Forgot your password?
typodupeerror

Comment: This story refers to NIST SP 800-147 (Score 1) 698

by Old time hacker (#45714395) Attached to: NSA Says It Foiled Plot To Destroy US Economy Through Malware

The NSA has been involved with NIST and industry to produce a series of NIST Special Publications ( http://csrc.nist.gov/publications/PubsSPs.html ) which include BIOS security. This includes 800-147, 800-147B, 800-155, 800-164 etc.

I have no idea how many manufacturers implement these -- but there are some really gnarly issues there. It isn't even clear what BIOS means in the context of a blade server with multiple processors, management engines etc.

The TL;DR for these specs is that a BIOS update should not be accepted by the system if it is not signed by the BIOS manufacturer. This is a step in the right direction. Of course, it doesn't protect you from someone with access to the BIOS signing keys for a particular BIOS vendor (and there aren't many BIOS vendors around). I don't think that if 800-147 is implemented that it makes anything easier for the NSA, except that it might engender a false sense of security.

Comment: Re:Hiring a 50-year old... (Score 2) 317

by Old time hacker (#41872737) Attached to: Why Coding At Fifty May Be Nifty

As a fifty+ year old coder/designer/architect, I just went back to do another startup where I get to write code again and to mentor the rest of the team. The reason to write code is that I want to build something and have it used by customers (preferably paying ones). I can have the biggest impact in a small startup where we want to change the world (or at least a small, profitable, segment of it!)

At 50+, your priorities do change somewhat -- family and kids are more important -- but these all encourage you to work smarter rather than longer. You also gain (through experience) an intuitive feel for what will work, and what will not.

Comment: Re:Huh? (Score 2) 104

by Old time hacker (#36686548) Attached to: IETF Mulls Working Group For IPv6 Home Networking

It also might mean they don't fancy going against a router model made up of bsd and linux software-based routers on appliance hardware in the home market.

As far as I know, most of the home routers today are based on open source platforms. [Yes, I know that some models use proprietary operating systems as it allows less RAM to be provided on the box]

I'm just about to install networked thermostats into my house. The current model is that it connects to a central server somewhere, and, in order to control my thermostat, I also have to connect to that site. This is crazy. I should be able to talk directly to my thermostat (over v6) from my smartphone (without needing to type in a v6 address!) Somehow my home firewall (without configuration) has to know that it can let my traffic in, but not other people who want to change the setting on my thermostat.

The trick is finding a way to make this happen securely and without configuration. On the face of it, this seems like a challenging task.

Philip

Comment: Why not turn it around? (Score 1) 300

by Old time hacker (#34263828) Attached to: MPAA Dismisses COICA Free Speech Concerns

If legislation is passed that requires websites to be shutdown based on copyright infringement accusations, then I doubt that any of the RIAA member companies websites would last for long. They use a vast amount of copyrighted material all the way from the music that they think they have rights to (but what about all the samples used) down to the individual icons used on a web page, and the javascript to control the cheesy animations. If *any* one of these is used without permission, then it is a copyright violation.

I know websites that have ripped off my work (though I normally grant free permission if they ask in advance).

The bigger they are, the harder they fall.

Comment: Get a used Analog Scope (Score 2, Interesting) 337

by Old time hacker (#33133228) Attached to: Oscilloscopes For Modern Engineers?

I picked up a used Tektronix 7904 for under $100. Of course, the four probes that I needed cost rather more than the scope, but that's life. The 7904 (with the modules that I have) is a 350MHz unit -- which is great for doing radio work. This setup could easily have cost $10k new.

Buy one of these online and the shipping will kill you. You need to find someone local who wants to get rid of one.

Real Users never know what they want, but they always know when your program doesn't deliver it.

Working...