* Posts by Ben Tasker

1150 posts • joined 23 Oct 2007

Page:

And on that bombshell: Top Gear's Clarkson to reappear on Amazon

Ben Tasker
Silver badge

Re: Good news for us all !

I replied to individual comments, but my replies do not appear below those comments for some reason.

You've got a gold badge with 118 posts to your name and you've only just realised the comments section isn't threaded in that way?

I think most people knew it was a Clarkson quote (there being some fairly public upset at the time), but the fact it's a quote doesn't mean it's automatically not offensive/stupid for you to say it. There are plenty of things we can't say despite being able to point and say "But it was a quote".

From the way you addressed the moderators, I assume you weren't here in the good old days when the moderatrix was still about?

0
0
Ben Tasker
Silver badge
Stop

Re: Good news for us all !

And the idiots and children who like his racist ranting and incitements to murder-by-car can watch him on some obscure streaming channel. If they can work out how to get it.

You don't necessarily have to like his rants to enjoy the show. You can find them distasteful but still feel the overall entertainment of the rest of the show outweighs it. The world isn't black and white - though I don't doubt there are those who do like his rants in particular.

Some of the stuff he's said and done has edged towards appalling, but some of the upset is also somewhat questionable. There was upset about some comments he made about Liverpool (think this was in his column instead of TG) but the impression you got from the Liverpudlians interviewed was that they'd have pissed themselves laughing if he'd been talking about Blackpool, Hull or anywhere but Liverpool.

I'm not trying to defend his attitude or his comments themselves, but the whole point in free speech is he's got a right to say what he thinks (or pretends to think....) and in your comment you've cast a sweeping generalisation, which is exactly what some of the accusations against Clarkson boil down to.

Peoples humour differs, you might not like off-colour humour, whereas I might. If you find something offensive, I might still find it funny, and it doesn't automatically make me a mouth-breather. Whilst I can't expect a national broadcaster to air something just because I find it funny, neither do you have a right to expect them not to because you don't.

A disgrace that our national broadcaster chose cash over ethics for so long,

I think, in a broader sense, that's an entirely fair comment by the way, though I think the link between ethics and Top Gear depends entirely on your view of TG. Clarkson's behaviour may have been offensive at times, arguably racist at others, but unethical?

30
0
Ben Tasker
Silver badge

Re: Sorry, chaps

Depends on your point of view really, Sky TV is what £15 a month, or more if you want a decent selection. That's £180 a year.

Amazon Primeis £79 a year, so less than half.

Netflix is (I think) £6.99 a month, so slightly more expensive that Prime. IMO, Prime have got a better catalogue than Netflix too, though things change.

Of course, the major difference is, Sky will let you pay month by month whereas Amazon want the lot upfront, which (to me at least) does make it less attractive, but personally I wouldn't call it a lot of dosh in comparison to the competition.

I've a few other bugbears with Prime, but the overall cost isn't really one of them.

8
0

Google turns cookie monster on AdSense, DoubleClick clients

Ben Tasker
Silver badge
FAIL

Hey, neat idea! Do you mind if I steal and adapt it as "Hey, we're going to pollute the heck out of this planet - if you don't agree please don't use it: find a different one!"...?

That's a terrible analogy. A website setting cookies is equivalent to pouring oil into the sea and filling the atmosphere with carbon and methane? Really?

He's right, a website can set whatever they want, so long as they give you (the consumer/reader) the information required to decide whether you're willing to accept those terms. I agree the "we set x cookies, tough shit" style banners aren't quite in the spirit of the law, but then a banner that says "we set x cookies -> accept, deny" would be no different if the result of clicking "deny" was that you get redirected off the site - it'd be closer to the spirit of the law though.

There are altogether too many 3rd party services being called from pages nowadays IMO, but it's not just the cookies that are the issue, it's the overall behaviour of those parties. The argument should be about the behaviour and not a specific mechanism, if advertisers switched to using Local Storage instead of cookies, they'd bypass the law and still be capable of the same thing....

1
0
Ben Tasker
Silver badge

No, but you probably will care if Google decides they're not going to take the (potential) risk of serving ads on your site. If they decide the site isn't compliant with their policies, that's the logical outcome - though somehow I doubt Google are going to bother auditing in order to deliberately cut off some (albeit small) part of their revenue stream.

It's much more likely that they've sent out the notification so they can tell the commission they've pointed it out to publishers, and the responsibility therefore rests with the individual publishers.

2
0

Windows 10 in head-on crash with Nvidia drivers as world watches launch

Ben Tasker
Silver badge

Re: Driver Clashes

I think the point is, if Microsoft are going to force updates on people, they need to be damn sure those updates are not going to break any of the myriad of configurations out there.

When there's an ability to disable and vet updates (i.e. < Win 10), you've some scope for saying "95% of systems handle the updates fine", because the other 5% can disable automatic install and perform due diligence.

When you're insisting that updates install automatically, you have far less wriggleroom to be able to justify not making sure 99.999999% of systems won't get killed by your updates.

18
1
Ben Tasker
Silver badge

Re: Roaming

Presumably (I haven't checked) that depends on how you connect though right?

If you connect to your phone via Bluetooth/USB, all well and good, but presumably it hasn't a clue if you tend to put your phone into Wifi hotspot mode?

9
0

Email apparently from Home Office warns of emails apparently from Home Office

Ben Tasker
Silver badge

I had that rollercoaster feeling last week.

Brown envelope turns up along with a sense of dread

Contains letter saying I've overpaid by a fair bit, sense of delight

Realising that's the money I'd been sending to offset my _next_ return, sense of dissapointment

7
0

Hark, the Hacking Team angels sing, it’s not us who’ve actually sinned

Ben Tasker
Silver badge

Re: Dear hacking team

Especially with the "if it had been a media company".

Had the media's voicemail (don't like calling it phone hacking) scandal come out as a result of their systems getting compromised, I've a feeling people would have been just as upset

1
0

OpenSSH server open to almost unlimited password-guessing bug

Ben Tasker
Silver badge

Using fail2ban won't necessarily protect you.

A lot of iptables tutorials (and so by extension, sysadmins) will add something like the following at the top of their INPUT chain

-m state --state related,established -j accept

The nature of this bug means the attacker has 10,000 attempts without being disconnected.

Fail2ban will pick up on the log entries and add the source IP to its chain, but if the jump to that isn't until after the above their existing connection won't get cut off

11
0

Universal Pictures finds pirated Jurassic World on own localhost, fires off a DMCA takedown

Ben Tasker
Silver badge

 Reg readers will know, 127.0.0.1 is very often used as a computer's very own hostname. 

Actually I think most Reg readers will know that's bollocks. 'Localhost' is very often used as a computers very own hostname.

127.0.0.1 is an RFC1122 reserved loopback address (in fact the entire /8 is reserved for that) so if its used to address another system you're doing something wrong....

30
3

Joomla Helpdesk Pro remote code exec vulns lead to server pwnage

Ben Tasker
Silver badge

Joomla's Helpdesk Pro

Helpdesk Pro is an extension for Joomla, but isn't made by Joomla. It's made by a group called the Osssolutions team.

I know everyone does the same thing for Wordpress too, but its not helpful to report a vuln as being a vuln in a CMS when its actually a vuln in a 3rd party extension tbat the majority may never install.

Makes things a bit of a PITA when you're looking at old news stories whilst assessing new kit.

1
0

Cyber-security's dirty little secret: It's not as bad as you think

Ben Tasker
Silver badge

Re: Correlation, causation, and conclusions

Botnets are decreasing in abolute terms? Interesting. Botnets decreasing in relationship to aggregating personal computers numbers with devices/platforms that may, or may not have relevance to botnets? What does that mean? Anything?

It also appears to ignore the fact that higher value targets are seemingly being preferred when building/adding to a botnet.

Commandeering a few crappy PCs on crappy DSL connections vs commandeering a single server on a high-quality 10/100/1000 connection..... statistically, the botnet is smaller if you do the latter, but it's also far more capable for certain tasks.

0
0

Evil computers sense you’re in a hurry and mess with your head

Ben Tasker
Silver badge
Joke

Re: The Machines Have Already Won

Recently I had been stood in a slow checkout queue for a few minutes when an irate women demanded my place in it. She had apparently left her trolley in the aisle before the checkout while she went to get more things.

When in a weird mood, I've been known to become exceptionally helpful and help tidy the supermarket up a bit by moving any apparently abandoned trollies into one place. Especially ones near checkouts, after all that's your route out if there's a fire......

I say weird mood, the wife tends to phrase it more like "being a cunt". Tomatas/Tomatoes IMO

10
0

Tuesday, Wednesday break my heart. Thursday doesn't even start. Friday I'm in .love

Ben Tasker
Silver badge
Stop

While its advertising is amusing, it doesn't seem to have grasped internet domains, however: the company owns neither tubi.tv (its website is at tubitv.com) nor hooli.sucks. So close, yet so far.

So not really the best example that generic TLDs are gaining acceptance after all then?

3
0

CVS shutters photo website in credit-card hack attack scare

Ben Tasker
Silver badge

* A chemist in British English

English... just English... originated from England and all that....

I don't know why it irritates me, but it does. On the other hand, I remember reading (or being told) that US English was closer to the English language when the colonies were formed than ours is now, so either that side of the pond is has a less evolved language than us, or is more traditional :)

/tangent

Although it's not great they got boned, at least they've the decency to take the site offline whilst looking into it, rather than pretending it didn't happen and continuing to trade without knowing how vulnerable they might be

3
0

GOOGLE GMAIL ATE MY LINUX: Gobbled email enrages Torvalds

Ben Tasker
Silver badge

I've been seeing a lot of it as well, annoyingly combined with stuff that's obviously spam making it into my inbox.

I don't quite get how a thread I've replied in can get marked as spam, whilst "I'm a 21 years old, so I desire 2bang you" gets an A-OK.

17
1

Loan application data hacked, company responds: Meh, not our customers

Ben Tasker
Silver badge

Re: AFC Kredieten

Well AFC Kredieten must have a really low credibility rating if they thing the gutter is a good place.

Having just taken a look at their website and seen a Plesk default holding page, I think it's safe to say credibility is pretty low. Them using Plesk probably also answers 'how did they get in'.

9
0

Pan Am Games: Link to our website without permission and we'll sue

Ben Tasker
Silver badge

Re: Seems Fair

Or, what if I shorten it http://bit.ly/1r8EgyY. Am I in trouble, or is Bit.ly?

8
0

Brit teen who unleashed 'biggest ever distributed denial-of-service blast' walks free from court

Ben Tasker
Silver badge
Paris Hilton

Re: I know the type

> Sorry Gentlemen's club in the UK

Telling a judge you know them from a strip club might be uncomfortable..... might well have the desired effect though.

Gentleman's club is actually technically right, but most people think strip club nowadays. Better to say you know the judge from Golf

1
0

Ditch crappy landlines and start reading Twitter, 999 call centres told

Ben Tasker
Silver badge

The report, Contacting Emergency Services in the Digital Age, recommends the blue light services move away from landlines to smart phones, and from voice to data.

No it doesn't.

It says emergency services should be able to make use of the potential benefits smart phones (and TVs, vehicles etc) bring to the table. At no point does it recommend the existing voice capability be ditched, because that would be fucking stupid.

In the context of "how can we try and improve services/response" what they're saying makes sense once you understand the plan isn't to stop 999 calls from working.

11
0

Google helps Brit crims polish their image – but what about the innocent

Ben Tasker
Silver badge

Re: Rape victims not a great example

@Drewc

Those accused of rape aren't though. Someone has a false allegation made against them, ends up in the papers and forever has their name tarnished.

Though, to be fair, I don't believe the right to be forgotten is the way to fix this. For crimes that have a strong knee-kerk emotive link to them, the accused needs to be guaranteed anonynimity too (until the point of conviction).

8
0

Bitcoin, schmitcoin. Let's play piggyback on the blockchain

Ben Tasker
Silver badge

Re: The Real Story About The Bitcoin Blockchain

> I've gone from crazy to "a stretch". That's progress.

One argument simply being a stretch doesn't stop the theory from being crazy, though hyperbolic would likely have been a fairer original description.

> I assure you that a court would consider adding an official block to the blockchain to be a consideration passed from the miner to bitcoin in order to qualify for a prize.

I don't doubt you could find _a_ court who'd consider it, but realistically the court you'd ultimately need to convince in the US is the Supreme, and there's still the rest of the world to think about.

You could also argue that the blockchain is a community asset, and that in fact there isn't a sole entity acting as a lottery operator - not only does that make it harder to shut down, it's a little harder to prove that there's sufficient benefit to call it a lottery in the legal sense.

There's also the difficulty of how they'd manage the confiscation if it were to come to pass, but that's not something you'd consider when having the is/isn't argument.

I doubt the US govt would think twice if it brought them financial benefit, mind, so that's not to say it couldn't be made to fit

3
0
Ben Tasker
Silver badge

Re: The Real Story About The Bitcoin Blockchain

> The "consideration" clause is legally met once the miner adds the block which is a undeniable benefit to bitcoin.

Personally, I think that's a big stretch.

> The scam part comes because bitcoin has no limitation on the number of miners. If all had an equal chance it would be just a lottery. But with 50k winners and 325k losers during the effective lifetime of the gear, there is no equal chance for all.

So lets assume it is legally a lottery for a sec

Every block mined has an equal chance of getting the BTC.

Not every miner has an equal chance of course, if I spend out on a lot of kit that can hash at a huge rate then I've potentially got better odds in that I've got more entries. That's no different to if I buy £1000 lottery tickets, I've got more entries that you.

So, still not a scam

> All the rest is irrelevant details.

When you're claiming something is legal or illegal, there's very little that can be called an irrelevant detail

4
0
Ben Tasker
Silver badge

Re: The Real Story About The Bitcoin Blockchain

> It's not crazy, it's legally true

I'm perfectly happy to wait for a court to decide that, but I disagree with your interpretation:

As far as as chance and prize go, I'm not going to argue with you because I think mining meets that to some extent.

As for consideration:

You _may_ have a point if a miner has bought dedicated single-purpose hardware (i.e. an ASIC) specifically to mine, but there are also other options (though your ability to mine may be reduced). For example, if I buy a GPU and use that both to mine and to play with password hashes, does that constitute enough of a consideration to fall foul?

The electricity usage is a byproduct of the activity, and I think you'd struggle to call that significant effort given it's reasonably expected that if you're doing any kind of computation, it's going to need the leccy

Similarly, bandwidth usage is simply a byproduct

There's also a wide world outside the US (who I suspect would be the first, if anyone to go that route) so although US BTC acceptance could suffer following caselaw supporting your argument, it's going to take quite a while (if ever) for the rest of the world to follow suit.

Even if the above is wrong, you're still wrong. You _might_ have an argument that BTC is a lottery (though I disagree), but that's very different from a lottery scam. For a lottery scam, you'll first need to show that it's a lottery and then show the mal-intent - without that it'd just be a lottery.

2
0
Ben Tasker
Silver badge

Re: The Real Story About The Bitcoin Blockchain

Crypti does look interesting, but your comment comes across as hyperbolic. You've identified issues with BTC, and didn't need to take the leap of craziness into insisting that it's an illegal lottery scam. It harms your credibility.....

8
0

Britain beats back Argies over Falklands online land grab

Ben Tasker
Silver badge

Re: Local control

Presumably, if .fk were to be taken away (not that I think it would), the fallback would be precisely that...

0
0

MAC address privacy inches towards standardisation

Ben Tasker
Silver badge

Re: Randomising MAC address

> It's only the MAC address used when probing for known networks that is being randomised. As soon as you connect (or try to connect) then you're using your real MAC address. More details here.

That's how iOS 8 does it, but not how the experiment was run. The devices MAC was randomised before connecting to a new network but wasn't then reverted back to the real address.

They essentially ran

MAC_ADDR=06:`openssl rand -hex 5 | sed 's/\(..\)/:\1/g;s/^.\(.\)[0-3]/\12/;s/^.\(.\)[4-7]/\16/; s/^.\(.\)[89ab]/\1a/;s/^.\(.\)[cdef]/\1e/'`; sudo ifconfig <WLANIFACE> ether $MAC_ADDR; networksetup -setairportnetwork <WLANIFACE> <ESSID> <WiFi KEY>; echo $MAC_ADDR >> <PATH_TO_LOGFILE>

(they used the 06 at the beginning to identify trial participants and DHCP/VLAN them differently).

More info on mentor - https://mentor.ieee.org/privecsg/documents

There's some interesting reading there actually....

3
0

Dyre banking VXers LOVE Mondays, Symantec says

Ben Tasker
Silver badge
Joke

Re: Bloatware from Mountain View

> At layer 3? Good look with that.

Simple:

iptables -I INPUT -j DROP

And just in case the machine is already infected, strip the viruses and spam it's trying to send

iptables -I OUTPUT -j DROP

0
0

Anakin Skywalker chased by cops, crashes podracer into tree

Ben Tasker
Silver badge

Re: like son like father?

According to wookiepedia (seriously), yes - http://starwars.wikia.com/wiki/Mark_Hamill - just before filming closed for the first film.

1
0

Assange™ celebrates third year in Ecuadorian embassy broom closet

Ben Tasker
Silver badge
FAIL

Re: Truer words were never spoken --- "EIT"

Why would they need an extradition request when they just use extraordinary rendition.. /facepalm

Why would they go that route? Even if that had been the plan at the outset, every day that Assange has been in that embassy has been a little more rope toward his noose.

Say Assange gives up, goes to Sweden, get's a slap on the wrist, followed by a stern talking to here for being a bailjumper, then nothing. What does the rest of the world then assume about the guy who's been swearing blind it's a US plot against him?

He's been very vocal from the outset, and even if he was right initially, he's given the US all the tools they need to destroy his credibility (who'd trust a crank leaker?).

And that's assuming you even believed his claims in the first place.

1
1

THIS TIME we really are ALL DOOMED, famous doomsayer prof says

Ben Tasker
Silver badge

Re: To Append A Necessary Phrase.

Partly true - if it was viewed that they weren't likely to become self-sufficient we should cut food aid (so starve them).

But also, if we viewed that a particular region had more promise than the country as a whole, we should encourage a seperatist movement.

So to my mind, that's tantamount to starving them into starting a civil war.

He also floated the idea of mass sterilisation via the water supply and then discounted it on the basis that there hadn't been enough research into it.

I know we're talking about a doomsday scenario, and hard decisions would need to be made, but if you're going to effectively sentence an entire country to death (leaving aside the 'who has the right?') at least make it a bit more humane than starvation y'know?

3
0

Oi, UK.gov, your Verify system looks like a MASS SPY NETWORK

Ben Tasker
Silver badge

Re: Looks like, walks like, talks like...

The point of a federated system is that you can choose an identity provider which you trust,

I'm being slightly pedantic, but, Given the providers involved, I think it's more a case of choosing the provider you distrust least. Take a look at the list

Barclays

Digidentity

Experian

GB Group

Morpho

PayPal

Post Office

Royal Mail

Verizon

I'll admit to having had to google digidentity, Morpho and GB group (which means they're distrusted by default - I know nowt about them). Are there any on that list you could say you actively trust? I'm not sure I could.

I think I'd need to default into choosing whichever company I felt already had sufficient information on me (as it's too late to change that).

6
0

Sprint: Net neutrality means we can't stamp out download hogs

Ben Tasker
Silver badge

Re: Bu****it!

Even then, it's not always that straight forward once marketing get involved

This plan allows you to make an unlimited number of phone calls* to anywhere in the U.S.

* of a duration of 5 seconds or less, calls exceeding 5 seconds will be charged at normal network rates

Or

* calls charged at normal network rate

The problem with 'Unlimited' broadband is the same as the example above - they're taking a different interpretation of exactly which part is unlimited.

They're not imposing a 'limit' on how much you're allowed to download that month, they're simply reducing the rate at which you can do so - obviously ignoring the effect the latter has on your abilities in respect of the former.

The whole thing's a joke and has been since it's inception, but simply defining the word unlimited isn't enough, you've got to get them to admit which part of the sentence it relates to and any caveats that might impact the picture that marketing are trying to paint.

TL:DR The ISPs who sell 'UNLIMITED' need more than a language lesson, sadly.

3
0

Israeli firm gets legal on Indian techie over ISP ad injection spat

Ben Tasker
Silver badge

Re: Bharti Airtel and Flash Networks

> The issue isn't that this person did a quick "View Source", it's they the published someone else's IP to

> a public site. That is theft, plain and simple.

So, in your world - if rather than View Source, Ctrl-c, Ctrl-v he'd taken and posted a filtered packet capture showing the issue where would he stand?

If I'm troubleshooting why I'm having problems accessing your site and take a quick pcap to investigate, am I breaching your copyright? What about if I chuck it up to Cloudshark

> Injection of various assets to provide improved service (or pay for a free one), is common practice and

> people accept its benefits.

Not sure that people accept the 'benefits', I think they just put up with it. In cases of ISP injection it rarely leads to an improved (or cheaper) service, just higher profit margins for the ISP in question.

It's also an incredibly nasty and potentially dangerous thing to do IMO and I'd drop my ISP if I caught them doing it.

3
0

The weapons pact threatening IT security research

Ben Tasker
Silver badge

Re: Exposing software flaws for profit

> some standardized form of compensation which should not constitute win the lottery

Given that the standardised amount probably won't be much, the low hanging fruit will get picked up on, and no-one will spend the time digging into the less easy to find, but still potentially critical stuff.

I'm not advocating selling flaws, but a standardised compensation level will just be exploited by the major industry players with no real benefit to the rest of us.

> Anyone choosing to blackmail by not disclosing the software defect for the set financial compensation

> should do serious prison time.

Only if the fuckers who missed it because they wanted to save some money in the QA department face a similar threat, which whilst potentially appealing is just as stupid. First they fuck up and get millions of machines pawned, and then the taxpayer pays their cost of living for 'serious time'?

2
0

Hackers steal files on 4 million US govt workers

Ben Tasker
Silver badge
Joke

Re: With all these breaches

Free credit monitoring for the average american..... but... but... but.... surely that's one step away from socialism and must be banned?

- A tea-bagger

3
0

So, EE. Who IS this app on your HTC M9s sneakily texting, hmm?

Ben Tasker
Silver badge

Re: Stock Rom

If you look at the link to the forums, the guy apparently tried putting a stock ROM on there and it re-appeared. They've (at least in some cases) made it persistent by sticking it on a separate partition.

Some flashing your ROM isn't necessarily a defence against it.

1
0

Musk: 'It's BS for ex-Vulture to claim I forced employee to miss sprog's birth'

Ben Tasker
Silver badge

Re: Big moments vs the small...

> each of those moments more precious to me than that initial birth thing.

Agreed - I'm glad I didn't miss littlun's birth (though I should have said no when told I could see him crown :( ) but it's the times since that stick in mind.

0
0

Lightbulbs of the future will come with wireless extenders and speakers

Ben Tasker
Silver badge

Re: And unless the security is up to scratch...

And all so you don't have to get off your arse to let them in - I don't get the problem with going and opening the door personally....

5
0

'Use 1 capital' password prompts make them too predictable – study

Ben Tasker
Silver badge

Re: Password generators

Max lengths piss me off, given the things should be salted and hashed in the database anyway (long passwords are all reduced to the same length as short passwords in terms of DB storage). So why limit me to 8 characters??

I can understand having some kind of a limit so I don't try and set a 10KB string as a password, but low character limits are just stupid.

10
0
Ben Tasker
Silver badge

Re: Password rage

Yup, VbV is a complete waste of time.

I actually made the effort to try and remember the phrase I used a while back (rather than setting a random string knowing I'd just reset next time). Got one, ONE character incorrect the next time I tried to use it, and as a result of that single borked attempt they made me reset and wouldn't let me reset to the phrase I'd bother to remember.

So I'm back to 'forgot my password' -> set to a random string -> make no attempt to remember it

Which means it, once again, provides bugger all value whatsoever.

8
0

This open-source personal crypto-key vault wants two things: To make the web safer ... and your donations

Ben Tasker
Silver badge

Just guessing, but:

I'd hope the thing was thoroughly audited by someone else before shipping - finding that someone will cost something.

Getting set up to manufacture, even with limited runs can be an expensive proposition. You might be able to design and build a rough prototype for 50, but good luck getting any manufacturing plants interested without

a) a high cost small run

b) a lower cost, guaranteed run of a given quantity

It's not like they're planning on building these hsms in their garage, is it?

The other option is to not raise so much upfront, and hold orders until the manufacturers minimum run size is achieved. IME that's insanely frustrating when you're wanting to get your hands on the thing.

1
0

Self preservation is AWS security's biggest worry, says gros fromage

Ben Tasker
Silver badge

Re: Wrong priority

To an extent you're right, but also wrong.

They need to insulate customer B from nefarious customer A as far as possible, that's true.

But if customer A gets pwnd and the attacker ultimately manages to get a block of IPs added to a RBL then, even if customer A leaves, that may effect customer C (who's been unlucky enough to be allocated one of those IPs).

Would I lose sleep? No. But there is definitely some worth in trying to educate customers not to be complete tools when it comes to security.

2
0

Because the server room is certainly no place for pets

Ben Tasker
Silver badge

Re: Tape and VM? - LMFTFY

This is a pointless article with baseless scaremongering

'Toxic IT'? Seriously?

Not everything can be efficiently virtualised. JIRA is a (reasonably) popular enterprise app, and it _can_ be virtualised (in the sense that it's not impossible), but the problems you invite by doing so can be potentially myriad (especially if you've got vmotion set up). If your business relies on a tool being available, why take that risk?

Virtualisation is a tool, it's important to understand when to use it and when it's not appropriate to do so - that's going to change on a case by case basis, so there aren't really any blanket rules on what should be virtualised.

It's also equally important to ensure non-technical managers understand that just because you could run all those 'toxic' servers as VMs on a single host (to reduce costs), it's not necessarily a good idea.

The phrase 'Toxic IT' sounds like the garbage you might hear come from a marketing dept, not from an educated professional.

For the record, I definitely wouldn't fall into the 'old' category either.

33
1

Google sticks anti-SQL injection vaccine into MySQL MariaDB fork

Ben Tasker
Silver badge

So in case anyone's still wondering (or y'know, wants to make the article factually correct).

The Anti-SQLi measures are implemented by sending your queries to the Database Firewall Filter (called MaxScale) rather than direct to MariaDB itself.

Maxscale appears to support a wide range of filters (including things like requiring a WHERE within delete queries), including time based one's (no delete's outside of working hours for example).

There's not a huge amount of documentation on the anti-SQL side of things at the moment (it just says block specific queries) so I'd guess it's using simple pattern matching rather than fingerprinting (which is what this script for MySQL does).

There's a public repo for Maxscale here but I'm guessing the anti-SQLi filter has yet to make it into there as I don't see any commits that stand out as obviously related (and nothing referring to it in the release notes).

0
0
Ben Tasker
Silver badge

I'm completely guessing here, though if I get time I'll probably go and have a read of a more reliable source than TFA.

As the SQL Injection protection seems to be within a query firewall (rather than related to the encryption as El Reg claimed), I'm going to hazard a guess that it does simple query interpretation, looking for things like a UNION within a query that, every time it's run previously, has not included a UNION.

i.e if the query is normally

SELECT title,content FROM articles where id=1;

And the following comes through

SELECT title,content FROM articles where id=1 UNION SELECT username,plaintextpass from users

Then it'd be blocked.

It's only a guess mind, but given Google's propensity for behavioural analysis, I wouldn't be surprised if there's some profiling of queries received and then anything outside of the 'normal' profile gets additional filtering to try and identify whether it's an SQLi attempt.

Still better to fix/avoid SQLi at the application though

0
0

Aw, snap! How huge HTML links can crash Chrome tabs in one click

Ben Tasker
Silver badge

On the upside, the pre-fetching is relatively easy to disable, though the naming is a bit flakey - "Predict network actions to improve performance".

I'm not sure what benefit it really gives, even on a slow connection I tend to find DNS resolution is often the fastest element of accessing a new site.

The page pre-loading functionality is potentially fucking scary too (disabled by the same checkbox) - Chrome will try and work out which link on a site you're likely to click on next and then pre-load in the background.

You can drop meta-tags into a page to tell Chrome what to prefetch (so presumably link rel='dns-prefetch' href='lorem ipsum.......' would also cause a crash) - so can do link rel="prerender" href="myevilpage.htm"

Google's docs note that pre-rendering is resource heavy, so in theory (at least) you could probably also create a page that just spams the browser with prerender.

0
0

You want disruption? Try this: Uber office raided again, staff cuffed

Ben Tasker
Silver badge

There's no barrier except that Uber are supposed to... you know.... comply with local legislation and get a license.

Whether or not there's protectionism going on doesn't really factor in to that. If local laws specify that Uber need to do something, they have 2 options

- comply

- challenge the legislation

What they can't do, is pretend that the legislation doesn't apply to them and operate any way.

Unfortunately, that's what they seem to have been doing.

We don't tolerate the likes of Kraft coming over here and saying "well the food standards requirements are lower in the US, so we're going to ignore the UK standards". Why would this be any different?

To operate in a country, you need to comply with their laws, even if you think the laws are backwards

9
0
Ben Tasker
Silver badge

Re: illegal software...

@ac

Whilst you might be right about the existing industry being overprotected dinosaurs, it should be pretty clear by now that Uber make a pretty crap poster child.

They may be challenging the existing models, but the company is clearly a walking nightmare.

From security to data-mining, they don't seem capable of operating in a manner that is in the interest of consumers.

The appears to be a bunch of incompetent, over-litigous data-sucking assholes, but hey they're challenging the status quo so it's all forgiven right?

The enemy of your enemy is not always your friend.....

10
0

Page:

Forums