Feeds

* Posts by Brian Morrison

727 posts • joined 4 Feb 2008

Page:

Revoke, reissue, invalidate: Stat! Security bods scramble to plug up Heartbleed

Brian Morrison
Bronze badge

Re: sounds familiar

It has taken a while for this particular bug to be found, but without the source oversight it wouldn't have been. Had this been in a closed-source product without the same robust methods of detecting such bugs the same thing can happen and the number of reviewers is much more limited.

It's a great shame that this didn't get spotted earlier or recognised as a security problem but then if someone is determined to commit at 11pm on New Year's Eve then the chances that they remembered doing it and ran lots of tests subsequently is clearly reduced.

5
5

MPs attack BT's 'monopolistic' grip on gov-subsidised £1.2bn rural broadband rollout

Brian Morrison
Bronze badge

Re: You're an idiot.

Does BT provide VDSL connections over exchange connected lines? I suspect they don't, which means a limit of 24Mbps from ADSL2+ instead of VDSL's limit of 80-odd Mbps.

3
0

BT finally admits its Home Hub router scuppers some VPN connections

Brian Morrison
Bronze badge

Re: 4.7.5.1.83.8.94.1.37

And no wonder that they can't keep track of which features are fixed/broken in such a labyrinthine numbering scheme.

Maybe they could make it even worse using hexadecimal and colons...oh, no, that's IPv6.

3
0

This record-smashing robot solves a Rubik's Cube in 3.253 seconds

Brian Morrison
Bronze badge

These chaps have dedication!

Well done to them both, it's great to see such single-mindedness.

It's a long time since I remember seeing David and family happily playing with Mindstorms robots on the living room floor, glad to see that all that coding has achieved something really useful!

0
0

Red Hat plans unified security management for Fedora 21

Brian Morrison
Bronze badge

One really good thing to see is...

...that Fedora 21 is not going to be released in May, they've actually put a whole 6 months into the schedule to get things settled down a bit more. The most recent 3 releases have been pretty hairy in that things have gone wrong with the new installer and the updating tools such as fedup have been less than perfect. It seems that someone has finally said "Enough!" and forced a delay to allow people to tidy up things that need it.

Good on the security overhaul too though, sounds good to me.

0
0

Got 4G? Wake up, grandad. We're doing 4.5G LTE-A in London - EE chief

Brian Morrison
Bronze badge

Re: Got 4G ?

Have Vodafone rolled out the 10.2.1 OS update for their BB 10 devices? It might make a difference.

Some time ago my daughter's Z10 (which is on 3) seemed to leave the network selection to 3G/2G, and once it changed it back after it was set to 4G/3G/2G. Worth a look see I'd say...

0
0

New radio tech could HALVE mobe operators' bandwidth needs

Brian Morrison
Bronze badge

So let me ask this then....

Base stations can transmit at powers up to +64dBm, and receive at levels down around -100dBm. That's 164dB difference in signal level, or more than 16 orders of magnitude. How many bits of resolution would you need to separate out those two very different amplitude signals? My rough calculation says 27 bits.

Is that even possible? I don't know of a way of doing that even at audio frequencies, let alone RF.

6
0

Cable thieves hang up on BT, cause MAJOR outage

Brian Morrison
Bronze badge

Re: Time for a Sting?

Yep, that Law of Unintended Consequences is a real bitch!

0
0
Brian Morrison
Bronze badge

Re: Damn thieves

You need the high voltage to puncture the (high resistance) outer skin layers. Once you're into the nice soggy stuff inside the skin then the resistance drops very rapidly and current flows without much problem.

This is the reason that people who get electrocuted by a few thousand volts and up tend to end up scorched and smoking, their internal body fluids have boiled.

5
0

NHS England DIDN'T tell households about GP medical data grab plan

Brian Morrison
Bronze badge

A little more on this, via the UKCrypto mailing list...

From http://www.hscic.gov.uk/hes

"In 1996 these bodies were abolished and the NHS-Wide Clearing Service (NWCS) was set up to provide a means of transmitting the records. In 2006 this work was taken over by the Secondary Uses Service, which is run by the Health and Social Care Information Centre and the National Programme for IT.”

So it came under HSCIS’s remit in 2006. The data set was from 2000-2010.

For tracking though, there is the HESID - http://www.hscic.gov.uk/media/1370/HES-Hospital-Episode-Statistics-Replacement-of-the-HES-patient-ID/pdf/HESID_Replacement_Nov09.pdf

Which appears to include per-client pseudonym-ids. Data cleaning on release appears to be documented here - http://www.datadictionary.nhs.uk/web_site_content/cds_supporting_information/security_issues_and_patient_confidentiality.asp?shownav=1

0
0

Mobe operators, need to check your network? There’s an app for that

Brian Morrison
Bronze badge

We already have...

...OpenSignal on Android that does pretty much this.

Assuming that it's accurate and that it keeps the correct values.

1
0
Brian Morrison
Bronze badge

They measure...

...SNR in dbm (sic)?

Heavens to Betsy, now we know why coverage isn't what we expect!

0
0

BlackBerry sets BBM Voice and Channels live on iOS and Android

Brian Morrison
Bronze badge

Have to agree that it's pretty nice and has gained a lot of new features in a fairly short time.

While it looks very 'BlackBerry' on my Nexus, it seems to work well and keeps me in touch with the BB/iPhone/Android using family members very nicely.

Thumbs up from me!

0
0

Android users running old OS versions? Not anymore, say latest stats

Brian Morrison
Bronze badge

Re: kit kat

It's often difficult to upgrade because the hardware vendor withdraws driver support for the chipset used in older phones, mainly because they don't have the resources to work on old hardware while simultaneously developing and releasing future and current hardware.

1
0

Elderly Bletchley Park volunteer sacked for showing Colossus exhibit to visitors

Brian Morrison
Bronze badge

If you want an example of an earlier 'eviction', just ask...

...the Milton Keynes Amateur Radio Society about their experience when a more prestigious organisation decides it wants to muscle its way in.

4
0

Android VPN redirect vuln now spotted lurking in Kitkat 4.4

Brian Morrison
Bronze badge

Re: KitKat 4.3?

Sorry old chap, no cigar!

4.1.x/4.2.x/4.3.x is Jelly Bean, 4.0.x is ICS.

0
0

What can Microsoft learn from 'discontinued operations' at Nokia?

Brian Morrison
Bronze badge

Re: Dead Platform

I had never used a WP device before, but a while ago I was in my local where the landlady (with a Lumia) and a rather the worse for wear customer (with a Series 40 Nokia) were trying to exchange phone numbers. I got asked to do it for them, and I will confess that it took me a while to work out how on the Lumia (about 5 seconds on the Nokia including typing the name). There was a number already in the received calls list, so I thought OK create a contact. Riiiight... took several minutes of fiddling to achieve that.

I have never before had that much trouble with any other phone using any other OS. It should just happen without the user needing to think, rather than needing a lot of poking about.

9
3

Apple punts patches for holes in Pages and OS X, Windows iTunes

Brian Morrison
Bronze badge

Re: iTunes on any platform is pretty grim

The fix is to uninstall each component of the iTunes virus one by one, then reboot and install the latest version after downloading a new copy.

Nasty, and why it takes 100MB+ download I can't imagine.

4
2

Snowden speaks: NSA spies create 'databases of ruin' on innocent folks

Brian Morrison
Bronze badge
Mushroom

Re: @Trevor_Pot

I'm sure they did monitor, must have been directed by good intelligence in those days. Perhaps that helped.

Of course it wouldn't have been enough even if they had been able to monitor everything. I'd always wondered whether airport airside security was very good then or whether the authorities were just very lucky. Tuirns out it was the latter, there was a bomb that didn't detonate placed on a Trident airliner flying from Belfast to London. The reason it didn't work is simple, it was placed under a seat but luckily the passenger that sat there was a fat bastard and his weight disrupted the device so that either the timer failed or the wiring was disconnected in a crucial spot. It was found at Heathrow and the whole thing was hushed up.

You won't find this in the official archives, but I know someone who was there and it's as true as any other actual IRA incident of the 70s. Personally I missed the Harrods bomb in the early 80s by about half and hour, some of my friends were inside the place when it went off. None of us would have been in favour of the current arrangements because on a large scale they just don't work and they are a threat to everyone for as long as the data is kept in storage for poring over later.

Sometimes it just comes down to the percentages, there is a tiny chance of being killed by a terrorist in your lifetime but being totally surveilled is always a 100% bad thing for the population at large.

0
0
Brian Morrison
Bronze badge

Re: @Trevor_Pot

The price of freedom is that in a statistically insignificant number of cases, mad people kill others at random and are not stopped before they excute their plot.

We used to accept this, then some time in the last 20 years or so everyone thought they were at no risk of dying at all except for being killed by maniacs.

5
0
Brian Morrison
Bronze badge
Thumb Down

But the problem is...

...you're not sifting a haystack for needles, you're either sifting a haystack looking for hay or a pile of needles looking for needles...

3
0

UK.gov: NO MORE tech deals bigger than £100m. Unless we feel like it

Brian Morrison
Bronze badge

Re: Is this the first time that ...

Even if it is, you can bet that any lessons will be forgotten or hidden behind that old 'Beware of the leopard' sign...

2
0

Clink! Terrorist jailed for refusing to tell police his encryption password

Brian Morrison
Bronze badge

Not in the UK it isn't.

6
1
Brian Morrison
Bronze badge

Re: Here's another legal hypothetical ...

Really decent tamper-proof hardware has several measures in it to prevent physical intrusion, often just cutting a single conductor in a wire net surrounding the storage elements within a potted assembly causes the inbuilt battery to be inverted to several kV and this is then applied backwards across the storage device power rails until they are no longer able to recall their own names.

0
0
Brian Morrison
Bronze badge

Re: and another thing ...

This is what is totally fucked up about this sort of law, it may only be used against terrorists now, but while it remains on the statute books there is no reason it can't be used against someone who is rocking the establishment's boat. If you get a worse version of the current Home Secretary then that could easily happen without any change of government or indeed law.

4
1
Brian Morrison
Bronze badge

Re: GCHQ isn't the problem

If only we still had a free society eh?

7
1
Brian Morrison
Bronze badge

Re: Once more proof

It seems that there is a new attack against Truecrypt.

http://it.slashdot.org/story/14/01/15/2214249/truecrypt-master-key-extraction-and-volume-identification

Since the police had physical access to the device it would appear that this makes all such devices vulnerable.

0
0

ANYONE on Google+ can now email you, with or without your Gmail addy

Brian Morrison
Bronze badge

That's no surprise...

...if they're still using bang path addressing.

2
0

Campaign to kick NSA man from crypto standards group fails

Brian Morrison
Bronze badge

Re: Conflicts of Interest

I think the problem is Jefe, that while I accept pretty much all of what you say (I've been partially involved in standards bodies over decades) I can't see any real way to do it much differently. Often it takes a lot of work behind the scenes to validate a proposal and no one is going to put that out in public because it's often done using techniques that are not known to competitors (or the details of the techniques are not known to them).

Is there another answer? Maybe, but standards already take forever to crystallize and adding to the time taken won't be popular with the people who want to sell products based on the standard and make money from them.

2
0

Chinese Jade RABBIT SIGHTED ON MOON by NASA probe

Brian Morrison
Bronze badge

Re: 2001+

Wrong moon old chap, that was Europa wasn't it?

Oh, and there was that chap in the space suit using up his last remaining air and battery power to broadcast an explanation. Maybe that one didn't make it through the Great Firewall...

1
0
Brian Morrison
Bronze badge

Re: Wouldn't it be better if solar panels were ...

No, because the energy they would have to absorb then would make them get very hot. You want the photons that excite the voltaic bit of the cells, not the IR photons that make things hot.

7
0
Brian Morrison
Bronze badge

Re: It's a conspiracy I tell you...

...perhaps not, but backed up by a spring-loaded pivoting cricket bat mounted on the music boat it would improve their capability no end.

1
0

Mosquitoes, Comets and Vampires: The de Havilland Museum

Brian Morrison
Bronze badge

Re: The Mossie and tech versus numbers

The Sherman's propensity to brew up was actually not due to its gasoline fuel (diesel oil also burns very well when atomised) but in fact was because the gun ammunition stowage was too close to the more vulnerable sides of the tank where a hit would transfer energy into the shells. Once that propellant is ignited inside the turret it's game over.

2
0
Brian Morrison
Bronze badge

Re: The Mossie

The early Mosquitos were glued together using casein glue, which is pretty much made by boiling up cattle remnants (hooves etc) after they've been butchered for meat. It's organic, and bacteria like it, and it absorbs water making a delicious meal for the little buggers.

Later on the Mosquito was built using formaldehyde-based glue, it had none of the problems seen with casein glue and so allowed the aircraft to fly in the tropics without falling apart in a couple of months.

1
0

Why UK.gov's £1.2bn fibre broadband rollout is a bumbling FLOP

Brian Morrison
Bronze badge

So, finally...

...my local BDUK project's rollout plan has now appeared on the local council web site. This is Bedfordshire, in the area adminstered by the Borough council.

My village will get "superfast broadband" but not until Phase 3 of the project between January and June 2015, Phase 1 won't start until July 2014 so I suppose that it could be worse.

Luckily there is only one BT cabinet serving our whole village, but of course no guarantee that this estimated rollout will stay on track.

I wait with bated breath...

0
0
Brian Morrison
Bronze badge
Joke

Thought it was supposed to be better in super-slowmo...

0
0

No anon pr0n for you: BT's network-level 'smut' filters will catch proxy servers too

Brian Morrison
Bronze badge

No, it really isn't time to give the paranoia a rest....

...because we now have the proof of how much the establishment fears the populace and is putting in place the mechanisms to protect itself.

Did I ever think that the UK would become China? No, I didn't, but it is happening before our eyes and if we're too apathetic to do anything about it then we deserve our fate.

The thin end of a very long wedge is being gently inserted, it can only get worse with time unless people act.

17
3

Twitterers rally round #CensoredUK - to demand MORE PORN

Brian Morrison
Bronze badge

Already there...

...in fact it got an article in the Telegraph, it's called Make Love Not Porn.

As with all such ventures it will live or die based on its hosting costs vs subscriber numbers.

1
0

UK.gov to warn tweeting twits, celebs 'n' pals on court case comments

Brian Morrison
Bronze badge

Re: If it's such an offence. Then why hasn't Peaches Geldof been arrested?

From the article, it appears that it was HM Courts and Tribunal Service that actually published the names of the women, this was then put on a US web site and PG read it there.

A bit awkward to prosecute someone if they have seen information that the courts themselves disseminated in error.

1
1

BlackBerry CEO: Reports of firm's death 'greatly exaggerated'

Brian Morrison
Bronze badge

Re: Not 'Greatly Exaggerated'

Running which software version? If it was pre-10.2 then things have changed quite a lot.

0
0

Microsoft, HURTING after NSA backdooring, vows to now harden its pipe

Brian Morrison
Bronze badge

I don't think so, it's a type of tree that is called a Monkey Puzzle tree colloqially in the UK. The name refers to the sharp needles on the branches that are thought to make it difficult for even a monkey to climb.

It's actually a Chilean pine, and part of its scientific name Araucaria araucana was also used by the recently-deceased Guardian crossword setter Araucaria.

0
0
Brian Morrison
Bronze badge

Re: Operationally, Snowden is a hero

When I see people with such power laying it on thick in front of a committee that didn't so much as gently chew their socks let alone bite their ankles then I automatically get suspicious. I can work out where the weaknesses are in comms systems, so can the bad guys. Assuming that telling their techies what they already knew will affect things badly is just disingenuous.

These people have too much power and can gain access to too much without sufficient oversight. I would rather take my chance of 0.00001% of being injured by terrorism in my lifetime than have a 100% chance of having my personal information hoovered up and stored and also face a worsening risk of my banking details becoming known to criminals because the spooks corrupted the crypto and crypto systems.

1
0

BBC's 3D blunder BLASTED OUR BRAINS – Doctor Who fans

Brian Morrison
Bronze badge

Re: Like, ahem, cooking pr0n and talent shows.

They have all these channels don't they, perhaps they could supply different viewer groups suitable programmes on different channels?

I enjoyed watching that Jim Al-Khalili last night, absolute science and equation pr0n!

2
0

Google's Schmidt predicts end to global censorship in a DECADE

Brian Morrison
Bronze badge

Ah yes, governments...

...that are supposed to be "of the people, by the people and for the people."

Which address has just passed the US government by?

0
0

Qatar whips covers off giant footballing vagina

Brian Morrison
Bronze badge

Re: I bet

The 7th veil I presume...

0
0

BlackBerry flings John Chen $89 MILLION to save troubled firm

Brian Morrison
Bronze badge

The Playbook was shipped before the memory requirements of BBos 10 became obvious, and he sensibly decided not to update people's tablets to a standard which would have caused fairly dreadful performance having seen the effect on the internal development Playbooks with 1GB of RAM fitted.

Playbook OS 2.1 is more than adequate, especially when you consider that the tablets were on sale a year ago for less than 90 quid.

Maybe as BBOS 10 matures it would be possible to put a less memory hungry version on a Playbook but I suspect that Blackberry are not going to devote any development effort to it now so it is most unlikely to happen.

3
0

MPs blast 'alarmingly weak' management of one-dole-to-rule-them-all

Brian Morrison
Bronze badge

Re: Failure poker...

You can't put the words "politician" and "learn" into the same sentence.

The reason they can't, and won't learn, is because none of this stuff has any relevance to their taxpayer-subsidised lives. If they were suddenly to find themselves at the mercy of the DWP in real life so that they understand why it all goes wrong and why it's so important to the downtrodden to get it right then we'd see some cluefulness applied.

But it's not going to happen is it?

1
0

How Google paved the way for NSA's intercepts - just as The Register predicted 9 YEARS AGO

Brian Morrison
Bronze badge

Re: secure?

What plaintext emails? Most of my Exim headers contain the string AES-128 or AES-256.

Of course, if I keep the email on my server then it could be seized under judicial warrant, but if the only readable copy came from my end and I have deleted it then the contents can only remain in my head and that's not open to fishing trips from LEAs even if I haven't forgotten what was in it.

2
0
Brian Morrison
Bronze badge

Re: I expect to get a zillion downvotes but...

There is a crucial difference. Google may well scan the email and then serve up relevant (splutter!) ads, but it doesn't then keep that email (unless you want it kept), the tokens used to determine the ad in question or anything other than the fact that an ad is served, payment is recorded against the entity supplying the ad and then that's the end of it.

The NSA grabs the data and stores it for processing at their leisure. We have no idea whether they're currently chewing through archived stuff from 2009 or whether their processing is fast enough to be somewhere in late 2013. If an ever more repressive government got its hands on that data it could rescan it all for any purpose and the send in the secret police at 3am to wherever it felt like.

6
2

OK, maths wonks: PRIME TIME has arrived

Brian Morrison
Bronze badge

Re: And for those that also miss the afternoon session...

Don't forget Sandy...

0
0

Page: