Wednesday, April 30, 2014

Programming Sucks

All programming teams are constructed by and of crazy people

DRAM: Go wide for bandwidth


Tuesday, April 29, 2014

Norway spy for NSA

 One part of the memo is titled «What the partner provides to NSA».  Among the bullet points, it mentions:
• «Access to Russian targets in the Kola Peninsula»
• «Reports on Russian civilian targets of mutual targets, particularly Russian energy policy»

Under the heading «success stories», NSA states that the agency is working together with the NIS to «expand and deepen the intelligence exchange, focusing on report sharing and target development on Russian political, natural resources and energy issues (...)».

The NSA document do not reveal the exact information that has been collected or the details of what and who the exact targets are, but Dagbladet's sources confirm that the NIS is conducting surveillance against politicians in Russia.

Monday, April 28, 2014

Norwegian spies get supercomputer

 (Dagbladet): The Norwegian military intelligence service collects vast amounts of signal intelligence, known as «sigint». In Afghanistan alone NIS collected 33 million registrations from telecommunication during 30 days around Christmas 2012, according to their own revelations.

The news bit is that IBM will start selling BlueGene/Q systems to other customers starting in the first quarter of 2012. Herring did not provide pricing, but said that Big Blue would charge "millions of dollars per rack." And, as it turns out, the 5D torus interconnect that glues the BlueGene/Q nodes together actually scales to 512 racks and a whopping 100 petaflops.

Now, as Windsor Blue costs NIS $100M that means most 100 racks  and  20 PFlops.
99% BAD HARDWARE WEEK: Now analyze that. Windsor Blue until year 2018 should crunch 20 - 100 Pflops of Russia nuclear fleet communications. Snowden now revealed that to Russians.

Wednesday, April 23, 2014

HAL, open that doors please !

In a spacewalk lasting less than an hour, two members aboard the International Space Station successfully restored a critical computer system.

IBM announces Power 8 processor

 IBM boasted it took more than three years of development -- not to mention $2.4 billion in investment -- as well as "hundreds" of patents to produce Power8.
99% BAD HARDWARE WEEK: 16x faster Peak I/O after 10 years. We expect Power 9 in 2018. In 10nm node. Peak I/O at 100 GB/s. Sustained Memory Bandwidth at 500 GB/s.  16 cores. Possible optical 1 Tbps interconnection between processor interposers. Please note that new chip design itself costs as whole new one advanced chip fab !
IBM was showing off a part, and has been designing the Power9 processor for quite a while already, according to Starke. That is why we are confident in Power 9 no later than in 2018.

After Boeing successfully lost plane its shares ended up 8% !!

 Commercial aircraft deliveries rose 18 percent to 161.
99% BAD HARDWARE WEEK: Cheers ! If all your plane comms fail and you want to land how you would contact Flight Control ? By mobile, of course. But don't forget your plane is flying and you have to stop to make a call saying them that you want to land. AND... in taht goal you need to fly below 8000 feet and below 370 kmph speed to reach final 260 kmph landing speed. Pretty risky. Impossible ? Well almost. Safe? Not in any way. Especially by night like in MH370 case.

"At 30,000 feet, call may work momentarily while near a cell site, but it’s chancy and the connection won’t last.” AND YOU HAVE ONLY TWO MINUTES TO MAKE CONTACT AND FINISH EMERGENCY CALL UNDER MOST FAVORABLE CALL CONDITIONS DESCRIBED BELOW.

altitude (in feet) calls tried calls successful percent success
2000 4 3 75%
4000 4 1 25%
6000 12 2 17%
8000 12* 1 8%

What to do ? I would circle over aiport, until another posibble military come and lead me down. Landing by night with comms failure AND in navigation equipment is almost sure disaster.

Sunday, April 20, 2014

ETOPS range on MH 370 flight

 The single-engine speeds for the aircraft listed in the menu came fromthe following sources:  
Boeing 777 (410 kts): Estimated based on Boeing 757 speed.
One knot is 1.852 kilometers per hour.  So 410 x 1.852 = 759.32 km/h. 
99% BAD HARDWARE WEEK:  Place where are the supposed remnants of flight MH370  is excluded ETOPS flight zone for MH 370. Pilots should know that. Or the remnants are NOT THERE at all.
Why out of ETOPS range is not obligatory to be alarmed by Inmarsat, without any legal possibility to avoid that ?

One engine failure and  Boeing 777 can no fly faster than 760 km/h.
The 777 fleet has flown more than 2 million ETOPS flights since its debut in June 1995. Fifty-three 777 operators fly more than 22,000 ETOPS flights per month in 2012. 

Debbie Heathers

Apple's SSL/TLS bug (22 Feb 2014)

Lastly, there was a lot of discussion yesterday that Apple missed checking the hostname in the certificate. It's true that curl on the OS X command line oddly accepts HTTPS connections to IP addresses when the IP address isn't in the certificate, but I can't find that there's anything more than that and Safari doesn't have that problem.
The researchers who discovered Heartbleed said the bug could exist inside hundreds of millions of websites, based on the market share of the open-source software that uses OpenSSL. The number is closer to 500,000, because only a fraction of sites had the vulnerable functionality turned on, according to Netcraft, a cyber-security firm.
 ADAM LANGLEY from Google is mysterious person who discovered Heartbleed bug effects in Apple's OSs after it was patched on February 21st. 

From the point of view of a browser, Langley has seen many HTTPS sites getting it dreadfully wrong and, from the point of view of a server, he’s part of what is probably the largest HTTPS serving system in the world.

Heartbleed exploit using Python script

The deepest threats to online security are the weaknesses in the fundamental  Internet protocols.
Now add these 3 lines of code (use the lib) and dump this file in the same folder to make it work behind a corporate proxy:
import socks

socks.setdefaultproxy(socks.PROXY_TYPE_HTTP, "proxy.server", 8080, True)
socket.socket = socks.socksocket
Quick and dirty batch script to dump Heartbleed memory leak at regular interval
The Heartbleed bug (CVE-2014-0160) can be used to attack clients as well as servers. Many organizations have hosts which initiate outbound SSL connections (pulling updates, fetching images, or pinging webhook URLs). These hosts are often on a separate infrastructure (with different SSL dependencies) within the organization firewall.
These hosts may be vulnerable to the reverse Heartbleed attack.

Use this tool to generate a URL for your host to make an outbound request to and check the generated results page to see whether you're vulnerable. We do not store anything about your clients on this server.
99% BAD HARDWARE WEEK: Apple patched Hearthbleed weakness in OS X and Maverics in February !
On unpatched systems, the bug affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all, allowing an attacker with a privileged network position to capture or modify data in sessions that should otherwise be protected by TLS/SSL protocols.

Saturday, April 19, 2014

Heartbleed broke into vir(t)ual private network !

But this time Hearthbleed it used exploit on firmware that has to be replaced, not updated, and was used to break into a virtual private network (VPN), bypassing the network's multifactor authentication entirely. 
An unspecified attacker exploited the bug on an unnamed company's VPN concentrator, an appliance that provides secure remote connectivity to a private network such as one a company might use in its office. Washington D.C.-based security company Mandiant discovered the attack, which began on Apr. 8, just a day after the Heartbleed bug became public knowledge.
99% BAD HARDWARE WEEK: Just as BAD HARDWARE alarmed for Cisco network devices. But for Juniper and some others too ! WHat you can do about VPN 3000 Concentrator ? Nothing. Simply buy the latest model. If such exists at all now.
Here is some of Cisco VPN bad hardware 

  • Cisco RV325 VPN Router
  • Cisco RV320 VPN Router
  • Cisco RV180 VPN Router
  • Cisco RV082 VPN Router
  • Cisco RV042 VPN Router
  • Cisco RV016 VPN Router

  • Friday, April 18, 2014

    Who is anonymous Heartbleed informer ?

    The 2-year-old bug is thought to have affected nearly two-thirds of the Web. If attackers were aware of the bug, which is still unclear, they could have stolen a frightening number of users’ login information from sites ranging from social networks to financial institutions.
    Friday, March 21 or before - Neel Mehta of Google Security discovers Heartbleed vulnerability.
    Friday, March 21 10.23 -  Bodo Moeller and Adam Langley of Google commit a patch for the flaw (This is according to the timestamp on the patch file Google created and later sent to OpenSSL, which OpenSSL forwarded to Red Hat and others). The patch is then progressively applied to Google services/servers across the globe.
     99% BAD HARDWARE WEEK: Here are some new security kids on the block. 
    Snowden used TAILS.

    Thursday, April 17, 2014

    Internet sites by size

    99% BAD HARDWARE WEEK: There are only a few supernovas: Google, Facebook, Yahoo

    Wednesday, April 16, 2014

    Internet of NSA things: Open SSL is not the only case

    Polar SSL still uses weakened Intel's random generator.
    99% BAD HARDWARE WEEK: And it is used in some 25 system files.
    CTR_DRBG based on AES-256 (NIST SP 800-90). As you know Polar SSL is intended for embeded and IoT connected things !, with the minimum complete TLS stack requiring under 60KB of program space and under 64KB of RAM

    LATEST: Heartbleed exploits have begun Even 19 years old could do it, why not NSA ?
    Luckily latest impact report from National Cyber Awareness System finds that thanks gods, clay tablets are not impacted at all !

    CVSS Severity (version 2.0):  CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/AU:N/C:P/I:N/A:N) (legend)
    Impact Subscore: 2.9
    Exploitability Subscore: 10.0
    CVSS Version 2 Metrics:
    Access Vector: Network exploitable
    Access Complexity (Required attack complexity): Low
    Authentication: Not required to exploit
    Impact Type: Allows unauthorized disclosure of information


    Open SSL spring cleaning

    Changes so far to OpenSSL 1.0.1g since the 11th include:
    • Splitting up libcrypto and libssl build directories
    • Fixing a use-after-free bug
    • Removal of ancient MacOS, Netware, OS/2, VMS and Windows build junk
    • Removal of “bugs” directory, benchmarks, INSTALL files, and shared library goo for lame platforms
    • Removal of most (all?) backend engines, some of which didn’t even have appropriate licensing
    • Ripping out some windows-specific cruft
    • Removal of various wrappers for things like sockets, snprintf, opendir, etc. to actually expose real return values
    • KNF of most C files
    • Removal of weak entropy additions
    • Removal of all heartbeat functionality which resulted in Heartbleed SINCE MARCH 2012
    99% BAD HARDWARE WEEK: No problem if you change your Open SSL passwords now. All remained stored in OUR servers. Hehehe. What about added entropy and opened passwords at open SSL ? Well, nice confidence catch.
     Here is a brief history of Intel's randomness.

     The EFF SSL Observatory is a project to investigate the certificates used to secure all of the sites encrypted with HTTPS on the Web.

    Friday, April 11, 2014

    Facebook's Heartbleed security hole affected Cisco Mobile Experiences

      Cisco Connected Mobile Experiences

    Connected Mobile Experiences (CMX) is a Wi-Fi platform that can help organizations deliver customized, location-based mobile services to end users. The CMX license on the Cisco MSE includes:
    Here is complete list for all companies and services.
    99% BAD HARDWARE WEEK: That is why Facebook was informed before anyone else ! WHo might be behind ? Let me guess. Open SSL with Heartbleed security hole was applied at Cisco without any control ?? YES, NSA used it !
    Currently, the NSA has a trove of thousands of such vulnerabilities that can be used to breach some of the world’s most sensitive computers, according to a person briefed on the matter.  
    See below Yahoo login and password, easily extracted though being heavily SSL encrypted !


    Thursday, April 10, 2014

    Hot entertainment: Boeing 747 catched fire (again)

    Staff on the flight to Heathrow from Dallas/Fort Worth with 274 passengers on board smelt an “acrid, electrical burning smell” about two hours from London

    Last year frightened passengers on board a British Airways flight told how they heard their pilot making a Mayday distress call 36,000ft above the Atlantic on November 14
    The captain radioed for help when smoke filled the cockpit of the Boeing 777 plane carrying 220 passengers - and accidentally turned on the public address system. 
    After putting on oxygen masks the crew immediately contacted air traffic control. They switched on the cabin address system, and the start of their Mayday call was heard by passengers.
    Passengers were told there had been an electrical fault. It is believed the smoke was caused by a fan in the cockpit which overheated.
    99% BAD HARDWARE WEEK: Fire after two hours ! Malaysian airlines could catch it in 20 minutes. Imagine driving airplane with only one working engine trying to return home
    in complete darkness, and you are in MH 370. What if closed engine had on power generator ? Then even your radio will not funtion.

    US Exaflops supercomputer in year 2023

    99% BAD HARDWARE WEEK: Probably immersed in cooling fluid. It will draw no less than 20 MW of power. Applications will run only in 2024.

    Wednesday, April 09, 2014

    MH 370 flight cover : How Inmarsat detected pings at the places even don't get covered with satellite beams ??

    Light blue are uncovered areas for IOR satellite that allegedly handshaked MH370, pinged hours later !! after its disappearance ! However another Inmarsat satellite,  from east could track it, but obviously it wasn't, because its area of coverage was never searched !! PROBABLY NO ONE SATELLITE HASN'T IT EVER DETECTED ! Search area was at Perth Inmarsat beam area IOR 17 thou the same pings can be too from IOR 13 and IOR 14 NONOPERATIONAL Inmarsat beams  !! HOWEVER to reach IOR 17 MH 370 should be previously detected by IOR 15 and IOR 16 BEAMS , BUT IT HAS BEN NEVER !. Thus, PERTH PINGS ARE IMPOSSIBLE AND FAKE !HERE BELOW IN RED DOTTED LINES IS POSSIBLE AREA OF LAST PING. AND CRASH SITE:

    Last irregular ping happened when MH370 missed Cocos (Keeling) island !

    Monday, April 07, 2014

    Apple in Holy war with Google

    From: Steve Jobs
    Date: October 24, 2010 6:12:41 PM PDT
    To: ET
    - 2011: Holy War with Google
    - all the ways we will compete with them
    - Apple is in danger of hanging on to old paradigm too long (innovator’s dilemma)
    - Google and Microsoft are further along on the technology, but haven’t quite figured it out yet
    - tie all of our products together, so we further lock customers into our ecosystem
    - 2015: new campus
     99% BAD HARDWARE WEEK: But who are the muslims in this Holy war ? Why Facebook isn't mentioned ? Probably because certain religious orientation. :)

    Friday, April 04, 2014

    Latest on MH 370 crash: All were lies

    Why hijackers don't like long range airplanes with 2 engines?
    Because they crash frequently ! Say flight 447 regardless, of manufacturer !

    No any radar contacts, no any turn westwards and no any confident ping from the missing airplane. Airplane plunged steeply into the sea not far from last ACAR contact point. Say 8 minutes after. That is why no one air control ever got it again, because up to 10 minutes MH 370 was in no man's land.

    99% BAD HARDWARE WEEK: Is it likely that disaster strike in just those 10 minutes ?, is the only remaining plausible question. Well, the answer is up to you. However odd fact is that two engine airplane on picture above,  flyes at all OVER THE SEA. As you know with the engines below the wingd there is no chance of water landing. BY NIGHT IN THIS CASE, IT WAS ABSOLUTELY IMPOSSIBLE. The only security for its passengers is that those TWO engines never fail. BUT EXCEPT PERPETUUM MOBILE DO YOU KNOW ANY OTHER MACHINE THAT NEVER FAILS ? And  Boeing 777 1000 airplanes  have been in flight every day for 20 years, so is it now enough for one to fail ? Yes it is. Airplane itself is worth $260 Million.

    CyberSweep™ Sapience™ not only for national fiber optics taps by NSA

    Glimmerglass, a northern California company that sells optical fiber technology, offers government agencies a software product called “CyberSweep” to intercept signals on undersea cables. The company says their technology can analyze Gmail and Yahoo! Mail as well as social media like Facebook and Twitter to discover “actionable intelligence.”
    Could this be the technology that the U.S. National Security Agency (NSA) is using to tap global communications? The company says it counts several intelligence agencies among its customers but refuses to divulge details. One thing is certain – it is not the only company to offer such capabilities – so if such data mining is not already taking place, that day is not far off.
    “Revolutions in communications technologies are usually followed by revolutions in collection capabilities,” Jeffrey Richelson, a senior fellow at the National Security Archives.
    “With Glimmerglass Intelligent Optical Systems, any signal travelling over fiber can be redirected in milliseconds, without adversely affecting customer traffic. At a landing site, this connectivity permits optical layer connections between the wet side and dry side to be re-provisioned in milliseconds from the Network Operations Center with a few clicks of a mouse.”

    Thursday, April 03, 2014

    Apple's sexy 64bit A7: Why lenght matters not only in sex

    "Apple's A7 can process six instructions per clock cycle, the same as Intel's Ivy Bridge chips found in previous-generation Apple laptops and twice the capacity of the A6," AppleInsider explained.
    There is however a difference between A7 Air Book PAd version and Iphone version in some 20%  performanse after lower number of execution units. That means probably 5 instructions per second.

    You can see the iPhone 5s throttles back its CPU frequency to about 1GHz after the 2 minute mark. The crazy thing is that until that point the 5s manages to run at full frequency without so much as a hiccup for two full minutes, running an incredibly power hungry task. Given that most iOS apps aren’t this power intensive for such a sustained period of time, iPhone 5s users should almost always see the A7 running at a full 1.3GHz. Pretty crazy. That is close to 2,6 Ghz desktop 32 bit processor.
    99% BAD HARDWARE WEEK: Double wider word and  doubled number of  instructions per cycle. Inieders call it desktop class processor and in some aspects even to Haswell. Anyway, billion transistors are inside.

    Wednesday, April 02, 2014

    What to do: Nuke plant has no money for decommission

    Entergy has reserved just over $600 million to date for decommissioning the Vermont nuclear plant, according to the Department of Public Service. This amount will not be adequate to meet the costs of full deconstruction, estimated at more than $1 billion according to the company's 2012 Decommissioning Cost Analysis report."

    Japan's Exascale Supercomputer Project launched

    Not an April fools: On April 1, 2014, RIKEN will embark on a new project to achieve exascale computing by 2020. The objective of the project is to create a successor machine to the K computer and to develop new applications that make maximum use of the new system’s performance.
    This is part of the Exascale Computing Project planned by the Ministry of Education, Culture, Sports, Science and Technology. RIKEN’s Exascale Computing Project will be led by Yutaka Ishikawa of the RIKEN Advanced Institute for Computational Science (AICS). The new supercomputer, when completed, will be installed within the premises of AICS in Kobe.
    99% BAD HARDWARE WEEK: Let me remind you , Gmail project, currently world biggest email system, is launched on April the 1st 2004 :)

    Boeing's autothrottle bullshits !

    On Boeing type aircraft, A/T can be used in all flight phases from Takeoff, Climb, Cruise, Descent, Approach, all the way to Land or Go-around, barring malfunction. Taxi is not considered as a part of flight, and A/T does not work for Taxi. In most cases, A/T mode selection is automatic without the need of any manual selection unless interrupted by pilots.
    According to Boeing published flight procedures, A/T is engaged in BEFORE the takeoff procedure and is automatically disconnected 2 seconds after landing. During flight, manual override of A/T is always available. A release of manual override allows A/T to regain control, and the throttle will go back to the A/T commanded position except for 2 modes (Boeing type aircraft): IDLE and THR HLD. In these two modes, the throttle will remain at the manual commanded position.

    U.S. aviation regulators on Monday proposed a fix for some Boeing (BA.N) 737 planes to ensure that a faulty altimeter does not cause the automatic throttle system to unexpectedly cut engine speed.
    The Federal Aviation Administration said the changes to cockpit automation, if adopted, would affect 497 Boeing 737s, specifically the 600 and its later models. Chicago-based Boeing said another 778 jets would be affected if aviation regulators outside the United States adopt the FAA proposal. Model's 737-600 are produced the same year 1995 as 777-200 from ill fated MH 370 flight !! ___________________________  
    99% BAD HARDWARE WEEK:  The same type airplane crashed last at SF and victims have sued Boeing after autothrottle and other failures.
     If couldn't handle autothrottle failure MH 370 pilots could hit flight upper ceiling and suffer explosive cabin decompression.

    Kill by email: No one will jam our drones. Ever !

     The AFNET migration project consolidated 646,000 e-mail boxes and 12,318 servers at 275 sites from multiple Air Force major commands, field operating agencies, direct reporting units, and geographically separated unit networks. It created a centrally-managed standardized structure under the operational control of the 24th Air Force commander.
     99% BAD HARDWARE WEEK: You couldn't hack until now any Mil email from vary basic reason. They hadn't NET. :)

    This page is powered by Blogger. Isn't yours?