* Posts by Ben Tasker

1321 posts • joined 23 Oct 2007

Page:

Renewed calls for Tesla to scrap Autopilot after number of crashes

Ben Tasker

Re: 98%

> Probably the same people who don't understand that a cup of coffee is hot, unless it says "WARNING ! CONTENTS ARE HOT !!!!!!!!!" on the label

To be fair, in that particular lawsuit the coffee wasn't just hot, it was scalding and far hotter than it ever needed to be. That and the resulting skin damage is what the lawsuit was about, not the fact they didn't mark it as hot, but that McD (IIRC) made it far hotter than any reasonable person might expect it to be (and IIRC didn't put the lid on properly)

As far as TFA goes, just change the name, not that big a deal

0
0

Cheap virtual box hosters – Amazon's Lightsail is out to destroy you (yes, you, Digital Ocean)

Ben Tasker

Re: Yawn

Amazon missed the point. Completely. The reason why people host with all of these providers is exactly that - flat pricing, no price shocks and permanently attached static IPs. So, no, no and no thanks.

Yep, exactly my view. I do have some stuff running in AWS, but those are there because AWS's pricing model is better suited for those requirements.

The digital ocean stuff is where it is because of the flat pricing. I know what it's going to cost every month, regardless of what hits it.

Lightsail as an offering, from my point of view, doesn't offer what'd be needed to move my DigitalOcean stuff over, and offers no benefit over having the other stuff in EC2.

0
0

UK Parliament waves through 'porn-blocking' Digital Economy Bill

Ben Tasker

Re: VPN sales are going to skyrocket around the world.

> Hmm, giving all my browsing information to the UK government vs giving all my browsing information to the Chinese government, decisions, decisions

Local copper who sees you drive by every day discovers you're into BDSM, vs's a government in a country you'll probably never visit?

The latter, every time.

There are, of course, occupations where that might not be the case, but for the average person it's far more difficult for a foreign government to get at you than the local branch of your own government (or as the case may be, dictatorship).

Move the details out of country, and UK Gov may still be able to get it, and others may possibly find a use for it. Don't and UK Gov definitely will get it. Outside of certain niche's/occupations it should be a no brainer

6
0

Mozilla hackers audit cURL file transfer toolkit, give it a tick for security

Ben Tasker

Re: Curl.

--- posts/3038156

+++ posts/3038156

- dObERManS

+ doberMans

Fixed your naming convention, please merge

2
0

WordPress auto-update server had flaw allowing anyone to add anything to websites worldwide

Ben Tasker

Re: And in related news...

> HTML and CSS combined with judicious usage of a JavaScript (aka JackassScript) and a server side language with a solid framework (Python/Django or Ruby/Rails, e.g.) might be smarter.

It depends. Aside from the learning curve for the average SMB owner, the problem with rolling your own is that you are then entirely responsible for maintaining it, including finding and fixing any vulnerabilities (or even just run of the mill bugs) you might have accidentally introduced.

It also makes things like server refresh a pain as you'll have to take your codebase into account.

That's more responsibility than your average SMB wants to take on. Off-the-shelf increases the number of people looking for holes and bugs , and someone else will likely fix those for you.

On the flip-side, of course, the obscurity it brings does have a little bit of benefit. You won't get pwned when someone starts a script to find WP sites and use their latest 0-day on them. But if you're specifically targeted then rolling-your-own might well lead to you being an easier target.

3
0

User needed 40-minute lesson in turning it off and turning it on again

Ben Tasker

Re: Can you hold down the power button

> You've told people not to use jargon, but I have no idea whatsoever what 'top-up the jets' means*.

I'd hazard a guess he's American and means topping up the screenwash, but it is only a guess.

24
0

British politicians sign off on surveillance law, now it's over to the Queen

Ben Tasker

Re: Working from home

> In a similar way, I'll be running 24x7 a random IP address generator that will then, for a random number of minutes, do a random number of GETs to that IP address and any subpages that are returned..... both massively increasing and poisoning the haystack with random data, and obscuring my actual surfing.

If you do, be very careful.

I did some work a little while back examining the effectiveness of cover traffic on encrypted links.

You'll need to pay attention to the size of the response body and adjust the time between that and the next page accordingly (but not proportionally).

The time a human takes to switch between pages isn't consistent (we might load a huge page, read 1 sentence and click off because it looks crap, or lead a tiny page and take 5 minutes to read because we went and made a cuppa). But that's very different to random intervals as there is some correlation between the amount of text and the amount of time we spend reading.

You also need to make sure that the start and end times of your cover traffic aren't particularly consistent. Having a sleep at the beginning of the script helps a little, but if the traffic always starts within 60 seconds of quarter past the hour, it quickly becomes identifiable

> In a similar way, I'll be running 24x7 a random IP address generat

Don't do that. You don't want it running 24x7, you want it vaguely aligned to your sleep/wake cycle (as well as taking into account things like you going to work all day). Any traffic generated when there's a high probability it wasn't you gives an observer further means to analyse your countermeasures.

If they decide they're going to capture HTTP Host headers (which really, they'll want to), simply connecting to a given IP and requesting pages isn't going to do anything except make the traffic identifiable too.

There's a lot of other things to be considered too.

When observed over time (which is what an ICR will effectively be) the little differences in behaviour between a script and the average human become readily identifiable, and that's when the traffic is using an encrypted link. It's even harder with plaintext (which, to some extent, includes HTTPS because things like SNI are in the clear)

TL:DR running effective cover traffic is fucking hard, assuming your aim is to thwart anyone with any more than a passing interest.

0
0
Ben Tasker

Re: Am I an ISP?

> Will I, and many others like me, have to store these ICR thingies?

And will there be any specific requirements on how we store them? For example, if I write the ICRs out to an aged SSD and never run integrity checks (as to do so could be construed as unauthorised access), is it likely to be too big a drama when those records aren't available (because the SSD didn't start making whining noises to warn me it was going to fail)

Would at least be novel, advising on how to increase the risk of data-loss...

2
0

Firefox hits version 50

Ben Tasker

Re: Android

> unfortunately it's a bit flaky and likes to crash when I expand or move around the page.

That's been my main experience with it, it's just regular enough to be annoying but not so regular that it's forced me back to Chrome.

0
0

Swedish prosecutor finally treks to London to question Julian Assange

Ben Tasker

Re: The Swedes can save face

> The term "rape" is being abused. It normally implies violence or a threat of violence.

No, that would be "Violent Rape" or similar.

The term Rape is all about consent. Sex without consent is rape. Fairly simple.

> Some would say that a woman changing her mind after the event is "rape" because the man should have been more caring...

Some would say that if a woman says "yes, but only if you rubber up" means you've only got consent if you rubber up, and that consent wasn't given (in fact was almost explicitly denied) for bareback.

0
1
Ben Tasker

Re: Really?

> Not according to Swedish law, and however much Wikileaks and St Jules™ think of themselves, they're not important enough to switch Swedish law for.

I read an interview with Assange, about the Hilary leaks recently. It was good, interesting reading right up until the point the journo asked about this case, at which point it was an easy reminder of what a slimey toerag Assange can be

For example, "In Sweden I am not charged,". There's no way that Assange isn't acutely aware that Swedish law requires this interview before he can be charged, so whilst it's not technically untrue, it's a rather manipulative statement to make.

Can't blame the journalist for asking about it, but somewhat ruined an otherwise interesting interview for me.

15
3

Panicked WH Smith kills website to stop sales of how-to terrorism manuals

Ben Tasker

> Oh do fuck off. Warned by The Register indeed. When any twat knows that mixing [redacted] and [redacted]; both common household chemicals you can make [redacted] gas.

Don't tell them that. They're already going down the path of burning books, the next thing will be to burn any of us that actually learnt anything in chemistry for possession of banned knowledge.

6
1

Tesco Bank limits online transactions after fraud hits thousands

Ben Tasker

Re: Tesco bank headers missing

> I can promise you that none of these missing headers resulted in the funds of 20k customer accounts growing feet and walking away...

Agreed. It's much more likely that someone gained access to their internal systems (whether that's an internal job or otherwise)

>Or that any missing headers in a web server response ever resulted in something similar.

On this scale? Probably not.

It's certainly feasible on a smaller scale though. Cert authorities have been compromised in the past, and likely will be again. The authentication method LetsEncrypt uses when requesting a cert is known to be vulnerable to DNS poisoning, so there's a potential avenue to obtaining a trusted-but-fraudulent certificate there too.

What's the defence against an incorrectly issued, publicly trusted certificate?

Certificate pinning. Which none of the buggers is using. As mentioned earlier in the thread, configuring it isn't without it's risks, but it's just a case of needing careful management.

Incidentally, that LetsEncrypt issue I mentioned, can be mitigated by DNSSEC, which, again, none of the buggers is using.

Given that banks are "trusted" to hold our money, you'd think the bar would be somewhat higher for what they consider the bare minimum.

Personally, I think it'd be better if browsers got their act together and implemented support for DANE, but that's a whole other topic (and would require the banks to set up DNSSEC in any case).

2
0
Ben Tasker

Re: Tesco bank headers missing

> My immediate response was that the Barclay's app gets a bonus star for not working at all... no?

I did think about that, but decided against. It's more than possible the failure to run was something I did (or didn't) think of, so probably shouldn't give them an additional point (which might be misleading) just in case the app is actually swiss cheese in reality. Given the much wider range of permissions their app asks for, I figured it was better to err on the side of caution

0
0
Ben Tasker

Re: Tesco bank headers missing

When I last looked they all did a pretty poor job of using the tools/techniques available. Granted I was looking at their apps, but the situation looked more or less the same for their online banking login pages.

Iornically enough, Tesco bank's holier-than-thou stance on security in one area was what prompted me to have a quick gander

8
0

Brexit may not mean Brexit at all: UK.gov loses Article 50 lawsuit

Ben Tasker

> Your thinking is backwards, the court isn't saying that elites can't just dictate and must put it to a vote,

Yes, yes it is.

It's saying that the Government cannot simply make the decision and bypass Parliament.

If you'd prefer it termed this way, it's saying the elite of the political elites cannot dictate.

> the court is saying that a fully democratic referendum

You missed out the word "advisory" there. And, before you take umbrage, make sure you read the numerous legal analysis that show referendums in the UK are advisory unless explicitly stated otherwise in the enabling legislation. It could always be disregarded (not that I'm saying it's necessarily a good idea)

They asked our opinion, and now they must vote on it.

Personally, I think Brexit is a fucking stupid idea, but for me this isn't just about that. The idea that the Prime Minister can make such a permanent, nigh-on-irrevocable decision without a complete mandate (see below) is insane and (given who the PM is) dangerous.

On the mandate front, OK, as a nation we voted in majority of Brexit. We didn't vote on losing access to the single market, and certainly didn't vote on coming out of the ECHR. One of those we know May wants, the other varies depending on who's speaking, but neither or which were actually voted on specifically.

14
1
Ben Tasker

As others have said, what did we vote on?

- Leave the EU?

- Leave the Economic Area?

- Leave the ECHR?

All or some of the above? Whats TM going for?

Strange though, an awful lot of Leavers I know were going on (pre-referendum) about how Parliament was no longer sovereign, and we need to get that back etc. We get a court ruling saying the elites can't just dictate and must put it to a vote and you're all upset?

> Have we realty reached the point at which we're abandoning democracy?

We're a parliamentary democracy and the legal system has just said that Parliament must be involved. If anything we've just re-affirmed that democracy not abandoned it.

> If so, then violence is inevitable.

Lucky we're going to have that extra money for the NHS so we can handle the casualties then... oh, wait

19
3
Ben Tasker

> I have no sympathy for those who are too stupid or lazy not to vote. Use your vote or lose it.

In the context of the referendum, that's the stupidest statement I've seen in a while.

You're asked for an opinion - should we stay, or should we go. You're not sure either way (because neither side is actually giving anything of substance).

Some people said "fuck it", picked one (because they wanted to be "part" of the referendum).

Others said, still not sure, so I'll not vote either way.

I've got far more respect for that latter group than for the former. I know people who voted Leave purely because they wanted to be "involved" and are now pissed that GBP has tanked etc. Frankly, they brought it on themselves, it's just pity they also helped bring it on the rest of us too.

The best reason not to vote is because you don't feel strongly enough in either direction. The worst reason to vote is simply to feel involved in that process, it's not a fucking lottery ticket.

12
1

Hm, is that a minefield? Let me just throw my magic bomb-sniffing spinach over there

Ben Tasker

Re: OK so let's see if I can find a use for it

> they are land mines how do you defuse/detonate them safely?

You take a step back and then spray the solution in your assistant's eyes

1
0

Hackers hustle to hassle un-patched Joomla! sites

Ben Tasker

> "If you have not updated your Joomla site yet, you are likely already compromised," Cid says.

Seems a bit sensationalist. I've checked logs for quite a number of sites and most of them haven't seen any attempts.

0
0

Microsoft: We're hiking UK cloud prices 22%. Stop whining – it's the Brexit

Ben Tasker

Re: Work the problem?

> Seems to me that every company trying to make a buck out of this opportunity should be met with a "no thanks." whilst we buy/use something else

Here's the thing. When you devalue your currency, the cost of things from foreign suppliers tends to rise as a result.

If MS didn't allow us to buy in GBP, and instead only sold in USD, we'd still be spending more.

It's not just opportunism, it's a direct result of the devaluation of the pound, which has come about as the result of businesses having serious concerns about the UK's prospects post-brexit.

In my book, that's definitely something to dump at the feet of the leave crowd.

28
3

CloudFlare shows Tor users the way out of CAPTCHA hell

Ben Tasker

Re: nonce field - unfortunate choice of name

> As the actual value is irrelevant I guess that the name comes from a contraction of nonsense.

I've always assumed being a throwaway its just a contraction of "n" and "once"

Not sure though

0
0

Source code unleashed for junk-blasting Internet of Things botnet

Ben Tasker

Re: It would seem

The only thing to watch out for with that is manufacturer idiocy. IIRC when BT first moved from having a generic default WEP/WPA password on the Homehub they went with the serial number. Umfortunately it was possible to get the AP to tell you it's serial before you'd authenticated.....

You can almost guarantee at least one manufacturer will drop that info into the http headers, or body to aid in identifying the kit when they get a support call

1
0

Alleged hacker Lauri Love loses extradition case. Judge: Suicide safeguards in place

Ben Tasker

Re: Controversial

But, to stretch the analogy, you wouldn't get to claim the cost of installing an alarm as damages against the car thief either. The thief stole the car and gets done for that, you don't get to claim back the cost of doing what you should have been doing in the first place.

In other cases though, the US has tried to reach the bar for damages by including the cost of implementing security that should have been there in the first place.

So whilst he shouldn't get off scot-free he's not wrong when he claims it won't actually be justice that's metred out in the US

6
3

Swedish appeals court upholds arrest warrant for Julian Assange

Ben Tasker

Re: Very few commenters seem to know the facts of this case...

> 2. Assange has not been charged and he is not wanted for trial.

FFS, if by now you don't know why that's bullshit you're either being willfully ignorant or are just too plain dense to conceive that different countries have different legal systems.

He cannot be charged (and therefore cannot be wanted for trial) until after the interview they want to have with him. It's not a difficult concept, and it's not new.

> 4. Assange has not "refused to come to trial or indeed be questioned".

No, but he (the suspect) is trying very hard to dictate how and where that happens. What other suspects would you say could get away with that?

> 5. Assange did not "flee".

For a start, he's a bail jumper which most would consider fleeing. Secondly look up tje circumstances of his departure from Sweden. Not that whether he flee'd Sweden really matters, if he left to visit his Great Aunt Norma the requirement for him to go back wouldn't change.

Maybe try reading a wider range of sources and verifying facts a little more thoroughly. It might be a fact that he's not been charged, but there's another fact that explains why and that its not unexpected.

17
8

Bug of the month: Cache flow problem crashes Samsung phone apps

Ben Tasker

Re: Mono

Yes and Yes.

Xamarin bug is here - https://bugzilla.xamarin.com/show_bug.cgi?id=39859

Edit: clicky

10
0

We want GCHQ-style spy powers to hack cybercrims, say police

Ben Tasker

Re: on the rights of man and common sense

>> increase the risks criminals need to take

>

> struggling with ideas here that don't involve logging everything everywhere. fuck off.

Perhaps reduce the time wasted on fighting for things that harm us all and focus on doing some actual police work? More coppers doing what they're supposed to be doing should increase the risk of getting caught

>> ; remove the excuses for it

>

> Does anyone have any good excuses for cyber crime? Crap wars in foreign lands?

I've got a sinking feeling that in the future we may all have a good excuse - they've clamped down so hard on things that "normal" stuff like using https is now potentially a cybercrime.

4
0

Dropbox: Leaked DB of 68 million account passwords is real

Ben Tasker

Re: Can someone explain

With bcrypt, the salt is stored in the "hash". The output of bcrypt is essentially a string containing the actual hash - in effect ${cost}${salt}${hash} - so if you've got the bcrypt "hash" you've got everything you need except the real password.

But that's fine, because a salt isn't intended to be secret, it's intended to make it more expensive for an attacker to try and bruteforce hashes

2
0
Ben Tasker

I emailed them back in 2012/2013 to ask if they'd been compromised because the alias I'd used for them started receiving spam. They said no

Feeling a little vindicated now

3
0
Ben Tasker

Re: Ummm

> I am also not sure the attacker "would need the salts". Generally they are right next byte to the hash, possibly after or before a separator...

Absolutely correct - with bcrypt the salt is stored within the "hash", along with the cost used and the resulting cipher text. The cost and salt get split out of the stored string when testing a submitted password.

1
0

£1m military drone crashed in Wales after crew disabled anti-crash systems – report

Ben Tasker

> Millions of pounds of hi tech equipment destroyed for want of a £1 microswitch.

By the time it's been rated "aviation safe" it'll cost much more than £1. I remember seeing £20 spanners coming into the aviation workshop still carrying a price tag that indicated they'd cost 10x as much. Partly because Government contract, partly because they'd been rated as OK for use on aircraft.

So that £1 microswitch may well cost hundreds, if not thousands from the supplier

3
0
Ben Tasker

Re: The Real Lesson

> Is that this drone was of a horrible design.

Pretty much my takeaway as well.

> if Master Override is activated and one of the altimeters is malfunctioning, the Watchkeeper opens up its “ground touch” window from 1m sensed altitude to 20m sensed altitude. In other words, the drone might decide it has landed even when it is still 65 feet up.

Clearly whoever designed this was trying to solve a specific issue they predicted might happen, but didn't give enough consideration to what the actual ramifications might be

13
0

Thieves can wirelessly unlock up to 100 million Volkswagens, each at the press of a button

Ben Tasker

Re: Quick Release or build it like it is in my head

Inevitably leading to someone having to stand at the tobacco counter at Tesco's as their icecream nelts and say, errr... has anyone handed in a steering wheel? I'm sure I had it when I paid, but can't find it anywhere

Not that I once realised I'd left my wallet on the counter once I'd driven 100 miles. Thankfully there was enough diesel in the tank to get back

12
0

Idiot flies drone alongside Flybe jet landing at Newquay Airport

Ben Tasker

Re: Ban Them!

> Me neither. *shakes fist at pesky adblocker*

Same here. Was only yesterday I was debating whether to whitelist the Reg so they could earn some income from my views. Guess that settles it.

11
0

Hilton hotels' email so much like phishing it fooled its own techies

Ben Tasker

Re: Banks are just as bad

Perhaps if you'd clicked it it would have resent the email, but in a larger font this time to try and get the information to sink in?

But yeah, I've had similar from my bank - we take account security very seriously, click this link to a random looking domain to find out how to avoid getting scammed

12
0

Julian AssangeTM to meet investigators in London

Ben Tasker
FAIL

Re: He's on Ecuadorian Soil...

> Assange is not in the EU or the UK, he's on Ecuadorian Soil,

No, he's on UK soil.

The whole "an embassy is foreign soil" is a Hollywood thing, not a real-world thing.

The Vienna convention prevents us from going in without very good cause, but to do so wouldn't be an invasion of foreign soil. The real risk is that failing to respect someone else's embassy would lead to British embassies suffering the same.

> No one has come off well in this, least of which the UK Government. The original offence (if there ever was one) has long been served, by his self imprisonment.

Except it's self-imprisonment so it doesn't actually count. If you're expecting that you'll be convicted of something you can't just hole yourself up somewhere of your choosing and then claim time served, that's just not how it works.

16
0

The developer died 14 years ago, here's a print out of his source code

Ben Tasker

Re: Mr Robot

>  when you see people in DC doing whatever they're doing, while wearing t-shirts but not seeming to feel the cold.

I don't think I've ever felt the need to layer up in the DC. I have occassionally had to leave the hot aisle because I was getting too warm though. A tshirt is otherwise normally fine, but its possible Ive built a tolerance since the smoking ban exposed me to the elements more frequently

Oh, and Ill usually have something in/over my ears if Im going to be in there for too long. Not so much the volume as the constant exposure that gives me a headache.

2
1

Dying satellite sends boffins one last surprise before disappearing

Ben Tasker

Because if you kick the mistake makers too hard, by firing them or making it impossible to continue with their jobs, then you lose not only the skills you've invested in but also the learning from the mistake. Do something wrong in the armed forces and you're often demoted - you have to earn your way back up.

Yup, an employee who's fucked up and been punished is usually still a more productive and useful asset to the company that an employee who hasn't yet fucked up and hasn't learnt to exercise a little more care. I'd rather someone who didn't fuck up because they'd learned to be careful than someone who's just got lucky so far.

Firing is for the willfully incompetent/negligent and for those who never learn to exercise care. Everyone else should get the chance to learn from mistakes.

And firing someone to "make a statement" (i.e. for political purposes) should probably be a sackable offence too IMO, as it's throwing away the company's investment in that person for no good reason.

4
0

Meet the 1,000 core chip that can be powered by an AA battery

Ben Tasker

Re: Why?

It's part of Skynet:

....the chip can execute 115 billion operators a second while....

But seriously, as others have said - does there need to be a "why" for trying everything new? Once a technology is developed, uses will generally be found for it, and otherwise unthought of technologies sometimes grow up around them

0
0

Tor torpedoed! Tesco Bank app won't run with privacy tool installed

Ben Tasker

Tesco are using DNSSEC for their financial arms right? right? Oh wait, no they're not. Hell, they're not even using HSTS or HPKP

Got curious, turns out they're not the worst of the lot, even if far from great.

1
0
Ben Tasker

Also considering the risk of poisoned exit nodes & MITM, while TOR is great for anonymising your origin you probably can't trust it to protect your identity and personal details that you transmit

Well, how about the App actually verifies the certificate it receives, and they use DANE to ensure that the fingerprint of the provided certificate matches the certificate they _know_ to be real.

Then the exit not only has to MITM the SSL connection (using a publicly trusted certificate), but also has to find a way to return a valid, _signed_ response to the DNS query.

Tesco are using DNSSEC for their financial arms right? right? Oh wait, no they're not. Hell, they're not even using HSTS or HPKP

Implementing actual checks on the certificate being provided would benefit all users, tor and non-tor. Instead, they leave their app checking the local system whilst ignoring the large expanse of network between the client and the server.

6
0

Mark Zuckerberg's Twitter and Pinterest password was 'dadada'

Ben Tasker

Re: As for username and password,

Personally, I don't know the answer to any of my secret questions. I generate a random string and paste that in.

Passwords are in a manager so the questions shouldnt ever be needed, and if they are Ive bigger things to worry about.

Does mean it's a right shit when a site suddenly updates login to include "enter character 6 of the answer to your security question" though.

0
0

Jacob Appelbaum quits Tor Project amid 'sex misconduct' accusations

Ben Tasker

Re: The blog ppst

> No, I linked to a page on the Tor Project blog only, not the website Appelbaum mentions.

Strange then, the second paragraph of the statement is a bit unnecessary IMO, but otherwise not quite sure it'd fall under defamatory, even if the language is a little woolly

0
0
Ben Tasker

IOError's Statement

Jake has (just) published a statement - http://www.twitlonger.com/show/n_1soorlp / https://twitter.com/ioerror/status/739731362404536320

2
0
Ben Tasker

Re: The blog ppst

I don't know, but I suspect at least one of the deleted comments probably linked to the domain that's been, err, dedicated to ioerror - which very definitely does contain a lot of defamatory stuff.

No idea whether the allegations are true (other than that he can be a knob at times), but that site and the social media witchhunt make me sad to be part of the community. There's no reason for everything to have been done quite so publicly (the site in particular), particularly at this stage, and for a privacy loving community to seemingly take so much delight in a public burning doesn't sit well.

5
0
Ben Tasker

> I take it you're British? No freedom of speech, your votes don't count,

Funny, those first 2 seem to apply to the opposite side of the pond too.

As far as the monarchy goes, it seems at last check, they bring in more money that we pay to support them, which seems to be in line with the capitalist dream, no?

7
1

'Windows 10 nagware: You can't click X. Make a date OR ELSE'

Ben Tasker

Re: What date is good for you?

> And unless VM support for DX12 comes along, I don't trust virtualizing a gaming rig with a Steam collection that's Windows-only and VM- and WINE-unfriendly.

Not saying it's necessarily the right solution for you, but one option would be to do something like this

http://lg.io/2015/07/05/revised-and-much-faster-run-your-own-highend-cloud-gaming-service-on-ec2.html

Edit - making link clicky

3
0

Don't panic, says Blue Coat, we're not using CA cert to snoop on you

Ben Tasker

Re: Symantec

Browsers need to start tracking the certs for each website and if the certs change, then its untrusted even if Symantec say its trusted.

That's already possible with HPKP and/or DANE.

Googles certificate pinning, is Googles log, I have no reason to trust Googles logs either.

If you don't trust the operator of the site (in this case, Google), why are you exposing your system to their services?

1
0

Thai bloke battles jumbo python in toilet todger thriller

Ben Tasker

Re: Is it just me, or...

Surely we've all dealt with a user or a boss where we've thought I'd rather feed my todger to a snake?

Or... alternatively, it might be we're currently in bootnotes ;)

14
0

Hacked in a public space? Thanks, HTTPS

Ben Tasker

Some go further that that and are included on a list pre-baked into the browsers. So on a virgin install of Chrome (for example), if you enter http://www.google.com it should change to HTTPS without bothering to try port 80.

Helps to remove the inherent risk in just HSTS when talking about users who're visiting your site for the first time.

0
0

Page:

Forums