1970 posts • joined 22 Jun 2009
Re: Welcome to Urfscked. Population: you
> Some businesses are really tight with the wrong budgets obviously.
Yup, I'd say that. Well to be honest there's perhaps 10 times that in bulk when you account for the RAID array and the offline backups, and it's all expensive 1st-tier drives, but it's still only 5TB accessible to the lusers. Endemic underfunding of research and all that...
Re: Steven R Welcome to Urfscked. Population: you
> the device *might* have a one touch backup button
Yeah, we were kinda hoping to avoid that actually, especially as I have no idea whether the data in there has any value at all (Most of it doesn't, that I know for sure).
The good news is that I just went and plugged my laptop into the ethernet port of the NAS box, took a bit of fiddling to ifup with an IP in the right range but thanks to wireshark I can now talk to it in samba. The shared part is now saved, I just need to gather login/password info from the half-dozen of other users to check if there is anything of value on there before we can wipe everything and start fresh!
As most of them undoubtedly use the same password for banking I expect a bit of friction, but hey, if it's either that or lose their precious excel templates...
Re: i'm thinking
Thermite, phosphorus strip, small torch triggered by the opening of the drawer. Just for the look on his face when the wreck unfolds live before his very eyes.
Welcome to Urfscked. Population: you
We have a nice shared filesystem with a 5-tier permission system that is working relatively well here. automatically mirrored and backed up, nice. Only there's 5 TB of space available for ~700 of us. And No. Fucking. Quotas. So of course it's chronically full to the brim, and we have a locally-managed NAS box in a cupboard for our backups. Which had to be set up by the network guys so that it is accessible by the lusers without having to "configure" anything.
But it's locally managed, so the netops promptly forgot about it (2 years ago) and just switched the static subnet it was part of to dynamic... just before the holiday, as it were. When contacted, it becam (slowly) evident that they had forgotten everything about the config or the admin password that they set. We're headed to a factory reset as I type. As I am the cautious type I mirrored the part I have access to just before The Events, but a few of my colleagues did not see the need for it and are now well and truely screwed (that is, until I tell them I can pull the -single- drive out and restore from that, but I'm going to let them marinate a bit before I do that)
Re: Ooooh yeah
Not quite the same, but cool link thx.
Since my old laptop died (last month) one of my Pis is my main desktop, which revived my enthusiasm for fiddling with the lil' guys (which over the years had turned into XBMC media centers only). So I think I'll try this. But I only have one spare at the moment, so I can't try the "cluster" part. Oh noes I'll have to buy yet another one!
Good good good.
I'm a bit torn on one point though: an ARM port. On one hand I'd love to have an OpenVMS SD card to slot in my Pi; on the other hand a VMS server kinda has to be heavy, that's part of the package. Or perhaps I could build a tungsten case for my Pi.
Paris is too close to London to be of any interest to you guys I suppose. Bah. I'll just have to stick to my day job then.
As a scientist by training myself...
I'd say that even though absence of evidence is not evidence of absence, it seems rather hard to interpret said absence of evidence as positive proof as the IPCC is doing.
"There's no evidence, and that's no evidence of absence, therefore it must be happening" seems a bit twisted to say the least.
Jumped to Midori and xxxterm myself. Plus the trusted oldies: Dillo, for when scripts and other eye-candy is not wanted or w3m, for when a graphical environment is not available.
Ignores hacking attempts and keeps going...
How long till it ignores control attempts from fleshies altogether and does the Logical Thing by itself?
Re: IT support
"many ran poles"
I bet that was pre-Sept. 2001. Running poles these days... not a good idea. Especially in the tube.
Closer to the topic, I'm a bit curious about the polls you mention. I have no first-hand experience of UK.gov, but in all other gov dept I've seen or been part of end user were never asked for their opinion. Is your gov really _that_ more considerate (and foolish)?
Re: Of course it won't get rid of MS
"Outside UK.gov itself, people will send the government documents in the format of their choosing. UK.gov will read documents in whatever format they come in."
In my experience in dealing with govs in general, you either punch in the data in an ad-hoc piece of software (either online or downloadable application) or you sent the doc in the precise format they ask. They most certainly don't "read documents in whatever format they come in". You do have to send it in their specified format or it goes directly to the bin. It used to be MS formats most of the time; sometimes even the version is indicated. I have had to install software specifically for gov dealing-with purpose; on a dual-boot machine kept specifically for that usage, using MS licences bought specifically. If I could have had sent ODF files at the time I would have save a few hundred quids. No biggie, but still.
Of course it won't get rid of MS
On the other hand what it will do is that it will allow people to work with UK.gov without paying the MS tax.
It will also ensure that critical documents will still be accessible in 20 years.
Be as vague as humanly possible
When asked ANY kind of question by a US govman, make an effort to be as vague and uninformative as possible. That's not because of some tinfoil-hatted theory but because they are almost all poor sods who failed the interview to enter Wallmart security. They just follow the script, and they have keywords that they have to followup on. To avoid inadvertently muttering one of these, always be as vague as possible, avoid multisyllabic words, basically avoid saying anything that you would not find in a "my first book of words" book (and make sure to avoid the more complicated ones in these, too).
Re: So not just insecure to the Chinese..
"The alternative to a broadcast system is a mesh. The would require a node to transfer traffic not meant for it, but would help decenteralize the network."
No, I'm not the one who downvoted you but a mesh won't work. As long as you piggyback on the TCP/IP protocol there has to be a machine somewhere that knows the destination machine's IP. Tor is pretty good at hiding this from an outside observer but an inside attacker with enough ressources will eventually find out. Litterally the only way to avoid that is to remove the concept of "target" machine entirely. In a broadcast model the target being an encryption key makes it almost impossible to pinpoint it ot a physical machine (unless you go out of your way to do stupid things). Tor already largely operates as a mesh (same as for freenet for example) and it is well known that it is only a mitigation measure; it's not bulletproof.
The "only tiny little problem" with a broadcast model is the frigging mess that would ensue. Imagine the tube at rush hour, and then imagine everyone in there shouting at the top of their lungs.
Re: Risky Business
I was playing with the thought myself and I came to the conclusion that the actual services being unmasked did not matter (after all you could just set up your own hidden service and unmask that; which is most probably what they did).
My opinion (and I'm wrong at least as often as every other guy on the net) is that it's either
-a technical liability (whoever you unmask, you're still "bypassing technical measures yadda yadda yadda", HACKER YOU, thanks RIAA/MPAA/DOD/whoever)
-or gov. agencies using the same techniques who don't want them publicly demonstrated as it would make it easier to implement a workaround
(-or both of the above of course)
PS: Re: What you're accused of...
"What you're accused of... is the same as what others have been prosecuted of. Clear enough for you?"
As a sidenote and just to be clear, you're not accusing me of distributing child porn are you?
Re: What you're accused of...
What you're accused of... is the same as what others have been prosecuted of.
You seem to be very confused about how TOR works. You are probably referring to the case of the Autrian exit node operator from a few weeks ago; it is not even distantly related to what is discussed here.
As a primer, what happend in Austria was that someone accessed child pornography material on the web (possibly a police honeypot) through TOR; in a nutshell they sent an encrypted request to a nearby node, which forwarded it to another node with an added layer of encryption, and another, and another, and finally to the Autrian exit node which forwarded the request -in clear- to the honeypot, making it look like the request originated from the Austrian exit node. There was no tracking involved, someone just wrote down the IP adress on a post-it and sent a request to the corresponding ISP.
Here we are talking about "hidden services" in TOR parlance, which are servers accessible only through the TOR network, no "regular" unencrypted internet involved. The methods discussed are not aimed at examining content but at associating a "real-world" IP with a TOR node ID; possibly because it is serving illegal content, possibly to bring as many nodes as possible offline to disrupt the network, possibly in a bid to compromise or otherwise take over as many nodes as possible for whatever reason ("circle" infiltration, plain regular fishing trip, ...), possibly just to map the network and add TOR node operators to the watchlist.
Re: Do you really think you can hide?
So the reason for tracking isn't the content?
Not necessarily. These days anyone using encryption in a way or another goes on the NSA's "interest" list, regardless of the content they receive or send. Some people use TOR just to avoid being tracked while browsing for legal but perhaps embarrassing content; others use is just for the heck of it. Others use it because they think it is important to keep such networks alive just in case something goes horribly wrong with the 'tarwebs regulation (à la Great Firewall of China). And probably many many more reasons.
Prove that a snapshot of all the content being transmitted through TOR right now isn't mainly comprised of compromising material and I'll fight your corner with you. You won't do that though will you.
No I won't, because I don't have the technical ability to take a snapshot of all the content transmitted through TOR, because even if I could take the snapshot I would not have the technical ability to decrypt it, and also because I could not possibly care less.
That's the problem. Innocent until proven guilty only works if you can't be proved guilty. Right now you don't have an alibi for anything that might be found to be incriminating. It's a fair cop. Accusations have been made but you're not throwing up any arguments to discredit them are you?
What The Almighty Fucking Fuck are your talking about? What am I accused of that I don't have an alibi for?
> if there is an easily 'sploitable flaw
My understanding is that it's no easily exploitable flaw but a long-known design weakness which originates from the fact it uses TCP-IP, and hence each node knows the IP adress of its "adjacent" nodes in the chain. With enough time and control over enough nodes, you can slowly home in on anyone who is continuously on the network (that would be most hidden services) "just" by recouping hops. The counter-measures such as forced latency etc are only partially effective. I think there may be a way to force the traffic through other nodes under your control which would speed up things considerably (there is for sure a way to _avoid_ routing the same packets through several nodes that you control).
Re: Do you really think you can hide?
"I don't use TOR because I don't download illegal content and don't need to look at "CP" Isn't that the basic assumption behind the reason for anyone using it?"
Daily Mail logic spotted. You have curtains on your windows and a lock on the bog's door, hence you have a meth lab in your bedroom and you rape kids in the john everyday.
"Sure, the stuff within the network is encrypted"
That doesn't prevent tracking, which is the issue discussed here. The content is not a concern.
"as soon as you convert that picture/mp3/data back into some form of recognisable file format to view it once it's left the exit node then it becomes fair game doesn't it?"
That's wrong on soooo many levels!
-The exit node is the one far away from you, not the one sending you the content directly. That would be the entry node.
-The entry node has your IP but doesn't send you the content in clear form, the final decryption step is performed on the target machine (i.e. your machine).
-In the context of hidden services (which is what is discussed here), there is no exit node. Everything originates from, and stays on the TOR network. As a corollary, everything is ecrypted at all times. Which is not the concern here anyway, we're talking tracking not content.
Re: So not just insecure to the Chinese..
To be fair my installs still state that TOR is experimental, not fully tested and DO NOT RELY ON IT FOR STRONG ANONYMITY. At each startup.
So, nothing to complain about really. Both the implementation and the design benefit from disclosure of this kind of vulnerabilities.
Of course there's the unavoidable fact that anyone with fat enough pipes and enough servers*, given enough time, will eventually be able to home in on you. That's true for anything that relies on wired, machine-to-machine networks; TOR only makes it much harder than on a centralized network. The only way to get around that would be a broadcast model, with machines listening to the whole of the traffic but only being able to read what they have the decryption key for (a bit like how crypto mail works on Usenet). Really doing it by radio broadcast would be safer than Usenet though. And usable for synchronous activity such as web browsing.
* they can be virtual ones, hence the "handful of powerful servers" cited here: probably used to host thousands of virtual ones.
Don't worry about hacking skills
Most of the hackers I know where raised with little or no 'tarwebs access. You learn hacking hands-on, not through Carolyn Meinel's website. You still need some tech manuals but I doubt they'll be covered by the ban.
So, no hope for the middle lanes then. On a side note, I find it amazing the number of people ready to fire up their fav blog to vehemently defend their perceived right to not let their wheels touch the left lane (that they insist is the "slow lane"; apparently it's forbidden to drive there above 50mph in their twisted world). It's a deadly shame to be seen on the "slow" lane. You must absolutely avoid it a all cost. Even if the road is otherwise completely empty you must stay on the center lane or be seen as "slow"; perhaps "they" will even think you're lacking in the manly appendage department.
And these people are not even all driving beemers!
@ Graham Marsden
I agree with you completely. On the other hand, most people don't stop to have a nap at a service area. They never did, and never will. They grab a coffee and think it'll keep them awake 'till the end of their journey (it rarely does). We're talking about the same kind of people who ignore the red Xs completely because they lost 5 minutes once. These people only realise that they can't keep awake after they've begun snoring. In that case it is better to stop at once rather than sleep-driving another 50 miles for a service area.
Or are you advocating that people who actually fall asleep on the wheel should carry on driving at all cost untill they find a service area (or die trying?).
There's illegal-grade stupid, and then there's 10-dead-in-a-gruesome-accident stupid. Putting them on the same level as you do is bordering on dangerous. Of course I don't dispute that if you feel drowsy you should have a nap somewhere "legal", preferably before you even began your journey.
Re: @ElReg!comments!Pierre - Genuine reason.
"If someone is feeling sleepy, they should pull off at the next junction or service area and stop and get some sleep."
I totally agree. On the other hand, the real world called. They said "people who feel sleepy just drink a coffee and think it'll pass". Unfortunate undoubtedly, but hey, who am I to argue against facts?
"Doing it on the Hard Shoulder is not only illegal, but stupid because[...]"
Sleeping on the wheel at 130 km/h is also illegal and stupid but it still happens all the time. I'd prefer if it happened at 0km/h on the hard shoulder instead. It's still illegal but a tiny tiny bit less stupid. I sincerely hope no-one needs me to explain why.
Re: Genuine reason.
Honestly, speaking about legit reasons, "felt like taking a nap" strikes me as the typical illegal-but-somewhat-legit one. I hope the guy got off with a slap on the wrist. I agree that you SHOULD not hit the road when you're too drowsy to drive, but given the choice I'd rather drive on a highway where people stop on the hard shoulder to take a nap than on one where they do not stop to take a nap.
It happens all too often that the car you're about to pass drifts in your lane only to promptly go back as the driver wakes up. If you think it's stressful in a car, try it on a motorcycle (before the bikers among you ask, yes I do know where the gas throttle is. But I'm a law-abiding citizen, I wouldn't want to break the speed limit).
... with enough elephants at hand you don't need them to do any sniffing at all
number of genes != better sense of smell
It shows they have potential. Dogs and rats are pretty good at detecting odours at an almost-homeopatic level; whether elephants can do so remain to be evaluated.
Re: good data is valuable
I had deleted my post as it made me look like a pontificating prick, but it's in accordance with what you say so I'll retrieve from the "Withdrawn" bin:
"Yes, vague words are meaningless
Data is worth exactly what you can sell it for; much as anything else really. There's no reason to treat it differently. Processing does not intrinsiquely add value to it; it may be useful to discard the valueless bits though. But only if the analysis is done properly; though, the analysis is what has value, and more specifically the _quality_ of the analysis.
A piece of white stone you find in the ground is virtually valueless; it becomes very valuable once it has been identified as a diamond by an expert; unless said expert is my 5-yo nephew.
Same for collected email adresses for example (a string with an @ in it). They have not much intrinsic value unless they are verified to be real adresses; ie they have a valid TLD; more importantly, they don't bounce. Even more importantly, they are not one-time discardable adresses (firstname.lastname@example.org is more valuable than email@example.com, presumably). Value increases as the person behind the adress can be shown to be responsive to marketting to that adress (firstname.lastname@example.org is unlikely to buy CHEAP C1AL!5; in fact the email will probably not get through the filters and the PA. email@example.com may be a more valuable adress in this case -well, not anymore but you get the point). So, the value is not in the data itself, same as it isn't in the ore itself or in this white stone my nephew found in the rocks. The value is in recognizing what you can or cannot do with the data, and then doing it."
Oldies but goodies
I find The Proxomitron is quite a handy way to get rid of all this crap. That, or browsing from a JS-free browser. Of course nowadays many pages are almost entirely written in multi-Mb JS even the ones which could (and should) be a simple 1-Kb HTML form...
Seems reasonnable to me. I mean, I'm all for entrepreneurship and market freedom, all that, but doesn't Google Mail T&C stipulate that you shouldn't use it for business purpose?
Re: Bad choice for a name too
"Cambridgeshire being a mob dead spot"
Not sure what it means but I'll avoid going there just in case.
It doesn't take a rocket scientist...
... to conclude that it is really an alien spacecraft crash site.
Or, it really takes not a rocket scientist to conclude that this is an alien spacecraft crash site.
Same words, slightly different order, take your pick!
40 per cent have turned down sex with their partner in favour of playing on their smartphone.
That's not because they're 18-30 as you suggest. That's because their partner is a 18-30 male ;-) hence they probably turn down sex several times a day for various reasons, including "I'm on the phone with mum, stupid", "what are you doing I'm washing the dishes", "hush now, the other customers are watching", "you'll get us thrown out of the bus" or "I said no, airplane seats are too uncomfortable". And yes, probably "In a minute dear, I'm this close to breaking my personnal best in Angry Birds". Not that surprising really.
Re: Er, timing?
> I have heard that "screwing the PoWs wive" still carries "hanged, drawn and quartered" in the UK. Any chance we could get Assange to do that?
She probably wishes! But death penalty doesn't exist in the UK anymore. Civilized country, all that.
Re: Er, timing?
"From Sweden, you just need the UK plus any original conditions they would have to meet including Australia."
Sweden is not bound by Commonwealth rules, and the UK would not be the extraditing party, so no. That is not recursive. Sweden would not be asking "do you agree with extradition" but "Is there anything you want with him before we send him away", which are very different questions.
Re: Er, timing?
>The UK has "next right of trial" on St. Julian for skiping bail. So once the Swedes are done with him he goes back to the UK for that
Word of the street is, the US has a sealed injunction waiting that far predates the bail-jumping. If that's true, IANAL but I think it has precedence as the charges would be both pre-dating the bail-jumping AND more serious. Otherwise the bail-jump may have been a clever tactic from the white-haired one to be prosecuted for something -anything- outside of the US... but again, given the possibility of the sealed injunction, that's a pretty huge chance to take.
> civil law trials from the persons putting up the money for the bond
Yeah, I would not count on that. Anyway that would not prevent extradition. Chronology.
Re: Operation Winkle
Just to be the devil's advocate, such comments here present are most probably more illegal in the UK than anything Assange may or may not have done in Sweden. Under current
antiterror laws the very act of posting such calls to/threats of arson (on El Reg or elsewhere) carries a bigger penalty than what Assange may risk if he's charged in Sweden. So... ready to pack, chaps?
Just to, you know, put things in perspective.
Re: Er, timing?
"For the Swedes to extradite him onwards to the US, they must first get the same permissions from the UK as if he were here, so again the question, why on earth would "they" need to do it via Sweden when all the same legal hurdles are in place plus Sweden's?"
To deport him from the UK you'd need Australia's permission. He's a Commonwealth citizen, you see.
From Sweden you just need the UK (good lapdog) and Sweden of course (the very country that serves as a NSA foothold for EU surveillance... what are the chances of them saying no?).
Re: Er, timing? @ mmeier
"Possibly a time in jail with no events"
Nope. The offense for which he may or may not be charged in Sweden doesn't carry jail time.
Re: Er, timing?
". He's also traded an uncertain likelihood of jail time in Sweden for definitely having committed a crime in the UK."
No. The alleged offence in Sweden doesn't possibly carry jail time, only a moderate fine.
Re: Er, timing?
"1) It's not unusual. In Swedish law, you get charged in Sweden, not in the UK"
He's currently not charged for anything anywhere. Extradition without charge is incredibly uncommon, actually a cursory check failed to bring up any precedent -appart of course for the infamous "extraordinary rendition" process - so it may well be a world first.
"Sweden is irrelevant, he's on the run for breach of bail, he's going to a nice prison in Kent as soon as he comes out of the embassy"
But did't he breach bail to avoid deportation? (I'll help you, the answer to this one is "yes". He was comfy in a mansion belonging to one of his friends, why would he leave it?). Your circular reasonning is not going to help you
" It's all irrelevant, because you twist your conspiracy theories to suit any contingency. Literally anything you could consider unusual or "opens the door for"."
Not twisting anything. If he is charged (in Sweden or anywhere else) he'll undergo trial there before anything else happens (extradition to the US for example). I he goes to Sweden and is not charged, he can be deported to the US right away. So making him come over to Sweden without charge litterally "opens the way" to its immediate extradition to the US. That is how it works. It does not, however, "open the door" to the end of the world, as your fiendish misquotation tries to infer I meant.
Detect man from machine?
I thought you were supposed to do that by detecting heartbeat. The iWatch could also conveniently re-broadcast said heartbeat asynchronously, to make you appear inanimate to the sensor.
Terminator for lack of an Autonomous Mobile Sword icon.
Re: re . Poopy
It is not only an offense in France to insult a public official*, but also to insult anyone who is in charge of delivering a public service. That's pretty wide and includes teachers and postmen for example. It is however very unlikely that "poopy head" would be considered an insult in France; it's closer to a proposition actually. I would give example of what would be considered an insult in France, but even the individual bits would probably be so nasty as to crash El Reg's british server -and all the british routers on their way.
*It's contempt actually, not insult, that is an offence, but close enough.
Re: Bing (google.co.fr)
Clearly a clever scheme from Google to avoid the French ban on free shipping of readers to blogs.
Good to see that Serious Crime is taken Seriously
I expect a swift drastic reduction of all serious crimes across the UK. That, or a reduction in the Dreaded School Map Dodgers and Fly Tippers gang that is putting our lives at risk everyday. Not to forget Parking Ticket Evaders. Apocalypse averted, then. Pheww!
And all that only at the cost of a tiny bit of generalized comprehensive spying on your every move. Bargain!
Re: Adobe Flash?
Seriously, can someone rip the sound from soundcloud and post it somewhere in a standard-compliant format?
First it complained that my RaspBian install doesn't have flash. Fair enough (and by that I mean "utterly idiotic but rather common").
So I try today from a computer that does have Flash installed. Oops, my browser is "not supported by Soundcloud" apparently, and "please download one of our supported browsers: Chrome | Firefox | Safari | Internet Explorer".
It's beginning to be ridiculous, back to the eighties and the infamous "please install IE6 to view this site" but I must admit that Midori is not a very commn browser so maybe it can't play sound the exact way Soundcloud wants, and hey, OK, why not since it's Let's Be Stupid day apparently, I'll try from a computer that has one of the 4 supported browsers.
Ah. Doesn't work either; I suspect Soundcloud doesn't like this version of IE (no idea why: too old, too new, not the right default font or perhaps it's just that bit of salad on my teeth: it still gives the same "NOT SUPPORTED" error message).
EDIT Apparently xxxterm works. Why it didn't want to talk to Midori is anyone's guess...
- Tricked by satire? Get all your news from Facebook? You're in luck, dummy
- Feature TV transport tech, part 1: From server to sofa at the touch of a button
- Google straps on Jetpac: An app to find hipsters, women in foreign cities
- Updated Microsoft Azure goes TITSUP (Total Inability To Support Usual Performance)
- The Return of BSOD: Does ANYONE trust Microsoft patches?