* Posts by Crazy Operations Guy

824 posts • joined 29 Jun 2009

Page:

Hack hijacks electric skateboards, dumps hipsters in the gutter

Crazy Operations Guy
Bronze badge

Re: Failsafe?

I"d think that something that uses the last speed setting and then slowly tapers off would be easier on the rider's sense of balance.

As for the control, I'd assume that it'd be a single control that you move your finger up and down for speed (Not much else needs to be controlled anyway). So it would be held out to the side without having to look at it. But then there is the issue of accidentally hitting the home button or something on it...

Never-the-less the whole concept is idiotic; its a device that costs ridiculous sums of cash to make a merely make a task a little easier that when it fails, has the potential to cause serious injury.

0
0

ICANN HACKED: Intruders poke around global DNS innards

Crazy Operations Guy
Bronze badge

One of the things that shouldn't be automated

Zone files are so important, and change so infrequently, that this should be a fully manual and offline process to complete. IE changes are sent via bonded courier (or another equally-secure method) to ICANN where an employee verifies the change by calling up the requester and confirming identification as well as each item modified.

1
0
Crazy Operations Guy
Bronze badge

If it does end up in the mainstream press, they'd heavily misinterpret it and blow it way out of proportion like they do with anything they don't understand (which seems to be everything lately).

0
0

TorrentLocker ransomware pestilence plagues Europe, bags $500k

Crazy Operations Guy
Bronze badge

"there should be an IT bod in the vicinity to help explain things"

Well, the biggest reason people tend not to ask the IT folk is that far too many times when they ask, many IT folk respond with condescension and ego. An attitude that you have perfectly demonstrated in your comment (Although you do seem to have a thing for sheep).

At least this is the most common complaint that I've heard from the employees where I work ever since I fell to the Management Side of the force and got my lobotomy / MBA. Speaking with CIOs in other companies, the story isn't all that different.

0
1

LEGS IN 2015: SpaceX Falcon's landing PUT ON HOLD

Crazy Operations Guy
Bronze badge

"tends to err on the side of caution with each launch."

If only software companies did the same...

9
0

Friday: SpaceX will attempt to land rocket on floating, robotic 'spaceport drone ship'

Crazy Operations Guy
Bronze badge

Re: "Rockets are really good at going bang."

Well, they are pretty much giant bombs with a hole at the bottom for the explosion to slowly leak out of...

1
0

Back dat app up: Microsoft opens Azure Backup to Windows PCs

Crazy Operations Guy
Bronze badge

"only the 64-bit versions of the operating systems are supported."

Didn't know they still made 32-bit Windows... Its hard to even find a machine for sale with less than the 3.5 GB of RAM that a 32-bit system would support.

0
0

Penguin porn? NO! Linux folk in #LCA2015 standoff

Crazy Operations Guy
Bronze badge

Re: And this is why #TwitterIsBollocks

I can understand using it to inform customers of time-critical issues (such as service outages) or contests. But then customers would 'follow' the account, not the 'hashtag'. IN this situation, why couldn't the linux group just create a new account for this event?

I can't believe I said something positive about Twitter, excuse me while I go brush my teeth to get rid of the taste of vomit in my mouth...

3
0
Crazy Operations Guy
Bronze badge

Re: Surely...

@ Camilla Smythe

I hope you realize that that says a lot more about your sexual prowess than it does about the feminine gender...

3
0

Amazon workers in Germany stage CHRISTMAS STRIKE

Crazy Operations Guy
Bronze badge

Reasoning for multiple rules for different industries

The purpose of different sets of rules for different industries is that each industry has very different work conditions. Like how it is reasonable to ask a delivery man to walk 20+ miles a day where it would be cruel to force an office worker to do the same. Of course the easiest solution might be to create an additional industry to address this business model; give it the pay of a retail/mail order worker but without the hours restrictions. Amazon's business model is different than anything that has come before it, so it doesn't fit into the current laws, so thus the laws should change to take Amazon and other such businesses into account.

Beside, all western countries have similar regulations as well.

0
0

easyGroup railroads easytrain.com owner

Crazy Operations Guy
Bronze badge

What kind of idiot lets a company domain expire?

A .com is like $10 a year, even cheaper when you do multiple years at a time. So what kind of idiot decided to not just buy the damn thing for 20-25 years and keep on adding time each year? Most registrars even offer auto-renewal. They must be intentionally doing this as it exceeds even government-levels of incompetence.

1
0

Microsoft whips out real-time translator for Skype calls

Crazy Operations Guy
Bronze badge

Re: How about getting written text translation right first?

Translation is one of those things you have to fail at for quite a while before you get it right; you need extremely large sets of data in order to do it right. Of course machine-based translation will always suck compared to trained humans no matter how much computing power and data you throw at it.

1
2
Crazy Operations Guy
Bronze badge

Re: German

The verb coming at the end of a sentence is common in English as well. And the verb isn't always at the end of the sentence in German either (such as in the phrase "Ich bin Ein Berliner" and similar constructs)

There are no commonly spoken languages that enforce a strict word order. In language, relaying the message is the whole point rather than following an endless list of rules and exceptions.

1
0

QEMU, FFMPEG guru unleashes JPEG-slaying graphics compressor

Crazy Operations Guy
Bronze badge

Re: Adoption

What decade are you living in? The porn industry is 99% video now. The only sites that can survive with photos are the really niche-type sites (less than 0.1% of the market) and sites featuring stolen images.

0
0

HORRIFIED Amazon retailers fear GOING BUST after 1p pricing cockup

Crazy Operations Guy
Bronze badge

Probably expected an INT, got a BOL instead

probably a change somewhere in the software where the API call expected something like:

[a list of variables], BOL_IsDynamic, INT_Price

but got:

[1 more variable than expected], BOL_IsDynamic, INT_Price

so that when the request to grab the price was made, the price was set to true (True being interpreted as 1, and price is determined as pence)

Wouldn't surprise me if it was determined to be a simple off-by-one error in the variable parsing function (EG zero-indexed array when 1-index array was expected).

At least that's my thought on the situation.

1
4

Skinny Ubuntu Linux 'Snapped' up by fat Microsoft cloud

Crazy Operations Guy
Bronze badge

Re: back on topic - small virtual linux servers...

I can think of a couple uses (most of which I've seen out in the wild):

* DDoS prevention (the tiny machines cushion the brunt of the attack while still passing through legitimate traffic)

* Extra security layer to analyze/sanitize user-input to prevent injection / overflow attacks

* CDN-like systems to handle requests for a large number of tiny objects (Prevent TCP port exhaustion on a busy site)

* run legacy apps that don't play well with others (Such as needing a specific version of the Java Runtime, or specific versions of some libraries)

* Hosting sub-domains that are rarely used but are required to be on a separate machine for one reason or another

* reverse proxies to load balance for the bigger machines

* pre-prod platform testing

4
0
Crazy Operations Guy
Bronze badge

Is it really still Ubuntu?

At what point does this go from being Ubuntu and just being a Linux kernel with a small smattering of libraries on top?

But this goes up against a bigger question I've always had: what makes a distro a distro?

2
0

NORKS: We didn't hack Sony. Whoever did was RIGHTEOUS, though

Crazy Operations Guy
Bronze badge

I love it when they say 'Imperialist Americans'

Provides a good sense of irony considering that the countries they allied themselves with (Russia, China) are far more imperialistic than the US and how both allies were ruled by emperors into the 20th century (and thus being the textbook definition of imperialistic)...

2
0

US taxmen won't say WHY they're probing Microsoft. So Redmond is suing the IRS

Crazy Operations Guy
Bronze badge

Re: "Fishing expeditions?"

Its a very common term in judicial matters, it refers to someone working for The State requesting warrants, subpoenas, records, etc without having probable cause to do so. IE, fishing around for a violation when there is no evidence (well, good evidence) to suggest a violation has occurred or the violation has occurred, but no evidence pointing to *who* committed the violation.

4
1

New Snapchat Snapcash service inspires amateur PORN STARS

Crazy Operations Guy
Bronze badge

Why?

Did Paypal and all porn sites disappear off the internet while I wasn't paying attention?

0
1
Crazy Operations Guy
Bronze badge

valued at up to $10bn but has yet to turn a profit.

So is this what capitalism has become? People throwing money at something that has yet to find a reasonable way to make a profit?

0
0
Crazy Operations Guy
Bronze badge

Consent.

6
0

Where the HELL is that Comcast technician? Finally – an app for that

Crazy Operations Guy
Bronze badge

Only for iOS and Android

God I hate it when companies do that and they don't offer a webpage for the same information, which would be easier to do. Although most 'apps' are just a container for a webpage anyway...

0
0

The IT Crowd's internet in a box gets $240k of crowdcash for a cause

Crazy Operations Guy
Bronze badge

Bitcoin block chains and Linux distros?

Why? Those things will take up a hell of a lot of bandwidth that could be put to better use. Maybe one or two linux distributions might be OK, but then you'll have people wanting to cram more on there under the guise of 'X is there, why not Y?'. Soon you'll have dozens of Linux distros but some very old copies of Wikipedia.

As for the Bitocin chain, why? Its useless if its not updated as close to real-time as possible, since it would open the door to quite a lot of fraud (Similar to the bad check type scams of yester-year)

0
0

George.Best walks into a sex.bar, spots a bearded dwarf sysadmin and thinks: Warcraft.cool

Crazy Operations Guy
Bronze badge

Re: silly names can be yours!!

You mean setting up a CNAME on a DNS server?

0
0

Anonymous ‪hacks the Ku Klux Klan after Ferguson‬ threats

Crazy Operations Guy
Bronze badge

Re: "Hacking"?

Usually they'll try and abuse the 'reset my password' feature, especially those with 'security questions' that people will fill in with information that is very easy to look up (like what happened to Palin in the 2008 elections). Then there are a lot of attacks using dictionary attacks (usually an abridged version is used first before trying to reset the password, just in case the account holder is a class-A moron). Although password reuse attacks are on the rise, especially with all the recent major breaches.

4
0

Why did men evolve map-reading skills? They were PAID BY BONK - study

Crazy Operations Guy
Bronze badge
Joke

How do they know its not the other way round

That men with a large number of children are better at navigation because they want to get away so much faster?

13
0

SUPER-JAMMY Philae comet probe got down WITHOUT harpoons

Crazy Operations Guy
Bronze badge

Re: Good luck, at the end of the day

From other projects I've read about; they'll build many copies of a space craft: One primary to be launched, a second one in case the first is found to be defective on or near launch.

Then there will be several engineering copies to test one or two pieces. None of these will be full copies, but you can assemble one form multiple models with dummy components taking the place of the systems not under test. One might be uses solely to test the drills, another the landing gear, and maybe a third that is the drill and landing gear sections. These copies only get used once since they get pushed through stress testing and you're not going to test against a already-stressed component.

0
0

Rosetta probot drilling DENIED: Philae has its 'LEG in the AIR'

Crazy Operations Guy
Bronze badge

Wakes up when it gets sun

Knowing the way that western organizations build spacecraft and that it was built by Germans, I imagine there will be some time millennia from now the comet beaks from our star system and finds itself orbiting some star, waking up, and freaking the hell out of some sentient beings on another planet.

38
0

Can you choose your carrier when a carrier owns the data centre?

Crazy Operations Guy
Bronze badge

I've chosen such datacenters because of the carrier

Usually because we have customers of that carrier complaining about speed so we stick some servers for a CDN / Reverse proxy farm.

0
0

Consumer group SLAMS NASA for letting Google rent $1bn 'playground'

Crazy Operations Guy
Bronze badge

Re: What's so neat about it?

State laws do not apply to federal land, however, most federal agencies will play nice with the locals. Especially when it comes to things like power plants, weapons caches, and air strips which can present an unacceptable risk to the lives of the local populace or to property in the area.

0
0
Crazy Operations Guy
Bronze badge

With that kind of money

Why doesn't Google just buy Moffett Field? Or better yet, why don't they build their own facility out in Nevada/Arizona/New Mexico/Etc. for a fraction of the cost? As a bonus, they would no longer be held back by California's laws so they can test whatever they want.

1
1

Got an iPhone or iPad? LOOK OUT for MASQUE-D INTRUDERS

Crazy Operations Guy
Bronze badge

Re: "side loaded" apps?

"interfacing via the App Store where other software installs work" that's what I was thinking. Make everything simple by setting up the store with an Apple cert for publicly available apps and then allow enterprises to install their own certificate along side the Apple certificate to verify their deployment server.

Or better yet, flip the authentication method where the client (phone/pad/pod, whatever) verifies the server's certificate and presents it own once its verified. Done properly, it would allow enterprises to publish their internal apps to the main Apple store and make it only available to a select number of client phones by way of adding whitelists of certificate hashes (with each phone having a different client cert). These apps would then be signed by Apple, rather than the Enterprise. This would create a scenario where the IT department of the company no longer needs to maintain infrastructure while still ensuring that their users get verified apps and staying as secure as they can be.

This could then be expanded to allow developers to build right to the App store and deploy to only their own phones/devices and ones registered in a white-list. Hell maybe Apple could offer a cloud-based repository/build system; write code, commit, Apple servers build it, do some preliminary tests, sign it, push to store, app gets pulled down by phone if its on the proper whitelist, device sends back debug data to the Apple dev cloud and reports are filed into the code's repository. As the app is polished and tested, the whitelist is expanded to include beta-testers, then finally the targeted audience.

If you're going for a walled-garden/big-brother approach, you can't take half measures, otherwise stupid crap like this exploit happens.

(Note: I have only a high-level view of what Apple does, the last Apple device I've ever used was a Powermac all-in-one in the late 90's)

0
0
Crazy Operations Guy
Bronze badge

Why would they allow installs from text/email?

Given their walled-garden approach, I figured they would have set things up so that executable code could only be modified by the store app, and only during an install requiring your password. Otherwise the file system the binaries are on stay read-only.

3
0

TORpedo'd dev dumps Doxbin files after police raids

Crazy Operations Guy
Bronze badge

They control one or more TOR nodes, so they could watch as it passes through the first node, and see what the packet looks like on the other side. To ensure that they know which packet is theirs, they could cut traffic to that node from external sources just long enough so theirs becomes the only packet passing through it.

As for tracking it, I'm sure that they have a full map of where every tor node sits and have wire taps at their closest routers (well, closest that they control).

1
0
Crazy Operations Guy
Bronze badge

I figure it would be something as simple a GET request to a targeted server and following it by way of packet dumps on ISP routers (well, the encrypted packet containing the GET...)

1
0

Crooks are using proxy servers to build more convincing phishing sites – new claim

Crazy Operations Guy
Bronze badge

Just a thought

This attack would be so much harder to detect and block by utilizing a botnet, simply install the proxy code on a botted machine and rotate which bots are serving up the pages (just have the CnC server communicate constantly update a DNS server operating as the NS server for the phishing site and set the TTL ludicrously low to eliminate lost connections from people shutting off nodes in the bot net.

Although, come to think of it, a botnet of proxy servers might not actually be a bad thing in the right hands...

1
0
Crazy Operations Guy
Bronze badge

Re: "legitimate site would find it very difficult to detect these attacks against their customers. "

I don't expect anyone to use my solution as the only method of fraud detection, merely as a simple filter for more rigorous testing, such as comparing previous postal / country codes used by customers on that IP. Which in your examples, would match or at least be similar.

0
0
Crazy Operations Guy
Bronze badge

Like the 419 scammers, phishers are typically looking for people that are just stupid enough not to notice the errors since they would be stupid enough to fall for other phishing sites as well (And thus reduce your chances of getting caught, since the victim won't know which shady website stole their identity; you also get people that so enticed by what is being offered, that they'll do whatever you want)

Catch a smart man with a good phish and you'll eat for a day; catch a sucker with a bad phish, and you'll eat for a lifetime.

3
0
Crazy Operations Guy
Bronze badge

"legitimate site would find it very difficult to detect these attacks against their customers. "

Look for multiple customers coming from the same IP, easy peasy.

2
1

Sysadmins disposed of Heartbleed certs, but forgot to flush

Crazy Operations Guy
Bronze badge

Probably a vast majority of those certificates are used on other servers

I figure the reason why many sites haven't revoked the old certificates is that they aren't done replacing the old ones, like they may be used in DR sites or cloud services and they are waiting until those have been replaced before revoking the old certs. A lot of companies I've worked with wait until primary production has been proven to work for some time before the change can be made in DR.

After-all, it would be pretty stupid to revoke *then* issue new certificates since that would leave a time period in which no encryption is possible.

1
0

Russian internet traffic detours through China's Frankfurt outpost

Crazy Operations Guy
Bronze badge

Not that uncommon

I've seen many a packet end up going on a round-the-world journey simple because one link broke and its back-up link happens to have a cost that brings just higher than going around the world. Happens a lot with peers that have global networks and low link costs between segments.

Although I've seen some pretty stupid routes where the link-cost on a satellite with a latency of 500-600 ms is assigned a link-cost lower than that of a fiber line across three ISPs but only has latency of 300 ms.

Routing on the internet can get really stupid sometimes since its just a bunch of networks stitched together in a poorly woven fabric of fiber and copper.

0
0

Printing Bad: Meth found in laser printer cartridges

Crazy Operations Guy
Bronze badge

Re: Importing meth into the US

Actually, that's not true anymore; most meth on the streets in the US is manufactured in Mexico. The Cartels are able to use their immense amounts of power to manufacture meth at an industrial scale and far more efficiently than a small lab in the US, especially since they can get all the chemicals they want without scrutiny. They also have the advantage of having a very good smuggling and distribution network already in place that they've been building since the 1960's.

5
0

Feds investigate Homeland Security background checker security breach

Crazy Operations Guy
Bronze badge

So much money wasted

I find it hilarious (In a Kafkaesque sort of way) when you compare how much money that's been wasted on 'Homeland Security' vs. how much money Al-Qaeda spent to attack us. It worked out to be that for every person that died on 9/11 the US has spent over $10 million dollars (and rising) in revenge, where Al-Qaeda has spent a measly $5. Talk about an impressive ROI... Their goal was to make us terrified of them and to be living in constant fear; in that way it looks like they achieved a victory so perfect that it can be used as a standard for purity of diamonds.

Especially since the easier way of destroying these 'terror groups' would have been so much cheaper: cut off their pool of recruits by helping out villages and convincing the people there that it would be far more beneficial for them to live peaceably with the West than to attack innocents. Farming, building, and manufacturing equipment is far cheaper than cruise missiles and jet fuel.

13
0

Call of Duty, GTA V DO NOT make YOUTH more VIOLENT

Crazy Operations Guy
Bronze badge

If your paper/article/post has a question mark in its title

Then prepare for me to ignore it. The point of Academic papers is that the author has done all the leg work and research to answer a question. The title is supposed to tell us, in as few words as possible, what they discovered. The same goes for news reports and any other form of reporting. If I wanted to read a lot of words before coming to the point of the piece, I'd pick up a novel.

To me the question mark is a big red flag saying that the following piece is nothing but click-bait (along with such words/phrases as '... might surprise you..' and '..you must read this before...'. Incidentally Buzzfeed, upworthy and their ilk are blocked on my firewall...

1
1

Watchdog bites hotel booking site: Over 3k card details slurped

Crazy Operations Guy
Bronze badge

Re: Including the 3 digit security code?

Indeed, the 3/4-digit security code is supposed to be entered every single time and never stored and used as an extremely basic 2FA method. Otherwise what is the point of its existence (Well, its a piss-poor attempt at fraud prevention, so really it shouldn't in the first place and instead be replaced an actual OTP token)?

3
0
Crazy Operations Guy
Bronze badge

"a less sever fine that didn't run the risk of putting the company out of business."

They should go out of business. Simple problems like this need to stop and they won't until someone starts making an example of the offenders. And a fine of £7,500? The company won't even notice that, hell I wouldn't have a problem paying that fine myself. At least make the fine much greater than the cost of fixing it (and then if they fix the issue, provide a discount equivalent to what they spent doing so).

9
0

Crypto collision used to hijack Windows Update goes mainstream

Crazy Operations Guy
Bronze badge

Why not implement a dual-hash (or multiple-hash) system?

Why is it that certificates can only have a single hash? Having more than one would increase the difficulty of finding a collision that satisfies both hashes. Theoretically this would allow certificates to remain safe long enough after the hash was found to be easily exploitable to let it just expire and re-issue a new one without the weak algorithm. Plus it would have the advantage where old clients that support only a very weak hash can still verify with a single hash and ignore the others (Or ones that don't need the extra security and have very low compute power as it is); allowing for certificates, clients, and servers to use $standard +/- 1 without compatibility issues.

I use a similar thing when verifying OS install packages, I run an MD5 and SHA-256 hash on them when I first get them and when install on my beefy systems, but only do an MD5 on my low-powered single core boxes.

4
0
Crazy Operations Guy
Bronze badge

"[I]t does however have a much lower complexity than a complete brute force attack."

Umm, no. Brute-force is the least complicated attack possible (Since its just n = n +1;). It may be much quicker, but can't possibly be less complex.

3
0

Page:

Forums