepticism. Pixy is the owner and administrator of the Mee.Nu domain (Praise the lathe of the maker!) and an IT professional himself. He has an extensive disquisition on this topic over at his place that you should read in full

Now. Answer the following question. Did you read Pixy's post?

No: Go back and read it.
Yes: Proceed.

I found the story credible because I already have concerns about China and spying. That something like this could be done seems completely plausible.

However, all other sources I've looked at since posting this have been either rewritten versions of, or link back to, the Bloomberg article with no additional info. The Bloomberg article is anonymously sourced. 

One thing I had not fully grokked, but Pixy mentions extensively, is how LONG this story has been in development. 

The Gell-Mann Amnesia Effect is a very real thing.

To Wit: The following excerpt from the article on the nuts and bolts of the alleged hack sounds plausible to me, partly because it comports with my limited understanding of how these systems work, but mainly because the words, Dilithium, turbo-encabulator, and Midichloreans do not appear anywhere in it. 

Officials familiar with the investigation say the primary role of implants such as these is to open doors that other attackers can go through. "Hardware attacks are about access,” as one former senior official puts it. In simplified terms, the implants on Supermicro hardware manipulated the core operating instructions that tell the server what to do as data move across a motherboard, two people familiar with the chips’ operation say. This happened at a crucial moment, as small bits of the operating system were being stored in the board’s temporary memory en route to the server’s central processor, the CPU. The implant was placed on the board in a way that allowed it to effectively edit this information queue, injecting its own code or altering the order of the instructions the CPU was meant to follow. Deviously small changes could create disastrous effects.
Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code. The illicit chips could do all this because they were connected to the baseboard management controller, a kind of superchip that administrators use to remotely log in to problematic servers, giving them access to the most sensitive code even on machines that have crashed or are turned off.
This system could let the attackers alter how the device functioned, line by line, however they wanted, leaving no one the wiser.  

In the comments, Pixy (who, again, does IT for a living) seemed spectacularly unimpressed with the plausibility of this scenario. 

Over at Medium, one of those linked to in Pixy's piece on the subject has objections , but they are mostly about how on earth this would have been detected, as it would have been an insanely comprehensive audit to detect this. However, he closes with this...
For me, Bloomberg’s article could go either way. The logic of backdooring the BMC makes a lot of sense. Whether it happened in this case — given all the categorical denials — I have no idea.

I will go so far as to say that I think something along these lines is likely to happen at some point, however, if this story does turn out to be bunk then Bloomberg will, via the cry wolf effect will have facilitated the very thing they pretended to report on.

This story is looking sketchy, but for now, we await more info....

Posted by: The Brickmuppet at 07:37 PM | Comments (11) | Add Comment
Post contains 1238 words, total size 10 kb.

October 03, 2018

Houston Shuts Down Robot Brothel


So...someone was opening a brothel in Houston, cleverly cutting down on payroll and getting around local vice laws by replacing their...er...customer service professionals with animatronic Tengas.

The city of Houston, belatedly realizing that there was no law on the books against robo-ho's, sprung into action and passed some updates to their zoning and vice laws.

 Houston is now safe from the shame of being at the forefront of the newest manifestation of the oldest profession. 

As someone with a functional amygdala  who understands that sex doll time shares are as close to objectively disgusting as something as subjective as disgusting can be...


...and perhaps problematic in other ways...

...let me say that this is why we need smaller, less intrusive government. I'm not completely opposed to zoning laws, but this is not a hog farm or an antimatter containment facillity in a downtown, it wasn't going to be oppressing anyone or depriving them of their rights. It was going to be a business making somebody money, making somebody happy and contributing to the tax base of the city to pay for things Houston might need like...flood control. But now, because someone couldn't stand that something they didn't like would be happening behind closed doors, well, a small business never got off the ground. 

I further note that Houston's regulatory dragnet seems to have applied to magical maids with glasses as well...at least at the time of writing. 

Ubu are you OK?

Posted by: The Brickmuppet at 06:57 PM | Comments (6) | Add Comment
Post contains 246 words, total size 2 kb.

Oh. Wow. This Looks...GOOD!?

I think Miles Morales is going to work out just fine.


This is very promising...right up until that point that the trailer becomes sublime.

It looks really fun, and as a special bonus it seems to be completely respectful of Marvel canon.
 
ALL OF THE CANON. 

Oh my stars and garters, this is on my watch list!  

Posted by: The Brickmuppet at 09:14 AM | Comments (2) | Add Comment
Post contains 62 words, total size 1 kb.

October 01, 2018

Boof?




"...I Repeat: Bravo Oscar Oscar Foxtrot. 
All Blue Blaze Irregulars set condition at Defcon Ï€."

Posted by: The Brickmuppet at 06:57 PM | Comments (2) | Add Comment
Post contains 16 words, total size 1 kb.

<< Page 3 of 3 >>
65kb generated in CPU 0.0731, elapsed 0.7568 seconds.
73 queries taking 0.7424 seconds, 398 records returned.
Powered by Minx 1.1.6c-pink.