* Posts by Tim Brown 1

293 posts • joined 10 Jun 2009

Page:

IPv4 is OVER. Really. So quit relying on it in new protocols, sheesh

Tim Brown 1
Pint

Exhaustion? and yet...

The major dedicated server supplier I use is still happy to provide 16 free IPv4 addresses with even its low end servers (with justification of course).

2
0

Docker user? Haven't patched Dirty COW yet? Got bad news for you

Tim Brown 1
Holmes

I told you so...

When all the hype about Docker started I had a look at it and timely security updates was something that put me off the whole thing. That and the layer upon layer of the filesystem structure with seemingly no easy way to merge redundant layers was frankly a little psychotic (it may be better now, I haven't checked).

3
1

No means no: Windows 10 nagware's red X will stop update – Microsoft

Tim Brown 1
Joke

In other news...

The EU has decided to get Microsoft to design some nagware to get the British Government to invoke Article 50.

An EU spokesman said "We're seriously fed up that the British PM keeps clicking 'not just now thanks' on the reminders we've sent him so far"

9
0

Austrians are most likely to bare all on beaches

Tim Brown 1
Mushroom

Tech story because?

Or is the only tech relevance that this was a press release by a travel company with a website?

1
0

British cops to film you with 59k body-worn cameras by end of year

Tim Brown 1
Facepalm

You're under arrest! Now if you'll just sign this consent form...

How long before we get one or more dedicated TV channels for the footage? Channel 5 are 75% of the way there already!

0
0

123-reg email goes TITSUP

Tim Brown 1

Hotmail/Outlook/Windows Live Mail or whatever they are calling it this week is also titsup at the moment.

0
0

Yahoo! shows! off! for! suitors! by! diving! into! red! ink!

Tim Brown 1
Holmes

It's tough at the top

Presumably, as the results were "in line with our expectations" the CEO and the rest of the management fat-cats will be taking home their six-figure bonuses and seven-figure salaries as usual then, which probably goes a long way to explaining the loss...

5
0

BT hauled into Old Bailey after engineer's 7-metre fall broke both his ankles

Tim Brown 1

Re: Not so funny.

I have a house in rural France and around here nobody seems to have heard or care about H&S rules.

It's common to see people working on steeply pitched roofs without any safety equipment whatsoever.

There's one old boy who works on his own with a van and a long ladder repairing roof tiles. He was at a house across from me last year and it made me feel quite queasy to see him going up on the roof all on his own, even climbing the ladder one-handed as he held on to a stack of new tiles on his shoulder with the other.

2
0

Not Bitcoin, but close: Red Hat and Microsoft bite into blockchain tech

Tim Brown 1

The problem with blockchain tech...

is that there is no concept of archiving. So to properly verify the current entries you need the whole blockchain which just keeps growing and growing.

Unless that is, you have some sort of central authority to sign and publish checkpoints in the chain periodically.

3
0

Apple's fruitless rootless security broken by code that fits in a tweet

Tim Brown 1

Re: Software updates

Yep, Apple need to get off their high-horse. All they've effectively done is create a super-super user. It doesn't make root problems magically go away, it just moves the target.

Meanwhile, slightly offtopic, but try checking the details of an HTTPS certificate in mobile Safari... and you can't.

8
0

Your unpatchable, insecure Android mobe will feel right at home in the Internet of Stuff era

Tim Brown 1

kernel version?

I just checked both my recent Android devices (one of which is a fully patched Nexus 7, running Marshmellow) and both are running a Linux kernel version 3.4.x, so why is kernel 3.10 mentioned?

Is this bug related to Android version or Linux kernel?

1
0

HTC teases yet another make-or-break comeback flagship

Tim Brown 1

Re: Suicidal HTC?

Have to agree there.

Not being a fan of the massive phablet, I was happy to snap up an HTC one mini 2 last year at a bargain price since it apparently wasn't a popular model, but I'm very happy with it. But the rumoured design just leaves me cold.

0
0

SSL's DROWN not as bad as Heartbleed, still a security ship wreck

Tim Brown 1

Is TLS vulnerable or not?

My understanding is that TLS was a 'rebranding' of SSL when it got to v3.1 (i.e. TLS v1.0 = SSLv3.1) . However reports often seem to mix the terms as we have in this story ( "An attacker can exploit support for the obsolete SSLv2 protocol – which modern clients have phased out but is still supported by many servers – to decrypt TLS connections.")

So in simple terms is my TLSv1.2 connection vulnerable simply because the server still supports SSLv2 (even if I'm not using it) or only if my connection is actually SSLv2?

And if I'm confused (as an experienced IT person) what hope does the average user have?

0
0

Dan Kaminsky is an expert on DNS security – and he's saying: Patch right God damn now

Tim Brown 1

It's the nature of security consultants to big-up the problem

Not that I'm complacent, I patch the Linux servers I manage at least every week.

However security consultants like to make the latest bug sound like the end of the world, when really it isn't and isn't anywhere near. Well-managed servers will get patched in a timely fashion, some badly managed servers will get deservedly bitten, need to be rebuilt, and in the process we may get to learn who the IT-incompetent companies are (I'm looking at you Talk-Talk).

The world will keep turning and a few more cowboys will go to the wall.

2
4

When asked 'What's a .CNT file?' there's a polite way to answer

Tim Brown 1

Re: What's a .cnt?

"Oh yeah, and what about the man page on "ln" which eschews the usual unix idiom and waffles so effectively that no-one can figure out which comes first: the file name or the link name. man pages are a cowpat in the field of technical documentation."

I don't know what Man page you were looking at but on Debian 8.3 man ln starts:

NAME

ln - make links between files

SYNOPSIS

ln [OPTION]... [-T] TARGET LINK_NAME (1st form)

Then goes on to list the variations and what each option does. Pretty clear to me.

2
0

BT blames 'faulty router' for mega outage. Did they try turning it off and on again?

Tim Brown 1
Mushroom

Twenty years from now...

a former BT engineer may post the real story in "On Call"!

3
0

Little warning: Deleting the wrong files may brick your Linux PC

Tim Brown 1

Re: Sounds Really Clever?

Systemd may not be the principle culprit but it's certainly an accessory to the crime. Why does it mount that special filesystem r/w by default?

Just another little bit of evidence that the systemd developers don't think things through and that their whole approach is a disaster waiting to happen.

3
1

Disputed eBay platform vuln poses ‘severe risk’ to tat bazaar's users

Tim Brown 1
Holmes

Wrong culprit?

Without wishing to defend Ebay, surely if javascript is allowed to do anything it shouldn't, the real problem is in the browser?

1
0

How to get root on a Linux box, step 1: Make four billion system calls

Tim Brown 1

If you build your own kernel, presumably you'll incorporate the kernel patch for this bug, which has already been released, so you won't have to worry whether CONFIG_KEYS is set or not.

2
0

BBC risks wrath of android rights activists with Robot Wars reboot

Tim Brown 1

Re: One man and his dog

Try "Flockstars"

(yes that really was a programme in 2015, gawd help us!)

0
0

France says 'non' to Wi-Fi and Tor restrictions after terror attack

Tim Brown 1

Simple political trick

Erm, they were never going to do the things in that leaked report anyway. It's a standard trick to release rumours of extreme policies so that you can look magnanimous when you don't implement what you were never going to do!

Unfortunately, here in Britain nobody explained the tactic properly to David Cameron and George Osborne so they plough ahead with daft policies only to be forced into a u-turn later...

9
2

Lock up your top-of-racks, says Cisco, there's a bug in the USB code

Tim Brown 1
Mushroom

Not the biggest threat

If you're trusted sufficiently to get close enough to one of these routers to plug in a malicious usb key, presumably you're also close enough to pull out the power cable, take a hammer to it, or simply hit the off switch!

5
0

Free HTTPS certs for all – Let's Encrypt opens doors to world+dog

Tim Brown 1
Holmes

Can I get a certificate WITHOUT running their software?

My installation is not standard, I know exactly what to do to install certificates since at the moment I'm using a self-signed one for testing. So can I get generate a certificate without all the self-install gubbins?

3
0

PHP 7.0 arrives, so go forth and upgrade if you dare

Tim Brown 1

Re: WTF is a "spaceship operator"?

I can't see that the 'spaceship' operator helps in any great way other than to allow people to write 'clever' code which obfuscates what it does and leaves a maintenance programmer wondering if it might just have been a typo.

10
0

Who owns space? Looking at the US asteroid-mining act

Tim Brown 1
Happy

I own a bit of the moon

and I have a piece of paper to prove it!

Anyone else remember the fad for 'selling' bits of space several years ago? Someone gave me a certificate of land ownership from MoonEstates as a xmas pressy. I shall pass it down to my heirs and one day one of them may be very rich... (or not)!

1
0

Nominet to hike price of UK web domains by 50%

Tim Brown 1
Mushroom

Power corrupts...

and so do six-figure salaries for doing sod all.

12
0

Downloads for Windows 10 November big-bang build axed by Microsoft

Tim Brown 1
Meh

What about the Dev VMs?

Anyone checked if the VMs at

https://dev.windows.com/en-us/microsoft-edge/tools/vms/windows/

have been updated?

(I only run Windows > 7 in VMs now and that's only for compatibility testing)

0
0

Google takedown requests mushroom as copyright holders play whack-a-mole

Tim Brown 1

"Is there a list of those domains anywhere? Presumably they're good sites for freebies. Does Google have a public listing of blocked sites?"

See https://lumendatabase.org/

0
0

France's 3-month state of emergency lets govt censor the web

Tim Brown 1

Re: It's just like a bad French remake of the US 2001 bullshit

"It's safer to sit behind a computer than to go into the field to gather intelligence"

Indeed, and that leads on to trying to fight a war with bombs and drones instead of putting 'boots on the ground' because it's safer. Wars can never be won solely from the air, they just create more refugees and more radicals out for revenge. Also, sad though it is to say it, casualties on your own side help to get the politicians talking to find a peace.

5
0

Chaos at TalkTalk: Data was 'secure', not all encrypted, we took site down, were DDoSed

Tim Brown 1

data already being used?

Don't know if it this is related but our spam filters have picked up a batch of spam/malware emails all being sent from several different @talktalk.net email addresses to what appears to be a list of emails in address books.

Could just be a co-incidence or someone may already be exploiting the stolen data.

3
0

Windows 10 out, users happy, PCs upgraded, my work here is done – says Microsoft OS chief

Tim Brown 1

Re: That guy...

Yes, it's weird that a guy in charge of a supposedly cutting-edge OS still has his haircut (wig/dye) stuck in the 90s!

2
0

How far will Microsoft go with Android?

Tim Brown 1
Mushroom

In the 1980s Microsoft probably laughed at IBM's failure in the desktop market

Now it's their turn.

5
0

4K catches fire with OTT streamers, while broadcasters burn

Tim Brown 1

Waste of time and money, you can't break the rules of biology.

Unless you have a very large room and a very large TV your eyes physically can't register any difference between the HD we have now and 4K.

I won't bore people with the details here but go and research the biology of the eye if you're interested.

The main application for 4K (apart from manufacturers trying to con people into buying expensive TVs) is for use on the massive screens in public spaces.

10
3

Alleged $32m Gemcoin crypto-bucks scam busted by Feds

Tim Brown 1

32 million??

Plenty of people with more money than sense there then.

0
0

WIN a 6TB Western Digital Black hard drive with El Reg

Tim Brown 1
Coat

Virtual Reality doesn't make any difference. No matter how much you shake and dance, the last three drops go down your pants.

0
0

Containers everywhere! Getting started with Docker

Tim Brown 1

Containers, otherwise known as installing apps for dummies.

I had a look at Docker when all the hype started about a year or so ago. It's certainly makes installing things very easy, so you don't need to know anything about dependencies within a system. But really is this ignorance a good thing?

The major issue is that it completely cuts you off from the normal security updates of your chosen Linux distribution, you're reliant on your container maintainer (or mass of chained in container maintainers) to provide an update in a timely fashion.

A smaller issue is that the layered file system structure used by containers can grow to be very inefficient.

0
1

So how do Google's super-smart security folk protect their data?

Tim Brown 1
Holmes

Re: Yes, password manager

If your keyfile is never copied anywhere and only kept on the memory stick, I'm assuming you actually have two very special memory sticks? One kept somewhere very safe? Otherwise what happens if the memory stick dies?

1
0

Official: North America COMPLETELY OUT of new IPv4 addresses

Tim Brown 1
Mushroom

And yet...

Dedicated server companies such as OVH still offer 16 IPv4 addresses with even their mid-range servers for free... so apparently no-one has told them that IPv4 addresses have run out!

(see https://www.soyoustart.com/us/essential-servers/ )

1
0

Did GCHQ illegally spy on you? Now you can find out – from this page

Tim Brown 1
Mushroom

Uhm..

Has someone done a security audit on the charity website? I'd hate to see an 'Ashley Madison' happen to them!

0
0

Debian upgrades Wheezy and Jessie with a combined 372 updates

Tim Brown 1

Re: Wheezy remains in production, as system-d still not fully stable compounds this

My own experience, when I did a default upgrade from Wheezy to Jessie on a test box was that syslog was no longer showing important shutdown messages from Mysql, so it wasn't clear if the database process had exited cleanly. These messages may well have gone to journald, but the default setup was not saving the previous journald on a reboot so I had no way of knowing without diving into the systemd configuration.

Quite frankly I was extremely fed-up that an upgrade should mess around with logging in this way. It was not something I wanted. i was relieved to discover a way to do the upgrade on live without getting systemd.

IMHO such a fundemental change should not have been a default option when upgrading in the first place. It's equivalent to telling Postfix users to use Exim instead "just because we say so"

0
0
Tim Brown 1

Re: Wheezy remains in production, as system-d still not fully stable compounds this

systemd causes problems with rsyslog because on boot it starts it late and on shutdown it kills it too early. Thus you miss (possibly important) startup/shutdown messages.

1
0
Tim Brown 1
Thumb Up

Re: Wheezy remains in production, as system-d still not fully stable compounds this

To upgrade from Wheezy to Jessie without having systemd take over your system, then before you upgrade put in a file in /etc/apt/preferences.d/

Package: systemd-sysv

Pin: release o=Debian

Pin-Priority: -1

Your upgrade should then be pretty painless.

1
0

Channel surfers and the irresistible rise of Content Delivery Networks

Tim Brown 1
Holmes

CDNs don't play nice with HTTPS

It's rare for a day to go by without my browser popping up a warning on some supposedly 'secure' site about a certificate not matching a hostname and the culprit is more often than not a CDN.

0
0

UK.gov makes total pig's ear of attempt to legalise home CD ripping

Tim Brown 1
Pint

Re: Has anybody ever been convicted of format shifting?

Except laywers Sue, Grabbitt and Run and their ilk may well see an opportunity to send out blackmail letters to the populace.

You know the type of thing "we are giving you this opportunity to avoid legal action by our clients (the greedy music industry) by paying a fee now of 100/200/500/1000 pounds..."

1
0

Cortana threatens to blow away ESC key

Tim Brown 1
Mushroom

Wait.... you have to press a KEY to talk to your digital assistant?

These Toshiba execs have obviously not watched enough Star Trek.

Whenever did you see Kirk have to press a key before "Computer - initiate self-distruct sequence..."

4
0

RAF radar station crew begs public for cash to buy gaming LAN kit

Tim Brown 1
Mushroom

Re: No TV

Indeed, you do rather fear for the safety of the free world if, with all their kit, all they can manage is 'intermittent tv signals'.

"Is that a missle heading our way? Never mind, it's gone now, must have been a glitch... wait, its back... no gone again.... back... gone... perhaps if you go and stand in the corner next to the window?"

Oh and Freesat would I'm sure be adequate and save them between £40 and £80 quid a month!

1
0

New Windows 10 will STAGGER to its feet, says Microsoft OS veep

Tim Brown 1

Is that a wig?

Is that a wig that Joe Belfiore has on in that picture or just a really bad haircut?

0
0

America was founded on a dislike of taxes, so how did it get the IRS?

Tim Brown 1
Pint

Death and taxes

At first the property tax sounded ridiculous - then I remembered that the UK has Council Tax which is paid by everyone no matter whether you own or rent....

0
0

ICANN banked $60m from dot-word auctions. Just what exactly is it going to spend it all on?

Tim Brown 1
Mushroom

My suggestion

Just give everyone their money back and scrap all these pointless gTLDs...

7
0

Banks defend integrity of passcode-less TouchID login

Tim Brown 1
Facepalm

Your phone and your thumb!

In other news, Apple's TouchID leads to a rash of muggings where the muggers steal your phone AND cut your thumb off...

2
1

Page:

Forums