* Posts by Crazy Operations Guy

1237 posts • joined 29 Jun 2009

Page:

Linux Foundation releases PARANOID internal infosec guide

Crazy Operations Guy
Silver badge

Safe data destruction

That is why I made friends with a deep-sea fisher. Every few months I go out on a trip with them and throw my old disks (sans top covers) into the Pacific beyond the continental shelf. I challenge anyone to get to my information once its been subjected to 10 million Pascals of pressure and the salinity of the ocean, let alone recover that 20 cubic inch object from millions of square kilometers of thick muck.

0
0
Crazy Operations Guy
Silver badge

OpenBSD / Laptops

I have a lot of luck running it on older Lenovo laptops the (S)L410 runs like a dream with all hardware supported (My company just surplussed a couple thousand of the bastards, so you can probably pick them up for 50-100 buck depending on specs).

As for security, I've found that OpenBSD + XFCE + Firefox (With the recommended extensions) is much more resistant to Metasploit than a Debian install with the same software.

2
0
Crazy Operations Guy
Silver badge

Thermite vs. Thermate

They are different chemical compounds with the same effects:

https://en.wikipedia.org/wiki/Thermate

0
0

NVIDIA reveals GPUs for blade servers, Linux desktop support

Crazy Operations Guy
Silver badge

Re: Open Source?

Its always bothered me that there isn't some kind of standard instruction set that video cards must support. I figure that the PCIe working group should enforce such a thing before a video card can get a PCI ID, such as requiring that a card support a specific version of OpenGL using a well-known byte-code / mnemonic to execute such instructions. Especially make it so that GPUs could still execute a wide range of 3D operations without needing a driver, but a driver could be used to support advanced features.

This would be similar to the way CPUs work where the OS will run smoothly without a driver, but isn't able to use the accelerated encryption instructions or media streaming bits until a driver is installed.

0
0

Met Police to slash hundreds of IT jobs, hands £216m outsourcing gig to Steria

Crazy Operations Guy
Silver badge

"exploit low-income areas to keep wages low"

The biggest problem with that plan is that it only works short term. The funny thing about throwing a bunch of money at poor people is that the areas they live end up becoming nice areas with skilled laborers that now require much higher wages (Sometimes higher than what you were paying the in-house people)

0
0
Crazy Operations Guy
Silver badge

Merging police forces

This would greatly simplify things if they did this in the US since you end up with crazy crap where if a passenger assaulted the crew member of taxi traveling between New Jersey and NYC, it would be under the jurisdiction of 9 agencies:

-NYPD - happened in NYC

-New York County Sheriff - not technically in the city

-NY State Patrol - Occurred on infrastructure operated by the state Department of Transit

-City, county, and state police departments from New Jersey

-The US Coast Guard - happened on a boat

-FBI - Interstate crime

-Homeland security - could be declared terrorism

0
0

Malvertising maniac messes MSN, serves corrupted creative

Crazy Operations Guy
Silver badge

Re: And they are

Keeping it a civil offense would be a better move. In a criminal case, the burden of proof is on the prosecutor to convince a jury that the defendant is Guilty beyond a reasonable doubt. Whereas a Civil trial, the burden is on the defendant to prove that they are innocent beyond a reasonable doubt (This is why OJ Simpson walked free in the criminal trial but was found guilty in a civil court). In a criminal court, the defense attorney would just need to argue that the victim's DNS settings or the routing of the poackets were tampered with and the malicious code came from a faked website (In which case the prosecutor would need to gather every packet from the transaction to to actually prove that the code came from the defendant's servers). Beside, a private citizen cannot gain anything from a civil trial, so any fines or punishments would go right to the state.

What is really needed is a bunch of high-end lawyers working on such a case pro-bono to counter the lawyers the large advertisers employ. You;d also need some large organization to shoulder the burden if the case is lost (In the US, the loser pays the legal fees of whoever wins).

0
0

Google makes it official: Chrome will freeze Flash ads on sight from Sept 1

Crazy Operations Guy
Silver badge

"why would disabling Flash- or making it click-to-play- break it?"

Simple: the JavaScript that loads the video and makes the decision to use HTML5 vs. Flash simply detects the presence of the Flash plugin rather than checks if it works. Properly checking for Flash would take an unnecessary amount of time since you'd have to wait for it time-out before you can declare it non-functional, or risk throwing errors all over the place.

Video streaming services tend to prefer Flash since its had more time to mature, and Flash running on one platform works just as well as Flash on a completely different one whereas different browsers implement HTML5 differently.

1
0

Facebook profiles? They're not 'personal data' Mr Putin

Crazy Operations Guy
Silver badge

Embassies in datacenters

I wonder if it'd be possible to pay an ambassador to declare a square meter of space in a datacenter as official property of their country, kind of like an enclave...

0
0

Krebs: I know who hacked Ashley Madison

Crazy Operations Guy
Silver badge

Re: Thunderstruck

But there are so many other songs that would be much better suited for the breach. "What do you do for money, honey?" popped right into my head, you also got "Caught with your pants down" and dozens of others that would've fit better than Thunderstruck...

3
0

White Stork mates with ISS, delivers bundles of resupply joy

Crazy Operations Guy
Silver badge
Trollface

RE: dehydrated beer

But there is plenty of urine up there already...

1
0

Even 'super hackers' leave entries in logs, so prepare to drown in data

Crazy Operations Guy
Silver badge

Re: Super hackers might leave entries in logs

Or just not bother disguising the IP. It's trivial for an attacker to just proxy their connections through a rented botnet, so even knowing the correct IP would be pointless (what are you going to do, call up some random schmuck in Brazil / China / India and ask them to send you their computer so you can trace the attack?).

3
0

And it begins: Ashley Madison bonk-seekers urged to lawyer up

Crazy Operations Guy
Silver badge

Its a paid service, so you;d need their credit card details too. Possible if you wanted to smear the other person in a divorce case, but not nearly as easy as just signing them up for one of the free dating services...

0
0
Crazy Operations Guy
Silver badge

Probably because all the women blocked the first one because he is just so damn creepy.

0
0

It's incredibly easy to bump someone off online, and here's how to do it – infosec bod

Crazy Operations Guy
Silver badge

Back-date a birth certificate?

I wonder if it'd be possible to back-date a birth certificate... Fake your own death and take the identity of someone that just happened to have also been born around the same time as you. Of course fooling biometrics would be a bit of an issue, but then you'd just create a new ID in another country that doesn't share data with the country you were born in. But then there is also the issue that you'd no longer have a degree, or a diploma for that matter; although there are plenty of schools that have shit for security...

0
0

Hack a garage and the car inside with a child's toy and a few chips

Crazy Operations Guy
Silver badge

Rolling codes

Given the bit-length that the key fobs are using, it shouldn't take too long to grab enough codes to start predicting the next in the series. The key-fob would be using a very low-power micro-controller, so the algorithm would need to be pretty brain-dead simple. The problem is that both sides have to arrive at the same code (or at least the vehicle would have to calculate the expected code + 50 or more to account for presses of the fob when it was out of range). So given that, the algorithm would fall pretty quickly to GPU-powered AWS instance.

Of course I wouldn't put it past auto-makers to just burn a 1K long sting into the micro-controller and then just puke out 12-bits from there and just grab 2 bytes at a time and throw 4 of them away (first time take the first 12 bits, second round ignore the first bit, take the next twelve, etc). It'd theoretically give you 4096 codes before re-use (and make full use of the 12-bit space).

0
0

Emergency-service comms omnishambles worsens as HP dives for the door

Crazy Operations Guy
Silver badge

Porbably better without HP in the running

HP is collapsing, might not even be around for the required amount of time...

2
2

Symantec selling Veritas to private equity firm – report

Crazy Operations Guy
Silver badge

What makes you think it will still exist?

Veritas would probably be worth a lot more if they just killed it and sold all their patents and trademarks to whoever wanted them.

0
0

IBM GATE-CRASHES chip world, boldly exclaims: 'We've cracked the 7nm barrier'

Crazy Operations Guy
Silver badge

" pull an Apple and do everything yourself"

Apple actually do very little outside of marketing and making pretty cases. Board design is outsourced to India, the chips are fabbed by various 3rd parties, everything is put together by Chinese factories, most of the software is either out-sourced or just taken from the NetBSD project, and even most of the logistics are handled by third parties. The only things they really do are design the non-functional mechanical bits, run a couple shops, and market the hell out of everything.

5
1

Lizard Squad kid bandit who did 50 THOUSAND HACKS dodges cooler stint

Crazy Operations Guy
Silver badge

Force him to clean up every system he compromised

Just have everyone mail him their routers and have him re-flash them all on his dime (Or at least grab the money from the seized funds) and not let him do anything else until he has cleaned up every single system, even if it takes him so long that the machines would be thrown out anyway.

0
0

Awoogah: Get ready to patch 'severe' bug in OpenSSL this Thursday

Crazy Operations Guy
Silver badge

Re: Older version safe?

I'm assuming that it was one of those fixes that plug one hole, but accidentally opened another like a function that goes through a loop where the result s an off-by-one error in some uses, but is needed in others.

0
0

Did a SUPER RARE Sony-Nintendo PlayStation prototype just pop up online? Possibly, maybe

Crazy Operations Guy
Silver badge

Re: Yellowing

Well, the button colors kinda give it away as well. The pictured device is using the SNES controller port type, which used gray and purple buttons. It wasn't until a later version of the SNES when the four-color buttons started appearing on controllers, long after the partnership melted down.

0
1

Apple apes Microsoft with iPhone BLUE SCREEN OF DEATH

Crazy Operations Guy
Silver badge

"they said it's either software or hardware"

So long as the money stream isn't broken, they won't care...

16
0

Apple pulls Civil War games in Confederate flag takedown

Crazy Operations Guy
Silver badge

But let's see a redneck with a shotgun hit a drone...

0
1

UN corruption cops commence probe into domain-name and patent body WIPO

Crazy Operations Guy
Silver badge

Re: Shocked!

You can expand that to any agency, ever. Absolute power absolutely corrupts after all...

1
0

Bank of England CIO: ‘Beware of the cloud, beware of vendors’

Crazy Operations Guy
Silver badge

Clouds aren't all that much cheaper

Once all is said and done, you aren't going to be saving that much cash moving to cloud services. You have to bring in consultants to come in and size what you'd need in the cloud to replicate what you get on your current boxes, then you need more consultants to come in and fix your code to work with that new cloud, then you'll need even more consultants to come in to integrate the cloud bits back into your monitoring systems. And during this migration, you'll be paying for both your own stuff and the cloud, which can make for some pretty eye-watering purchase orders...

The cloud is great when you need another datacenter, you have some kid of public-facing service that can get hammered at a moment's notice, or you need some extra boxes while you wait on the delivery of more boxes / DC expansion / network upgrade / etc.

1
0

Raising a stink in court: Innocent poo banditry warehousers win $2.2m

Crazy Operations Guy
Silver badge

Re: Desk?

"coffee jar."

Couldn't make it any worse than the Folger's Instant "coffee" we have in the office....

6
0

Killer ChAraCter HOSES almost all versions of Reader, Windows

Crazy Operations Guy
Silver badge

Re: Ah. Adobe. Again.

That the problem with deciding between "Increase security just a bit" and "substantially improve performance"... While the performance hit is fairly trivial nowadays, there was never a reason to change it. Users demand things be fast and pretty, they don't care about security...

3
0
Crazy Operations Guy
Silver badge

Re: Does this also ...

Some graphics drivers have routines to accelerate rendering text on the screen, so there might be something lurking in there. And there is a good chance that there is some Adobe-written code in there as well...

0
1
Crazy Operations Guy
Silver badge

Funny how that works...

Lately I've been considering just converting my documents to Bitmaps and send those to people... At least we know that those are secure (or at least should be since reading a bitmap and drawing it on the screen is the graphics library equivalent of "Hello World")

0
1
Crazy Operations Guy
Silver badge

Re: Compared to this...

"Also because it is opensource, you can fix it yourself"

I am a staunch supporter of Open Source, but I have to say that arguments like this help no one and only serve to ruin the image of Open Source in the people's minds when they find out what is involved to "fix it yourself". That argument just alienates people that would otherwise love Open Source because they have neither the time nor skills nor inclination to write and/or apply patches to random pieces of software.

17
0

Do svidaniya to public record as Russia passes NEED to be forgotten bill

Crazy Operations Guy
Silver badge

Re: Where we are heading

Simple solution: save anything even slightly subversive to a Micro-SD card, infinitely easier to hide than a book (and easier to make copies and distribute). With even very simple compression, you can hide an entire library's worth of books behind a postage stamp. Digital information is also so much easier to copy and distribute, you can pop a card into a phone and transfer every piece of banned writing in a matter of a few minutes, or code up a simple P2P torrent like system over Bluetooth (like Fire Chat) and you can disseminate information to a whole city by just passing through it.

1
1
Crazy Operations Guy
Silver badge

Re: The person in the picture is definitely not forgotten

Yeah, except for most Chinese people are completely unaware of Tienanmen Square, despite its happening within the lifetime of quite a large percentage of population... Never underestimate the power of blocking information.

4
0

Singapore netizens slap silks for copyright bullying

Crazy Operations Guy
Silver badge

Re: Is there a reason

I assume you mean IP addresses... MAC addresses are only used on the local network segment. But even then, you can use whatever MAC you want so long as its not already in use on the network segment and has the 16th bit in the address set (to differentiate it from a multicast address). I've seen quite a bit of MAC spoofing on public networks since most non_free wifi spots authenticate with it, so if you grab one of a machine that is disconnecting, you can steal the session and get a free connection.

4
1

GCHQ: Security software? We'll soon see about THAT

Crazy Operations Guy
Silver badge

Re: Sue them under the DMCA?

"Also the DMCA contains a law enforcement/intelligence services free pass."

Yeah, US intelligence services and Law Enforcement...

"Oh, and the DMCA is a USA law, and this is GCHQ we are talking about."

So sue GCHQ in a US federal court. People use those courts to sue foreign countries all the time. Or maybe in Texas's courts, who just love copyright laws.

But overall, I just want to see it happen, I am not saying it would produce any sort of benefit for anyone, just a symbolic gesture to the GCHQ that breaking our security products is uncool.

0
0
Crazy Operations Guy
Silver badge

Sue them under the DMCA?

As most companies would argue, reverse-engineering software like this is a violation of various patents and is circumventing copyright mechanisms, so thus would be fair game under the DMCA...

I also wonder if they bothered getting proper licenses for those products anyway. Might be a fun lawsuit to see the government hoisted up by shitty laws they rushed through...

0
2

Germany says no steamy ebooks until die Kinder have gone to bed

Crazy Operations Guy
Silver badge

Re: Eh?

I've had similar thoughts back when I was a kid with television. The channels would block all the explicit stuff before my parents went to bed, so they remained unaware of what is broadcast late at night on the movies channels, but I sure wasn't.

I found it quite ironic that the thing set up to protect children did exactly that, except it was protecting young boys from their parents...

7
0

Facebook SSD failure study pinpoints mid-life burnout rate trough

Crazy Operations Guy
Silver badge

I prefer obvious typos over small, insidious little errors in the technical data...

0
0

Anakin Skywalker chased by cops, crashes podracer into tree

Crazy Operations Guy
Silver badge
Coat

According to the official Vocab guidelines, you're supposed to use "Police Service", force sounds too aggressive.

Mine's the one with a bit of red on it.

2
0

Poison résumé attack gives ransomware a gig on the desktop

Crazy Operations Guy
Silver badge

On my network, I force the file extensions to be shown...

0
0

Hey kids, who wants to pwn a million BIOSes?

Crazy Operations Guy
Silver badge

Re: " physical write-enable link on the Mobo."

I"d think that a simple setting in the setup utility would work. Allow updates to be written to a purely-storage section of the UEFI chip and then when you reboot, and option would appear in the setup utility and would ask whether you want to apply the update or not.

0
0

Hackers steal files on 4 million US govt workers

Crazy Operations Guy
Silver badge

With all these breaches

I would think that with all the breached organizations offering free credit monitoring and identify theft protection, I;d think that the average American would be getting these services for free for the rest of their lives.

First there was Target, then Home Depot, the Anthem Insurance, and now this....

12
0

Wikileaks publishes TiSA: A secret trade pact between US, Europe and others for big biz pals

Crazy Operations Guy
Silver badge

Wouldn't actually be all that expensive to keep data

The rationalization that disallowing personal information to leave a country is expensive is idiotic... Sure it'll cost some money. Putting a couple servers in a datacenter isn't all that expensive and may be cheaper since you'd save a lot of money on network transit fees, plus your services will have a lot lower latency for the customer. It would also give a company a much better uptime if everything is distributed rather than in one or two bit barns on the other side of the planet.... Beside, isn't it much better to keep data near where it will be used?

3
0

Telenor Norway projects 2020 switch-off for its 3G network

Crazy Operations Guy
Silver badge

Re: M2M needs 2G

I'd think that by the time 2025 rolls around, I'd think that there'd be a purpose-built protocol / network for M2M. Although I'd like to see a sort of hybrid network developed that would run both consumer internet and cellular communications to replace both WiFi and 4G, preferably some kind of mesh-network to greatly improve available bandwidth.

1
0

Science teacher jammed his school kids' phones, gets week suspension

Crazy Operations Guy
Silver badge

Re: Just give them an 'F'

The problem with that is that teacher pay is now based on the students' grades. If a teacher were to fail a student for such a thing, they might as well kiss their raise goodbye. Welcome to "No Child Left Behind"...

21
0
Crazy Operations Guy
Silver badge

"illegal because they can prevent people from calling emergency services"

But what if you built one that blocked everything except emergency services? Build some kind of fake-tower like that blackholes every connection but passes through 911 calls...

3
2

WikiLeaks offers $100k for copies of the Trans-Pacific Partnership – big biz's secret govt pact

Crazy Operations Guy
Silver badge

Why would anyone take the money?

The second the money is transferred, one of the relevant government would notice and arrest the person responsible right after freezing their assets... Receiving money for spilling a secret agreement like this could be considered treason. So who would be close enough to the trade talks to get a copy yet value their life at less than $100,000?

1
2

Forget black helicopters, FBI flying surveillance Cessnas over US cities. Warrant? What's that?

Crazy Operations Guy
Silver badge

Re: "The instigators, looters and arsonists deserved Hellfire missiles."

Yeah, because using a multimillion dollar missile is totally the appropriate response for someone stealing a few thousand dollars of electronics. And it totally wouldn't set off yet another mass riot, no, not at all....

2
1

What a Zuckin' drag! 'Frisco queens protest outside Facebook HQ over 'real names' policy

Crazy Operations Guy
Silver badge

Display Names

Why can't Facebook just add the option for a Display Name. They could still require users to register with their real names, and the users could use anything in the display name...

2
0

New kid on the blocks: Lego Worlds game challenges Minecraft

Crazy Operations Guy
Silver badge

Re: Gonna have to give it a try

I should've known better than to express my personal opinion about a game on the internet...

Other than taking a lot of time, I love minecraft (on a similar level to complaining that your child keeps you up all night; its understood that you love the thing, but still get annoyed). Its just that with my work schedule and social obligations, I have little time to relax by myself so all I want to do is dive into a virtual world for a couple of hours where there are no ridiculous deadlines, no complaining users, and no python scripts failing tasks that the script has completed successfully thousands of times before.

0
0

Page:

Forums