* Posts by Alan J. Wylie

102 posts • joined 12 Jul 2008

Page:

Xen urges another upgrade to get OpenStack humming

Alan J. Wylie

There's still another security issue waiting in the wings

http://xenbits.xen.org/xsa/

Advisory / Public release / CVE(s) / Title

XSA-141 / 2015-09-01 12:00 / assigned, but embargoed / (Prereleased, but embargoed)

0
0

The Ashley Madison files – are people really this stupid?

Alan J. Wylie

Troy Hunt's "have i been pwned"[1] site links to pastes on pastebin.

Let's look at one example[2], and the section "Ashley Madison Dump Vatican Emails"

Unique domains:

$ sed 's/.*@\(.*\)/\1/' va.txt | sort -u | wc -l

99

And ones with an MX record:

$ sed 's/.*@\(.*\)/\1/' va.txt | sort -u | while read x; do host -t mx $x > /dev/null && echo $x; done | wc -l

0

None!

$ grep k12.va va.txt | wc -l

42

"k12.va.us", however is a domain for primary and secondary schools in the US state of Virginia.

So - lots of typos or data truncation/corruption in the 1st example I looked at. Certainly no e-mail addresses linked to the Vatican.

[1] https://haveibeenpwned.com/Pastes/Latest

[2] http://pastebin.com/wjRvQqcc

2
0

Choc Factory research shows users just don't get security

Alan J. Wylie

Disable Javascript and block adverts

Towards the top of my list are disable Javascript and only enable on a "need-to-render" basis, and run an ad-blocker.

0
0

Happy NukeDay to you! 70 years in the shadow of the bomb post-Trinity

Alan J. Wylie

Personal connection

My first job was working for Laser-Scan in Cambridge, a company founded by Otto Frisch. He died shortly after I joined, however my colleagues knew him very well. His and Rudolf Peierls' 1940 memorandum worked out how only a small amount of fissionable material was required and described the effects of the blast.

https://en.wikipedia.org/wiki/Frisch%E2%80%93Peierls_memorandum

2
0

Brit boffins teach mere PCs to find galaxies in Hubble pics

Alan J. Wylie

Hanny's Voorwerp

What would it make of Hanny's Voorwerp? I would hope it would flag such anomalies up for human investigation.

0
0

Microsoft: Stop using Microsoft Silverlight. (Everyone else has)

Alan J. Wylie

Ordnance Survey

At last, the OS has an alternative to the Silverlight interface that I have been complaining to them about for years.

https://www.ordnancesurvey.co.uk/osmaps/

3
0

Congratulations! You survived the leap secondocalypse

Alan J. Wylie

All is not well, though

* National Physical Laboratory is still advertising the leap second

$ date; ntpq -c "mrv &1 &999 leap,srcadr,stratum"

Wed 1 Jul 15:07:44 BST 2015

srcadr=139.143.5.31, leap=01, stratum=2

$ host ntp2.npl.co.uk

ntpsvr2.npl.co.uk has address 139.143.5.31

* A large number of servers didn't, list of servers by country code:

http://pastebin.com/WqkyRTTz

* Google servers (time[1-4].google.com) didn't advertise the leap second, and slewed rather than stepped for the 12 hours before and after, (which was exactly by Google's design).

(Also an interesting "discussion" on systemd's use of them by default)

https://github.com/systemd/systemd/issues/437

* And one server didn't advertise it, was OK for a while after 00:00:00 UTC, and is now about a second out

-ntp0.ovh.net .GPS. 1 u 337 1024 373 2.691 997.187 920.966

Probably due to an issue with its GPS interface

3
0

Tower of BT Bubbly: Fancy nibbling atop a strategic data hub?

Alan J. Wylie

Beware giant kittens

https://www.youtube.com/watch?v=Jr6CyU-Ev_M

7
0

Why is it that women are consistently paid less than men?

Alan J. Wylie

Crunching through these numbers we find that there is no gender pay gap among people under the age of 30. There is a small one among the next age group, and that persists, even widening out as we get up to people in their 60s.

Could the explanation for this be that well paid, married, women will tend to retire at 60 (or even earlier), less well paid women will slog on.

7
0

News website deserves a slap for its hate-filled commentards, say 'ooman rights beaks

Alan J. Wylie

Godfrey v Demon Internet Service

UK court case establishing a much broader principle back in 2001:

https://en.wikipedia.org/wiki/Godfrey_v_Demon_Internet_Service

Demon Internet didn't remove a Usenet posting from its servers after being requested to do so. Court found against Demon.

1
0

ISP Level 3 goes TITSUP after giganto traffic routing blunder

Alan J. Wylie

#WhoBrokeTheInternet

Hashtag #WhoBrokeTheInternet

0
0

NASA shock: Flying saucer predicted over Hawaii on Wednesday

Alan J. Wylie

As foretold by Arthur C Clarke

in his novel / film "2010" (though that was Jupiter, not Mars, and it was aerocapture, not aerobraking, but the principle's the same).

1
0

Chlorine gas horror leak at Apple data center puts five in hospital

Alan J. Wylie

Chlorine dioxide is used to kill Legionella bacteria, responsible for Legionnaires’ disease

2
0

Amazon cloud to BEND TIME, exist in own time zone for 24 hours

Alan J. Wylie

Just like Google

Sounds exactly the same as Google's "leap smear" approach

The Register article from 2011

Google Blog, 2011

and on-going discussion in nntp:comp.protocols.time.ntp

1
0

'Right to be forgotten' festers as ICO and Google come to blows

Alan J. Wylie

Dr Fun, Jan 1996

http://www.ibiblio.org/Dave/Dr-Fun/df9601/df960124.jpg

3
0

Japanese astro-boffins race to recover pulsar-spotting balloon basket

Alan J. Wylie

axis, not access

its particles scream out at nearly 70 per cent of light speed along its rotation access

1
0

RAF radar station crew begs public for cash to buy gaming LAN kit

Alan J. Wylie

Scrounge some bandwidth from GCHQ

Staxton Wold is less than 5km from GCHQ Scarborough, as mentioned Yesterday

They are both on hills, with low ground in between and probably have line-of-sight between them

http://www.megalithia.com/elect/terrain.php?Make=-1&ngr=TA021778&bht=10&ngr1=TA011867&daod=10&dname=&dht=0&go=go

2
0

Snowden scandal latest: NSA, GCHQ lingo-spies replaced by unstoppable RHINEHART robots

Alan J. Wylie

A good time to start learning Welsh and conduct all my business in it

Alan Cox started learning Welsh a decade or more ago. What did he know that we've only just found out?

3
0

POW: Smut-seeding copyright troll slammed as 'extortionate'

Alan J. Wylie

Harry Pregerson, not Dean Pregersen,

http://en.wikipedia.org/wiki/Harry_Pregerson (with an "o")

Exactly 70 years ago he was "severely wounded in the Battle of Okinawa".

http://popehat.com/2015/05/04/prenda-law-and-the-terrible-horrible-no-good-very-bad-appellate-argument/

Dean (also a judge) is his son, born after the war ended.

7
0

Boeing 787 software bug can shut down planes' generators IN FLIGHT

Alan J. Wylie

unsigned 32 bit counter in centi-seconds

0x7FFFFFFF = 2147483647

2147483647 / 60 / 60 / 24 / 100 = 248.551

1
0

Can't wait to bonk with Apple? Then try an Android phone

Alan J. Wylie

Don't use numbers or special characters.

Clearly the Vodaphone web creators have never read https://www.mjt.me.uk/posts/falsehoods-programmers-believe-about-addresses/

Bo’ness, Westward Ho!

1
0

IT'S WAR: Hacktivists throw in their lot with spies and the military

Alan J. Wylie

cyder-espionage group

cyder-espionage group

somebody's upsetting the apple cart.

2
0

Hack hijacks electric skateboards, dumps hipsters in the gutter

Alan J. Wylie

CVE assigned

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2247

and this article is referenced

0
0

National Grid's new designer pylon is 'too white and boring' – Pylon Appreciation Society

Alan J. Wylie

Re: They're not bottom of the [boring] food chain by a long way

"http://www.telegraphpoleappreciationsociety.org"

And they even have a 'Pole of the Month'!

There's a Pylon of the Month site too!

0
0

China weaponizes its Great Firewall into the GREAT FIRE CANNON, menaces entire globe

Alan J. Wylie

Can I be the first to coin a phrase?

"Chinaman in the middle attack"

4
3

Audi TT: It's NOT a hairdresser-mobile, the dash is too flash

Alan J. Wylie

I recognise that reservoir: Ringstone Edge, B6114.

https://www.google.co.uk/maps/@53.658847,-1.923031,3a,75y,318.92h,88.2t/data=!3m4!1e1!3m2!1shQer2XwaHBcLlcoTThZ1IA!2e0

A nicer day when Google's streetview car drove by, though.

0
0

UK call centre linked to ‘millions’ of nuisance robo-calls raided by ICO

Alan J. Wylie

Nuisance Calls. Brighton. That rings a bell.

http://blogs.mirror.co.uk/investigations/2010/04/sky-falls-in-on-jailed-satelli.html

0
0

Life, the interview and everything: A chat with Douglas Adams

Alan J. Wylie

"a stage play"

a stage play?

More than one:

* The ICA in London (clashed with my finals, didn't get a ticket in advance, turned up anyway and saw it up to the destruction of the earth).

* I also went to the the production at the Rainbow Theatre, Islington.

* Theatre Clwyd did it too, saw it when it was at the Arts Theatre, Cambridge.

Knowing what to google for, there was a web site on the subject:

http://www.douglasadams.eu/en_h2g2_hitchhiker-on-stage.php

but it seems to be showing default content at the moment. Wayback machine:

http://web.archive.org/web/20150207084540/http://douglasadams.eu/en_h2g2_hitchhiker-on-stage.php

0
0

'Roly poly' soft, wobbly robot BANGS EXPLOSIVELY, leaps 0.5m in air

Alan J. Wylie

Re: Terrahawks

Not Terrahawks - Power Rammers

Hope they are all wearing steel toecaps

0
0

UK spaceport, phase two: Now where do we PUT the bleeding thing?

Alan J. Wylie

Re: Where to put it?

> Sri Kanda mountain on the island of Taprobane

Oooh - that's the second time today I can mention butterflies.

2
0

Sophie the Stegosaurus was a teenaged fat lass claims triple-D model

Alan J. Wylie

Be careful

> We won’t be able to know for sure until someone invents a time machine and goes back 150 million years to when Sophie was roaming the landscape in what is now North America

Don't step on any butterflies.

8
0

RIP Leonard Nimoy: He lived long and prospered

Alan J. Wylie

Re: Binge watch time

Bilbo Baggins: https://www.youtube.com/watch?v=AGF5ROpjRAU

1
0

Superfish: Lenovo ditches adware, but that doesn't fix SSL megavuln – researcher

Alan J. Wylie

SSL Certificate now public

Robert Graham has gone further and decrypted the private key for the certificate, which is installed as trusted on who-knows-how-many systems.

http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html

6
0

Hello Barbie: Hang on, this Wi-Fi doll records your child's voice?

Alan J. Wylie

Re: the nsa will love this

They will ban them from their premises, just as they did with Furbies back in '99

Doesn't look as if El Reg covered it back then

http://news.bbc.co.uk/1/hi/world/americas/254094.stm

2
0

Are you running a Telnet server on Windows? Oh thank God. THANK GOD

Alan J. Wylie

Telnet server open to the Internet

http://www.blinkenlights.nl/services.html

telnet towel.blinkenlights.nl

telnet towel.blinkenlights.nl 666

0
0

Ofcom mulls selling UK govt's IPv4 cache amid IPv6 rollout flak

Alan J. Wylie

Lock In

1) Without fixed IP addresses that can be reached from the wider Internet (NAT'd addresses are effectively firewalled), IOT devices will need central servers, which allows the IOT manufacturers to charge for the service. Want to set your TV to record? No way to connect directly to it from your smartphone, you'll have to connect to a server and hope your TV also polls in time.

2) It is currently impossible to start a new ISP or hosting provider in the UK. That's a nice (anti) competitive advantage for the incumbents.

2
0

Govt spaffs £170k to develop the INTERNET OF SHEEP

Alan J. Wylie

> sensors on riverbanks could measure the flow of rivers

Do they mean like this:

http://apps.environment-agency.gov.uk/river-and-sea-levels/120697.aspx?stationId=8110

http://apps.environment-agency.gov.uk/river-and-sea-levels/120708.aspx

Really useful if I'm thinking of going caving

0
0

Zombie POODLE wanders in, cocks leg on TLS

Alan J. Wylie

> A couple of cross platform scripts that could test all the major browsers

> and web servers for compliance would be a lot of help too.

https://www.ssllabs.com/ssltest/

https://www.ssllabs.com/ssltest/viewMyClient.html

The server test is already updated to test for CVE-2014-8730

https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls

1
0
Alan J. Wylie

Recommended server TLS config

> There seems to be a need for a central page somewhere that says, quite

> simply:

> What protocols are safe

> How to configure popular software to use those protocols

https://wiki.mozilla.org/Security/Server_Side_TLS

is a good start

1
0

UK.gov quietly slips extra cash to AUTO ROBOTICA bods

Alan J. Wylie

Turning complete?

With all those roundabouts at MK, will the cars be Turning Complete?

2
0

Ten excellent FREE PC apps to brighten your Windows

Alan J. Wylie

Ad-Aware Free Antivirus+

Forgotten this article?

http://www.theregister.co.uk/2011/11/11/lavasoft_has_new_owners/

> Anti-spyware company Lavasoft AB is now owned by a set of online entrepreneurs who have been linked with misleading websites.

2
0

Chipmaker FTDI bricking counterfeit kit

Alan J. Wylie

And now causing amusement on the Linux Kernel Mailing List

http://thread.gmane.org/gmane.linux.usb.general/116767

From: Russ Dill

This patch provides the FTDI genuine product verification steps

as contained within the new 2.12.00 official release. It ensures

that counterfeiters don't exploit engineering investment made

by FTDI. Counterfeit ICs are destroying innovation in the

industry.

+ /* Attempt to set Vendor ID to 0 */

+ eeprom_data[1] = 0;

+

+ /* Calculate new checksum to avoid bricking devices */

+ checksum = ftdi_checksum(eeprom_data, eeprom_size);

+

+ /* Verify EEPROM programming behavior/nonbehavior */

+ write_eeprom(port, 1, 0);

+ write_eeprom(port, eeprom_size - 1, checksum);

5
0

PARC Alto source code released by computer history museum

Alan J. Wylie

Re: Portrait Screens

It looks familiar, and no wonder: the design of the PERQ I remember from the early 80s was influenced by the Xerox Alto.

http://en.wikipedia.org/wiki/PERQ

The FORTRAN compiler used to grab some of the screen RAM, resulting in random flashes over half the screen.

0
0

Want a more fuel efficient car? Then redesign it – here's how

Alan J. Wylie

Re: Fuse wire

One thing not mentioned - use 24 or 48 volts, rather than 12V. Of course, all your electrical equipment: radio, lights, etc. needs changing or adapting, but your alternator, starter motor and a lot of cable all become a lot lighter.

The old army air portable Land-Rovers run off 24V

Almost impossible to retro-fit to an old vehicle, but previous proposals for a voltage of about 40 to 48 volts are being resurrected.

http://en.wikipedia.org/wiki/42-volt_electrical_system

http://ae-plus.com/news/audi-charges-up-to-48v-electrical-architecture

4
0

It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE

Alan J. Wylie

Re: Wythenshawe

IT angle: Wythenshawe was where the Ferranti Argus computer was developed.

http://en.wikipedia.org/wiki/Ferranti_Argus

http://www.bcs.org/content/conEvent/6440

2
0

NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)

Alan J. Wylie

Re: What's the hold up?

Can I suggest a name: "hassle"

1
0

Adobe spies on readers: 'EVERY page you turn, EVERY book you own' leaked back to base

Alan J. Wylie

Re: No, really, I read it and I have proof...

I know about zip bombs and xml bombs, anyone know anything about json bombs?

1
0
Alan J. Wylie

Re: 192.150.16.235

and another: 193.104.215.0/24

$ host adelogs.adobe.com

adelogs.adobe.com is an alias for adelogs.wip4.adobe.com.

adelogs.wip4.adobe.com has address 193.104.215.99

$ whois 193.104.215.99

inetnum: 193.104.215.0 - 193.104.215.255

netname: ADOBE-NET

descr: Adobe Systems Software Ireland Ltd.

country: IE

0
0

Countless Belkin routers go TITSUP in massive mystery meltdown

Alan J. Wylie

http://www.theregister.co.uk/2003/11/07/help_my_belkin_router/

> The marketing geniuses at Belkin, the consumer networking vendor, have dreamed up a new form of spam - ads served to your desktop, by way of its wireless router

> The router would grab a random HTTP connection every eight hours and redirect it to Belkin’s (push) advertised web page.

7
1

Page:

Forums