Feeds

* Posts by David Hicks

1243 posts • joined 22 Apr 2008

Samsung's smart TVs 'wide open' to exploits

David Hicks
Linux

Re: I don't want a smart TV.

@AC - "A TV is not a computer,"

When it's running linux on its multi-core ~GHz processor, has installable applications, a web browser, can stream media all over the place etc etc.... yeah, it is a computer.

Essentially a Smart TV is like an iMac with slightly more emphasis on the screen and less on the computer power, but they're much the same sort of deal.

8
1
David Hicks
WTF?

Re: Rootable? You'd hope so!

What exactly should I not be tinkering with in a device that I bought?

14
1

Nook Video store launches, brings UltraViolet to Blighty

David Hicks
Stop

Re: Barns & Noble are not a UK retailer

Heh.

I don't disagree with any of that, but when our own government (in the form of GOV.uk) uses Google Analytics and an outsourced helpdesk program from zendesk in San Francisco, it kind feels like the battle has been lost.

1
0

Kim Dotcom shows off new mega service

David Hicks
Stop

Re: Security for users of the inter-tubes?

"incredibly tyrannical US government"?

Holy moley do you need to recalibrate your sensors, unless by "incredibly tyrannical" you mean "It's hard to believe how tyrannical the US government is because it's not very tyrannical at all".

There are a lot of dodgy things going on in the western world with respect to individual liberty and privacy. There is abuse of power by governments. However Obama is not an arbitrary (unelected) or absolute ruler and the abuses by the state in the US, while occasionally heinous, are not that bad compared to ... say anywhere that actually has a dictator.

There is much injustice to be fought, but hyperbole doesn't really help.

2
2

Tor node admin raided by cops appeals for help with legal bills

David Hicks
Childcatcher

Re: This is why I can't run an exit node

You'd still be letting your link be used for this stuff, adding to the network capacity. Though perhaps you've just highlighted a potential attack on the system, if you had a lot of nodes and bandwidth that all flooded the network with nothing much and then requested it over and over again.

Either way I ain't touching that.

1
2
David Hicks
Happy

Re: Blimee...

You can fit 5 drives inside a microserver easily, lets be generous and say he's updated to the latest and greatest 4TB drives, that's 20TB per microserver. A 2TB laptop drive could be crammed in at the top and connected by looping the eSATA port back inside the case. The internal USB slot can host a thumb drive, and there are another five externally for another 1.5 TB. With a suitable USB-3.0 card in the PCIe 1x slot an with internal socket and three external you could add another 4 of these for another TB.... you might be able to pick up and *maybe* fit in the case a PCIe flash card in the x16 slot for up to another TB, bringing us to ~25.5TB per microserver before we even consider external SATA or USB3.0 enclosures...

So with a decent budget and some determination you *could* do 100TB in four microservers I reckon.

2
0
David Hicks
Big Brother

This is why I can't run an exit node

Or a freenet node, or really be part of any other sort of darknet where you don't monitor stuff going over your own links.

Not because there's a legal risk, but because I'm damned if any network or computation resources of mine are going to be used to transmit child porn.

11
9

That square QR barcode on the poster? Check it's not a sticker

David Hicks
Meh

Meh, I wouldn't grant them a patent on the technique, some of us cam up with that idea as soon as we heard about QR codes.

And I've still *never* seen anyone use one.

2
0

Stallman: Ubuntu spyware makes it JUST AS BAD as Windows

David Hicks
Meh

Re: What about Android?

Stallman, IIRC, shuns all mobile phones, including android.

4
1

E-reader demand slumps, slapped down by slates

David Hicks
Linux

I think they may be fine with that

As I'm pretty sure the Phat Profitz are in the books anyway.

No physical distribution, no printing costs, still more expensive than a paperback? Check. No hardware costs either? Pure profit for amazon.

1
2
David Hicks
Linux

Re: No surprise

"Is the battery life really a bit deal for 99% of buyers..."

Err, yeah. Being a slave to the power socket with a tablet is far less fun than having a thing that just works for months at a time. You pick it up, press the button and start reading, even if you forgot about it for weeks.

I also find e-ink to be far kinder to my eyes than backlit displays.

4
0
David Hicks
Meh

People have ereades perhaps?

They've been out a while and (other than the backlight) is there much reason to upgrade?

That said I was thinking of getting my mum a kindle for Christmas, but someone above reminded me it's actually got some pretty big downsides - ebooks are often MORE expensive than the paper versions, which is ludicrous, and you can't borrow or lend them easily. So maybe not. Also she's only just got used to using 'the Google' (firefox) rather than 'the internet' (AOL) so introducing more tech to her life at this point might just be cruel...

0
0

Being responsible, creative and motivated means you aren’t

David Hicks
Happy

Still capable but lazy :)

Although starting to realise that I'm more capable than I thought...

1
0

Operation Hunt the Hunter: Anonymous targets 'revenge porn' man

David Hicks
Stop

Re: Good

"Actually not illegal UNLESS he explicitly said ... "

Wasn't saying it was illegal, the point of that post was that the guy is a worse arsehole than some of the other bottom-feeders that usually post these pics purely for titillatory purposes and not as a way to expose them to friends and family, or enable stalking.

There was some debate about the 'legal firm' trick as to whether it could be classified as extortion. Still not sure if that was the same guy, mind. And either way, legality is moot, the guy's a slug, which is an insult to slugs.

1
0
David Hicks
Paris Hilton

Re: Legal situation

I was under the impression that release forms were more of a nicety than a necessity. Though if the site is US based it may fall foul of the necessity to keep records of the ages of the victims....

Meh, there's a whole mess in this area, evidently Senor Scumbag has managed to slither through the gaps well enough up until now.

1
0
David Hicks

Re: Good

@Eguro

"Well I'm fairly sure that publishing photographs of (almost) any nature of a person without permission is in fact against the law."

I'm pretty sure it's not, I think that's your first problem. Especially of folks in public places. If the pictures were taken by the person uploading them (who therefore holds the copyrights) then the site has the right to publish and whoever is in the picture has no rights at all, particularly not to get the pics taken down.

If the uploader was just a recipient of the image and not the original photographer then it's possible that a DMCA takedown could be legally effective, and a civil suit could be prepared against the uploader.

The only time I think this sort of thing would become illegal in the criminal (rather than civil) sense would be if it could be shown to be harassment. IMHO, IANAL etc etc

Make no mistake - this guy is a class A scumsucker, I'm not defending him in the slightest, I just think you have a charmingly naive view of the protections offered to you by law :)

9
0
David Hicks
Thumb Down

Re: Good

"In essence, he is no more culpable than those sites that put up pics of nudists or public topless sunbathers as pr0n."

You know, except that whole linking it to facebook profiles, real life people, threats to link it to maps to allow stalking. You know all those things that make it far worse?

Not that I'm defending other sites that put up naturist or revenge pics, but they at least don't mix harassment in with their obscenity. I'm not sure if it was this guy but there was a site that hit the news recently that did much the same, and replied to any form of request for pictures to be removed with a link to another site claiming to be a legal firm who would issue the correct takedown for a low, low fee of only a couple of hundred dollars. Pretty damn despicable...

10
1

Clap Google, Amazon in irons to end tax shenanigans - MPs

David Hicks
Thumb Down

They have access to our market, and use our common infrastructure, morally they should be paying tax on their profits like everyone that runs a UK business is expected to. Basically, they're not paying the price of entry.

Even if everything they're doing is entirely legal, that does not itself mean it is moral. Seeking profit above all else, to the very edge of the law, is not inherently good or right. In countries where there are no environmental protection laws, is it moral for a company to maximise profit by just dumping its waste products into the nearest river?

0
2
David Hicks
FAIL

Rubbish

Utter rubbish.

Sales taxes are regressive and hit the poor worst.

What's more you'll find that if you apply this to companies they'll coalesce into single legal entities to avoid selling things between each other, therefore avoiding absolutely all tax.

You've come up with an AWESOME formula for impoverishing the poor and middle classes.

0
1
David Hicks
Stop

Re: @Chris Miller RE: Stemcor

@Chris Miller

There's a third option - it can be shown that Amazon, Google and Starbucks are profitable in the UK but move profits abroad via various tax-avoiding means (this *is* the case), whereas Stemcor is genuinely having a hard time of it (I have no idea if that's the case).

I have no love for politicians of any stripe, but these allegations seem MIGHTY convenient to me. Totally agree it should be looked into, personally I think everything the politicos are into ought to be investigated, but I'm not convinced this is the same thing that the big multinationals are up to.

2
2
David Hicks
Thumb Down

Re: Their obligations?

I love this argument - that everything right up to the edge of the law is somehow acceptable and 'right', completely ignoring any idea of social responsibility on the part of the people who make up these companies, who are supposed to be moral/ethical/sentient beings themselves.

Is it right that in countries with lax environmental regulation, that companies should just dump pollutants in the rivers? Or is it right we call them out for being immoral, exploitative and unethical?

Is it right and moral that companies use child labour and sweatshops in countries where that's allowed, in order to keep costs as low as possible so they can skim a slightly larger profit margin from selling the resulting goods to the west?

Me, I reserve the right to call the people running those types of companies (from my examples above) immoral and probably even evil, despite the fact that they're within all applicable laws.

By the way, I'm not trying to say the folks running Google, Amazon and Starbucks are evil, I'm just saying that the argument that companies are exempt from moral judgements over their actions is nonsense.

1
3
David Hicks
FAIL

Re: But what about muh socialism?

@GotThumbs - "I think Amazon should say....Screw em and don't do business in those countries at all."

Awesome, because it would be far better for them just to up and leave rather than pay a percentage tax on their profits.

Do you understand what a PERCENTAGE tax on PROFITS is? Idiot.

5
1
David Hicks

@Chris Miller RE: Stemcor

This seems to be a red herring as Stemcor is UK based and reports a low level of profitability - 1% - in the last year on record. A turnover of billions doesn't mean a profit in the billions.

I'm not saying it shouldn't be looked into, it absolutely should and not least because a politician is involved, but this doesn't seem to me to be a game of shipping profits around to the most favourable place as is being played by amazon et al.

2
1

Dell launches Sputnik Linux Ultrabook

David Hicks
Linux

Re: They are giving the middle finger to microsoft at last!

' At least as much as Windows, and fact probably more, but split over far fewer units sold.'

Which should be more than taken care of by the lack of windows license.

1
0
David Hicks

Re: They are giving the middle finger to microsoft at last!

I guess I never consider support beyond hardware failures, which should be the same, because as a competent software developer I support myself.

If they're going to start offering linux to consumers I can see it, but this is aimed at developers.

I'd still rather be able to buy one with no OS and no support contract.

10
0
David Hicks
Meh

Re: They are giving the middle finger to microsoft at last!

Economies of scale don't really apply to a situation where the hardware is the same but a different OS image is added. It's not going to add hundreds to the price to flash a slightly different image to the exact same hardware.

Now, I can see them wanting to recoup any development effort they put in by charging for it, fine, that could explain it just fine.

Still, don't hold your breath for Dell UK to get the picture. They flat-out refused to sell one of these without Windows when I enquired, and made no mention that they might be able to meet my requirements for an MS-free laptop in the near future.

3
1

Raspberry Pi daddy: Stroke your hardware at night, land a job easy

David Hicks
Meh

Re: Damn right

It depends what you mean by stand out.

Competently producing high-quality work to schedule is enough to stand out in a lot of places. Believe me, I've seen a *lot* of software shops that could vastly improve by having a few of these people on board. They may not be producing kernel device drivers or contributing to the Go runtime in their spare time, but they're head and shoulders above a lot of what you'll encounter in our industry.

Of course you want the device driver and Go folks if you can get them at a reasonable price, but these types are very few and far between.

1
0
David Hicks
Linux

Re: Damn right

I know plenty of folks making good money doing solid work at major corps, some of whom don't even have a computer at home. While I would look at enthusiasm and outside interest in a candidate without experience, not everyone that's good at the day job is obsessive about it at home too.

Maybe most of the best ones are, but not everyone can be the best and not everyone can hire the best, sometimes industry-average is fine.

0
0

TVShack O’Dwyer strikes deal to avoid US extradition

David Hicks
Black Helicopters

It's a trap!

El Reg needs an Admiral Akbar icon for this.

Next week we'll be reading about how surprised everyone was when he was arrested at the airport as soon as he cleared immigration.

This whole thing is a sham. If he committed an offence he did it here, in the UK, and should be charged under UK law. Same with that McKinnon fellow.

17
0

Annual reviews: It's high time we rid the world of this insanity

David Hicks
Pint

Contracting definitely has its appeal

I have a project. If I do the project on time and to a good standard we're done. Maybe I'll get another, maybe I won't, maybe I'll take it, maybe I won't. Maybe I'll raise my rates, maybe I won't.

But there's no bullshit appraisal based on management opinions. There's no writing down your useless goals for the year which are irrelevant a month later, never mind a year later when you have to try and twist what you actually did into a narrative that somehow supports what you said you were going to do, despite the fact those goals were discarded ages ago and you did an awesome job on whatever the hell else it was you were doing but somehow that might not count because it doesn't align with the agreed targets and anyway you haven't been engaging with the wider company and perhaps we can push for a little more leadership training in the next period and would you like to write an article for the staff news letter next month and by the way we've got an all-hands staff meeting this afternoon that's going to take three hours but be entirely content free because the visiting that exec has mastered the art of saying long strings of vaguely encouraging sounding words without conveying anything close to what might be considered a fact, factoid or piece of information in them......

Bugger all that for a lark.

5
0

Ten technology FAILS

David Hicks
Thumb Up

'I don't really need to pay £15 for a BD to just see better pore definition on some actors face'

Oh but High-Def is a *great* leveller.

You realise that the prettiest people that hollywood has to offer, even with all the makeup artists money can buy, still have bad skin and even the occasional lady-moustache.

0
0
David Hicks
Flame

Re: Linux?

Yeah I know, "The Year of the Linux Desktop" perhaps deserves the fail tag. Though I'm not convinced that was ever anything but a taunt by the 'anti' side.

Linux is incredibly mainstream though. It's the most popular smartphone kernel, it's on a lot of wireless routers and other infrastructure, it's in your tv, it's running your ISP servers, it's on credit card terminals and it's in a hell of a lot of other places. You're quite likely to have more linux devices in your life than windows ones (unless you're a sysadmin!)

Perhaps we ought to change the ironic slanging to "next year will be the year of the GNOME desktop" ;)

/flame on!

5
0
David Hicks
Meh

Re: Linux?

One of the most, if not the single most popular/common OS on the planet.... sure I can see why that would be in a list of technology failures!

6
2
David Hicks
Thumb Down

Re: Secondlife Is still Alive.

I can get away with reading the reg at work, not so much an immersive 3d environment....

3
1

Amazon's secret UK sales figures revealed by Parliamentary probe

David Hicks
FAIL

Amazon are very much in my bad books right now

But that's mostly because they just delivered my new memory stick to my mum. I'm sure I changed that default address....

0
0
David Hicks
Meh

Re: Previously...

There are many side effects of taxing corporate profit rather than sales. In theory -

- Struggling, barely profitable companies get to keep employing people without having to worry about the extra tax/sales disincentive that would come about if your plan was put in place

- It encourages reinvestment into the business. Why pay tax on profits if you can plough much of it back in and make the company even better?

- It hits those that can pay (profitable companies) vs indiscriminately applying to people who may or may not be the best targets. As the other poster mentioned, VAT is regressive.

The theory breaks down when profits can just be spirited away though.

4
0
David Hicks

LOL@Intellectual Property

'This is how EU entities pay for the use of Amazon’s technology and intellectual property, which is primarily developed in the US'

That might be an entertaining diversion if Amazon in the UK/EU/Wherever was an independent entity with a relationship to the parent something like a fanchisee, but that's not the situation is it?

3
2

Pong creator turns nose up at Nintendo Wii U

David Hicks
Linux

Theoretically I should be able to pair a PS3 controller...

Could do that with my N900 and the emulators I ran on it. That and tv-out made for much Sonic related joy in various hotels I found myself stuck in.

I assume that I probably could do the same with my newer android phone, but it doesn't seem that easy.

0
0

Nickers nab Assassin's Creed cache in Benelux blag

David Hicks
Paris Hilton

Reminds me I still haven't played the last one

And now I've looked it up I'm not sure how to go about purchasing it. There are a bewildering array of editions available, all of which have some extra stuff (but not really all of it).

Cheapy platinum edition it is then?

0
0

Wii U 'has been JAILBROKEN' via legacy games, say homebrewers

David Hicks

My Wii is jailbroken

Nintendo didn't seem to put anywhere near as much effort into stopping it as the other console makers, and I like that a lot.

I could load the homebrew channel to run non-approved software. Some nice team or other made a homebrew browser (I suppose we'd call it an app store now). I could run an isoloader so that I could play the games I bought and ripped from a drive - far faster than the optical drive and no messing about with disks. I could rip games to play on Dolphin on my PC.

I hope the U is fully broken before long, I might get one if I can do my own things with it.

1
0

'Rare for tech not to be involved in child abuse cases'

David Hicks

I'm sure there is truth underpinning this report somewhere

I'm sure many concerned people were honestly horrified by what they found. I'm sure they put the report together as best they could and with as much honest gravity as they could. I'm sure that they did their best to convey the seriousness of the situation to those that could convert concern into action.

I'm also sure that in the past we've seen minor errors at multiple stages that have resulted in scores of kids being removed from loving homes. Tread carefully.

6
0

PGP Zimmermann teams with Navy SEALs, SAS techies in London

David Hicks
Boffin

Re: 3 questions

@Paranoid AC

Oh I see, you meant to be compliant with the law! Of course I considered the legal landscape - I was looking at ignoring it completely and rendering it ineffectual. I guess it comes down to whether you prefer compliance and legalit or security and maybe being imprisoned.

I mean, of course you can't have properly secure comms and comply with all the various laws, the laws are specifically designed to prevent real security. You only have to look at the UK where many standard TLS ciphersuites could be interpreted as being illegal because you can't provide the government with a decryption key afterwards.

I don't think it would be that hard to secure a persons audio comms using decent tech and a reasonable frontend. I don't think it would be that hard to do it in such a way as your comms are unbreakable, even to you (after the fact), but that doesn't mean you wouldn't get put in prison for using whatever I designed.

Usability, flexibility, whatever else are really no more difficult to overcome than the tech issues, IMHO. But you absolutely have to start with the absolute knowledge that you *cannot* have real comms security without the user taking some extra steps - for instance meeting, in person, the folks that they want to talk securely to and using something like NFC to perform a 'bump' certificate exchange/cosigning.

I'm not saying these guys are doing that or are even any good, mind, I haven't looked into it.

0
0
David Hicks

Re: 3 questions

@kyza - Pls forgive density in this question...is this the equivalent of, or similar to, a one-time pad?

If this was directed at me....

OTPs are designed for encrypting smallish messages, and the pad itself must be exchanged between parties ahead of time. Generating and exchanging enough OTP data to carry on multiple phone conversations (you'd need a pad for each side) would be a hassle and you would have to top up your pad with face-to-face contact every so often.

OTPs also do not provide the protection of a proper authenticated encryption scheme, either. In the way they are typically used it's perfectly possible that a message could be altered in flight (say by a compromised router) if you make certain assumptions about the format of the underlying data. Using a GCM-like system protects against this. This weakness is something I thought of off the top of my head and I'm not even a crypto expert, just an interested amateur. I'm sure there are other weaknesses an expert could point out.

0
0
David Hicks

Re: 3 questions

Re: Question 3, I'm not sure what you mean by 'Really Secure' but using standard encryption methods you can get to the point where it's basically impossible to decrypt things.

By 'standard methods' I mean a proper authenticated encryption* scheme, public/private identity verification using private trust infrastructure and an ECDHE style key exchange mechanism with frequent changes and disposal of session keys. Recent versions of TLS implemented in well-audited libraries will do a lot of this for you.

In the case of data streams created like this they cannot later be decrypted by anyone, including the original parties, as all the keys used to encrypt the data are long gone. Legal sanctions then become useless.

(*authenticated encryption does not mean encryption with RSA-style authentication, it means schemes like GCM)

0
0

Evildoers can now turn all sites on a Linux server into silent hell-pits

David Hicks

Infection vector?

That's the more interesting part to me. Do we have a malicious employee? A remote exploit and then privilege escalation? Just some weak passwords?

The only time bad things happened to my public facing linux machine were during the time when it really shouldn't have been public facing and had horribly weak passwords. I was still half-way through adding kernel support for the platform, the root password was 'root' and root SSH access was allowed. Not that that's how they got in, first they gained access to the 'dave' user (password 'dave') and then spent quite some time guessing at root.

The eventual attempt at using their new-found power was full-on retarded though - they created a ramdisk (on a machine with 32Mb of RAM) and then tried to run a shoutcast binary, compiled for x86, on an experimental ARM box....

0
0

Ten Linux apps you must install

David Hicks
FAIL

Re: Normal people don't use Linux

I'll say here what I've said before - If you can't make one of the friendlier Linuxes work for you, and after days of struggling, then you have no right working in this industry.

It's really not that hard, and as much as you think you're showing us how broken linux is, you're really just exposing your incompetence. Which is why you've posted as AC no doubt. Wise, nobody I know would hire you after that admission.

8
1

Sony coaxes indie Vita, Android developers with $99 SDK

David Hicks

Until such time...

...as it's decided to be a security risk and canned, with no refunds and no apology, if Sony's usual tactics are to continue.

4
2

So you broke our encrypted files? Ha! They were DOUBLY encrypted

David Hicks

Re: If you encrypt something more than once...

@Arion -

Good point on the re-encryption. Must be that it just doesn't help when talking about double DES.

You're wrong about it being algorithmically secure, by the way, check wikipedia - there are three known attacks, one of which requires time equivalent to 2^39 - 2^40, quite a bit less than 2^56 brute force. From what I remember this may be down to a badly designed S-box.

0
0

Fart-buster underpants selling well among Japanese salarymen

David Hicks
Thumb Up

Re: Reminds me of an odd australianism

LOL, no I'm not sure if the burpless cucumbers are better for down-under bottom barks....

0
0
David Hicks
Go

Reminds me of an odd australianism

In Australia you can buy two types of cucumber - regular and 'burpless'.

I had no idea cucumbers and belching were associated, but apparently it's a big problem down under.

0
0