Hello,

This is the fourth time today Slashdot has shared this news. Here are the previous ones:

Today at 11:03AM: https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fyro.slashdot.org%2Fstory...
Today at 7:21AM: https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fyro.slashdot.org%2Fstory...
Today at 6:00AM: https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fyro.slashdot.org%2Fstory...
(all times Pacific)

Perhaps limiting comments to just the first one will help Slashdot's editorial staff better curate the experience it is providing to readers.

Regards,

Aryeh Goretsky

Hello,

I was unfamiliar with the Intel 7840HS CPU mentioned in the article, and figured it was either some model for embedded systems, servers or other computers not generally used by the public.

One quick search later, and I found out is an AMD CPU for laptops, specifically the AMD Ryzen 7 7840HS. Here are the specs for it: https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.amd.com%2Fen%2Fproduct....

The changelog for the LZ4 release gives more information about the speed improvements: https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fgithub.com%2Flz4%2Flz4%2Frel.... It does not mention the manufacturers of the CPUs used in benchmarking, which is probably why it was misidentified in the article.

Regards,

Aryeh Goretsky

Hello,

To be fair, he had just been newly appointed to the CTO position at McAfee, Inc,, and was responsible for GRC activities.

I would imagine that after his experience with the bad DAT 5958 rollout at McAfee, he would have made sure that CrowdStrike had a robust set of processes in place to ensure that this never happened again. That's part of what makes this so interesting: CrowdStrike must have had all sorts of controls in place to ensure that only a detection update which had passed through numerous quality gating procedures was released. Such processes are usually highly automated because they run 7x24x365, so you have all sorts of signalling and telemetry coming back at you to make sure all the tests are passed and everything's okay before you release.

What I'm thinking is that maybe this was going on, but there was failure in the alerting mechanism(s) and the update was pushed to production; think of it as being like an alarm light that didn't flash because its lamp bulb was burnt-out.

I will point out that this is all very speculative by me. I do not know personally know Mr. Kurtz, I was at McAfee from 1989-1995, and have worked at a competitor for the last 18 years. But during the past 35 years, every antivirus/antimalware/internet security/EPP/EDR/{insert marketing term du jour} company has put out a bad update at some time or another. None of us are immune to doing that, and they will happen again in the future.

Everyone in the industry is talking amongst themselves about what happened, and wondering if their own systems are vulnerable to such a problem, but it is difficult to check your systems if you don't know what you are checking them for. There has been all sorts of guessing about what happened, but until CrowdStrike releases their post mortem incident report with an analysis showing the root cause, that's exactly what it all is: guesswork, especially my comments.

Until then, the only thing I can really do is hope that CrowdStrike and their customers get their systems up and running as quickly as possible.

Regards,

Aryeh Goretsky

Hello,
I was a bit surprised by the "As a result, these 6TB 2.5-inch drives will unlikely fit into any desktop PC" comment. While that may be true for laptops, many desktops still have 3.5" and even 5.25" bays, and 2.5" adapters to the larger form factors have been readily available for years. While the >15mm Z-height may be problematic for adapters using removable drive trays, there shouldn't be any problems for internal use, as 3.5" drives are typically 20-26mm high and 5.25" drives are around 42mm high.

Regards,

Aryeh Goretsky

Hello,

While it may be easy to say it is some kind phenomenon from online pictures ("airspace") shared via social media as the TFA declares, it seems its author did not perform any kind of rigorous study into what the alternatives might be, so let me propose one here:

Perhaps coffee shops are limited by what restaurant supply shops (both online and offline) offer. I would imagine this is a space which has had a lot of consolidation just like every over one over the past decades, so the breadth of what has been manufactured and sold specifically for coffee shops has probably declined, while the sales of specific items marketed for "coffee shops" has increased. Over time, they would all end up buying the same (or similar) furnishings, supplies, etc.

So, in a sense, perhaps it is more a case carcinization (convergent evolution) driven be restaurant catalogs than social media.

Regards,

Aryeh Goretsky

Hello,

Here are the usage states for the deprecated versions of Windows, according to the Valve Corporations November 2023 Steam Hardware Survey at https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fstore.steampowered.com...:

Windows 7 64 bit - 0.69%
Windows 8.1 64 bit - 0.16%
Windows 7 0.06%

So, according to Valve's own data, this accounts for just under 1% (0.91% to be exact) of all use.

Regards,

Aryeh Goretsky

Hello,

I haven't seen the file myself, but usually program files from Microsoft are digitally-signed by the company.

Regards,

Aryeh Goretsky

Hello,

While having access to AM radio for emergency communications is good, I would like to see NOAA Weather Radio frequencies added as well. They broadcast weather information 24×7, as well as notifications about other types of hazards and AMBER alerts.

Having access to those from inside your vehicle would be extremely useful during an emergency while you're on the road.

Regards,

Aryeh Goretsky

Hello,

While it is interesting that these spheres were found (and should probably be called spheres, pending confirmation that they are actually spherules), it would be good to check for them outside of the search area.

It is entirely possible these are the result of some terrestrial activity, man-made or otherwise. After all, people have been using shot towers since the late 18th century to make lead shot round enough for shooting. Aside from industrial processes, perhaps these could be the result of volcanic eruptions or some other rare, but entirely earth-bound geologic process.

Regards,

Aryeh Goretsky

Hello,

I had largely the same experience as you growing up in the 1970s-1980s, so share a mutual "OK, boomer" with you over these experiences.

These are not the experiences that teens and pre-teens are having, though. They live in a world where computers and networking are miniaturized and ubiquitous. Heck, they even spent a couple of years of doing classes online through Zoom meetings.

While their understanding of how the underlying technology works may not be great, a lot of them have manifested an ability to use it and seamlessly integrate it into their lifestyle.

I don't know if what they have is better or worse than what we had, but before I complain about it too much, I will point out that it is the world we created for them--predatory business models and dark patterns and all--and we shouldn't complain too much about how they choose to live in it.

If you stay in touch with how they use the technologies we gave them and even adopt some of them ourselves, you can learn a lot about them and how they think, everything from how they approach problem solving to how they socialize. And, having done so myself, I have to say it isn't all bad.

Regards,

Aryeh Goretsky

Hello,

The Lenovo laptops on which this was demonstrated were ten and eleven years old, with third and fourth generation Intel Core series CPUs.
Information about resetting their passwords has been around for years. A quick search reveals:

• https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fmilaq.net%2Fthinkpad-password-removal%2F (2022)
• https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.dataimpact.nl%2Fblog%2Fremovo-lenovo-thinkpad-bios-and-supervisor-password (2020)
• https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D5z0HdLqgR_IM (2020)
• https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.ifixit.com%2FAnswers%2FView%2F367966%2FSupervisor%2BBIOS%2Bpassword%2Breset (2017)
• https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.ifixit.com%2FAnswers%2FView%2F447975%2FHow%2Bto%2BReset%2BBios%2BPassword (2017)
• https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2F41j.com%2Fblog%2F2014%2F11%2Fibm-laptop-supervisor-bios-password-reset%2F (2014)

Refurbishers have been doing this for years to make old off-lease ThinkPads ready for resale. It's not exactly new, nor is it a secret since the steps to do it are widely known.

Regards,

Aryeh Goretsky

Hello,

One of the researchers who worked on the investigation here.

In the recommendations section of our research paper, one of the ones for device manufacturers was that they both switch to storing configuration data on removable media, and that the removable media in question be something that could easily be connected to a computer like a CompactFlash card, an SDXC card, a 2.5" or 3.5" drive, or even an M.2 drive so that part could be easily removed from the device. That way the device owner could perform a secure wipe of it, and verify it no longer contained any data.

Or they could then destroy it.

That wasn't something I favored, but I would rather have devices re-enter the secondary market missing a common and easily-replaceable storage device than be destroyed in their entirety because the device owner could wipe its on-board FLASH RAM.

Regards,

Aryeh Goretsky

Hello,

One of the researchers who worked on this.

As part of our research, we came up with a list of recommendations for both device owners and device manufacturers that are in the research paper, which you can get to by going TFA, going to our blog, and then downloading the PDF file from there (direct link, no need to give an email address or anything like that).

One of the recommendations we had was for device manufacturers to have the information about how to securely wipe their devices publicly available (i.e, not behind a paywall) and kept online even if the devices in question were EOL and no longer eligible for any kind of support from the manufacturer. We also suggested that manufacturers adopt a common set of commands for wiping their devices in order to make it easier to device owners.

We did talk about asking manufacturers to include written instructions in their packaging with secure wipe instructions, and that they should all use a common size and color of paper or a card for this, but that didn't make the final cut because we felt most organizations would throw the packaging out when they were done racking the gear.

Regards,

Aryeh Goretsky

Hello,

One of the researchers who worked on this investigation here.

The problem isn't so much that the devices are too risky to sell, it's that the devices were not decommissioned properly. In some cases, the organizations claimed to have followed procedures and even had been given certificates of data destruction, which it turns out were not so valid after all. And in one case, an organization claimed the router had been stolen.

The Ars Technica article links to our blog, which in turn links to our report (direct download PDF, no registration required) if you would like to know more about our findings.

Regards,

Aryeh Goretsky

Hello,

No, they are completely different.

Amazon Web Services is a business and can offer whatever kind of contracts to customers it wants. If a customer signs a contract and then repeatedly breaches the terms, they get booted.

It's called capitalism.

Regards,

Aryeh Goretsky