Feeds

* Posts by Crazy Operations Guy

456 posts • joined 29 Jun 2009

Page:

Study shows dangerous asteroid impacts hit Earth every six months

Crazy Operations Guy
Bronze badge

Maybe we need a couple hits near some major cities

Nothing like the risk of death at any time from space debris to get everyone to stop fighting over stupid and petty differences and work together to do something about this.

0
0

Did a date calculation bug just cost hard-up Co-op Bank £110m?

Crazy Operations Guy
Bronze badge

Does it have to be every 365 days?

Couldn't they send these things out every 360 days or even just send them out monthly alongside the usually banking statements (like my bank does, but I'm a yank with a credit union, so not sure of that would comply with Brit law).

0
0

Oz bank in comedy Heartbleed blog FAIL

Crazy Operations Guy
Bronze badge

Try HSBC, trusted by drug rings, black markets, rogue states and terrorists for well over a decade. They may be evil, but they don't fuck over their customers (At least not as much as other banks) and seem to be immune from the NSA, CIA, MI*, GCHQ, FSB, et al.

0
1

Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN

Crazy Operations Guy
Bronze badge

Apple; totally not a personality cult.

From the photos I've seen there are more images of Steve Jobs per square meter in California than there are of Kim Il-Sung in PyongYang.

7
2

Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed

Crazy Operations Guy
Bronze badge

Re: "and setup a small pfsense box"

Or just use OpenBSD and the built-in pf rather than its derivative.

0
0

Your files held hostage by CryptoDefense? Don't pay up! The decryption key is on your hard drive

Crazy Operations Guy
Bronze badge

Re: Location of the Microsoft/Crypto folder depends on the Windows version

Doesn't matter where it is, those files are encrypted anyway. You should be accessing them through the Certificates Manger in the MMC.

0
0
Crazy Operations Guy
Bronze badge

Re: so...

The point of the Keystore isn't to obfuscate access to certificates, but rather to put them all in one place and make it much easier to work with using a common API for all your crypto needs rather than having it done on an application-by-application basis.

Yes, the system has to get access to the key from somewhere, in modern computers this would be the TPM in conjunction with SecureBoot. The SYSTEM account's keys are stored in the TPM and without those keys the keystore is unreadable. Of course now the TMP is the weakest link, but if your attackers have the technology to break one of those, I think you have bigger problems.

Besides, if someone malicious has physical access to your machine, it doesn't matter what OS you are using, you have already lost. A system's security isn't just about the OS, you also have to protect

0
0
Crazy Operations Guy
Bronze badge

Re: so...

No, every account has its own encryption key used to encrypt the keystore (keys used by the OS are stored in the SYSTEM account's keystore and encrypted with the machine's key).

The source of this key depends on the account type: on locally created accounts the key is made from a one-way hash of the user's password and some other unique data. In directory services, such as Active Directory, the key is stored and generated by the directory software.

The only place the key is stored in plain text is in a protected section of memory (Assuming your MMU isn't a pile of crap) and is processed by non-interruptible software ISR.

2
0

Lego is the TOOL OF SATAN, thunders Polish priest

Crazy Operations Guy
Bronze badge

Re: " toughest substance in the known universe"

Indeed, a few months ago I helped my parents with their garden and unearthed a Lego from when they were kids (about 45 years). It was even in near-pristine condition, especially compared to the nearly-disintegrated plastic bucket that we also found that was from a mere 15 years ago. Seriously, what the hell are the made of? I think they will still be around even after the heat-death of the universe.

3
0

Puking! protester! forces! Yahoo! 'techie! scum!' to! ride! vile! bile! barf! bus! to! work!

Crazy Operations Guy
Bronze badge

Why do companies love the Bay Area anyway?

What is so special about the Bay Area that tech companies flock there like moths around a flame?

These companies could save truck-loads of cash by moving somewhere else where they don't have to pay their employees quite so much. I understand that a lot of their employees are graduates of the nearby universities, but they could easily relocate them to Portland, pay them $30k less each year and pay for moving expenses, all with both parties having more money in their pockets at the end of the year.

The rent is ridiculous in the Bay Area, I paid the same amount for a tiny studio (~500 Sqft) in SF as I did for a 3-bedroom place (~2000 sqft) in Downtown Seattle.

2
0

Hardwired crypto certificate FAIL bricks Juniper router kit

Crazy Operations Guy
Bronze badge

Why do the licenses for routers even need to exist?

How much does it take to produce the software on it? I don't think it could possibly bankrupt any of the manufacturers to just give it away, especially when they charge anywhere between $5000 for a basic router all the way up $2 million for the high-end stuff. Hell they might end up saving money by cutting down on the versions they have to maintain, shutting down the authentication servers and laying-off all the account managers responsible for the software support accounts.

HP's networking division seems to be doing well enough despite giving away the software.

0
0

Zuck: Web drones, not balloons (cough, cough Google) are way forward

Crazy Operations Guy
Bronze badge
Unhappy

This would only hurt their revenues

Both these companies make their money from advertising, and the value of their advertising is directly proportional to the value of the eyeballs (Value in this case is how likely the viewer is to buy the advertised product). But that value plummets drastically when you add millions of poor people that can't afford clean water, let alone whatever shlock is being shown to them. Hell, did they even think about the fact that very, very few people even have electricity, let alone some type of device that would let them use the internet?

I agree with Gates here in that giving them things to help them live would be a much better investment than them being able to post "Lost my brother to dysentery, second time this year" to TwitFace+.

5
1

US-Russia Soyuz 'nauts STUCK IN SPACE after ISS dock fail

Crazy Operations Guy
Bronze badge

Re: "They have supplies to keep them in orbit for many, many days,"

They'll carry about a week's worth of provisions with them in case of emergency, specifically if something goes wrong at any point in the trip.

As for waste, it is either recycled back into fresh water or stowed in sealed bags and placed in the same compartments the food was carried up in. What better ballast material than something that has the same weight and consistency of what was there before; a balanced spacecraft is a happy spacecraft.

1
0

BOYCOTT FIREFOX, rage gay devs as Mozilla appoints JavaScript daddy as CEO

Crazy Operations Guy
Bronze badge
WTF?

Unable to get married

So why couldn't they just move to any of the other states that recognized gay marriage during the time that California didn't?

3
2

AMD: Why we had to evacuate 276TB from Oracle DB to Hadoop

Crazy Operations Guy
Bronze badge

Good software, stupid name

From my experience as a consultant I think there would be a lot more installs of Hadoop if the name didn't sound so goofy. I can't count the number of times I've gone in front of management and had them laugh off the software because of its name.

8
0

Twitter turns 8: Five tech kingpins whose first tweets are UNBELIEVABLE

Crazy Operations Guy
Bronze badge

Useless from the beginning I see.

I have yet to see how Twitter is any better than an RSS feed.

0
1

RIP Full Disclosure: Security world reacts to key mailing list's death

Crazy Operations Guy
Bronze badge

"Can be done with a tweet"

Except when twitter sees a legal threat they fold faster than a ninja making origami cranes.

19
0

Kent Police fined £100k for leaving interview vids of informants in old cop shop

Crazy Operations Guy
Bronze badge

Re: erm...

You forgot the entropy of all the bureaucrats taking their cuts.

3
0
Crazy Operations Guy
Bronze badge

Yes, they should be fired

...preferably out of a canon.

3
0

Dammit internet... you promised naked videos of my Facebook friends

Crazy Operations Guy
Bronze badge

Am I the only one with attractive friends?

Or is it that everyone here wants to turn the forums into a death-camp for old jokes...

1
0
Crazy Operations Guy
Bronze badge
Facepalm

Re: If you fall for that

Yes, because we all know how an infected machine only affects that one person.

4
1

Aargh! My EYEBALLS are MELLLTING! Curse this DEVIL LAPTOP

Crazy Operations Guy
Bronze badge

Blinded by LEDs

Given how many manufacturers like to cram super-bright blue LEDs into their products, I don't doubt you could go blind from them. I wonder when device manufacturers will realize that blue LEDs produce a far more intense light than the same amount of energy in a red or green LED. There have been many times that I've walked into a datacenter and have been temporarily blinded by locator LEDs right at eye-level.

0
0

German freemail firms defend AdBlock-nobbling campaign

Crazy Operations Guy
Bronze badge

Re: Security

Exactly,

I have two problems with modern ads:

1) I am wasting cpu cycles and memory to have these things shown due to the hundreds or even thousands of lines of Javascript or Flash/ActionScript running from somewhere else, which brings me to:

2) All that code is hosted on a server that neither myself nor the organization running the website can control and the advertisers don't have much of an incentive to police so long as the money keeps rolling in.

I wouldn't mind advertisements that were just basic JPGs or GIFs hosted on the website itself. I also wouldn't mind if the website shipped its access logs off to the advertiser to analyze, they already end up with all that information and a lot more with the current ad systems.

3
0

Facebook ditches TOP SECRET email service. Did YOU know it had one?

Crazy Operations Guy
Bronze badge

Re: Much as I dislike Facebook, I wish...

I had tinkered with the idea of a social-network backed email system some time ago. It would be easy to determine if something is spam in real time with the data they have. If a message is sent to multiple people (or very similar messages are being sent) you'd just check to see if there is some sort of link between the recipients such as going to the same schools, having friends in common, etc. Otherwise you'd block the message as spam.

0
1

MtGox has VANISHED. So where have all the Bitcoins gone?

Crazy Operations Guy
Bronze badge

"put announce for mtgox acq here"

'acq' could also mean acquittal...

1
0

Beware Greeks bearing lists: Bank-raiding nasty Zeus smuggles attack orders in JPEGs

Crazy Operations Guy
Bronze badge

Steganography to hide the whole thing

I'm surprised if they were going for something like this, they wouldn't have also tried to embed more of the virus into images.

The main payload could be nothing but a tiny little script that embeds a decoding routine and exec function into some system library. You could even use a browser update bug and embed this into Chome's or Firefox's SSL libraries (Done properly, you could even sign it with a fake code-signing cert and embed it into the underlying OS so the modified binary looks legit)

The rest of the virus would be embedded in a series of images labeled as 'Desktop Wallpaper' saved as full-color bitmaps at 1920x1080 or something of the like.

Something like this could go unnoticed for a long time

0
0

TV scraper Aereo pulled off air in six US states after tellyco court injunction victory

Crazy Operations Guy
Bronze badge

Wouldn't this be making more money for the broadcasters?

They weren't directly making money off the signal anyway, but indirectly from increased sales of products advertised via those signals. At least with this model, they could request viewership statistics from Aereo and rather than try to sell air-time based on 'Company X bought time from us and their profits went up by X amount, where they could now say 'We have at least X number of viewers on these time slots'

It bothers me to see companies like this getting shut down as it could be a boon for all parties involved. At the very least I could see a deal going with Public TV channels as it would a charitable donation and these channels would have a much wider audience.

4
1

Tinfoil hats proven useless by eleven-year mobe radiation study

Crazy Operations Guy
Bronze badge

Re: Duh.

Or even the human body, other living creatures, smoke detectors, bricks, bananas, ceramics, and many other things that release ionizing radiation, which even though is on the level of nano- or pico-sieverts, is still more than a cell phone has ever produced.

0
0

Fridge vendor pegged as likely source of Target breach

Crazy Operations Guy
Bronze badge

Re: I've always hated the term 'DMZ' in relation to networks

'If your answer to that is "but I can control that from a central place" you have just indicated a new APT target, and therein lies the rub.'

You seem to have missed the point. In most networks, anyone inside the company could be launching point for attack, my point is to reduce the number of possible targets. I would rather have the IT department's systems and working harder to protect them than having to worry about the thousand other machines in the company that can access the management interfaces of the critical servers.

Also your comparison to a company that only has a single key is flawed in that I can replace my machines whenever I want and it wouldn't affect a damn thing, where a key needs to be replaced everywhere.

0
0
Crazy Operations Guy
Bronze badge

I've always hated the term 'DMZ' in relation to networks

It causes Security engineers to think in terms of having just three networks: Internal, external and a section in-between when modern technology requires thinking in much finer grained terms. With modern OS's supporting virtual interfaces* you should have dozens, even hundreds of separate networks.

What should have happened when they brought the partner on board was to have set up a specific VLAN and subnet for them that connected to virtual NICs on the servers they needed with listeners configured for access to the data and commands they needed to get it or modify it. If something requires a different set of security rules, it should have its own network.

The last network I designed used hundreds of individual network, each web server cluster had 2 private networks and connection to at least 2 other purpose-built networks: 1 external connection to the back-end of the load-balancer shared only among public web servers, a second shared network used only for management of the internet-facing machines (only interface that allowed ssh/sftp access), a third interface only connected between the web servers to sync application data and user state, and finally the last one was set up only for the servers to connect back into the database servers where the listener was configured to only allow connections to the specific DB the web servers needed and further restricted it by limiting what commands could be passed through.

Of course each network also had an IP or two available for packet-capture systems for debugging and performance monitoring (much easier to debug applications when you can just pull the stats from the interface rather than having to filter everything)

*either through the virtualization platform on a virtual server or through the OS (UNIX-like systems and the VLAN interface, Windows and the HW manufacturer's drivers) on physical boxes.

2
4

Forget ski-jumping – Russians setting records in Sochi visitor hacking

Crazy Operations Guy
Bronze badge

RE: SD cards / Read only

You do know that the little 'read-only' switch on the side of the card is merely a suggestion to the host, right?

In the operating system, the only thing that happens when you try to write to a card that is 'read-only' is that the OS will bitch at you, if you use the OS's built-in that is. However, you can just send the raw write command and data directly to the card without any problem.

However there is a read-only fuse built into the card you might have used, but then that would mean you are using old, vulnerable software since you can never reset it back to read-write.

What you should have done was to set your partitions to read-only except for /home, /tmp and /var/log. To update, you would mount the device you are booting from on another machine,edit fstab to be RW and then reboot to the device and update, reboot back into other OS and reset fstab to mark everything read-only. Of course this assumes you are using an OS that is intelligent enough to partition its data properly and not just cram everything in to one giant partition.

0
0

Crippling server 'leccy bill risks sinking OpenBSD Foundation

Crazy Operations Guy
Bronze badge

Re: Try ibiblio.org ..

Simpler than that:

The US doesn't allow you to export crypto software, but Canada does.

0
0
Crazy Operations Guy
Bronze badge

Re: No...

Its referred to in the introductory message pre-loaded into every new user's mailbox and if you read the prompt at the end of installation, it will tell you to run 'mail' once you login. The message in your mailbox is a simple letter from Theo and the Developers about some system basics, ending with the suggestion to read 'man afterboot' to learn more (this mail will also appear for all users created on the machine).

The afterboot page is a basic primer on using OpenBSD and other UNIX-like Operating systems and will point the user to other man pages and tools that would be useful to know (in fact I print this page up for all my users for them to hang up in their cubes) Nearly all of them went from having no UNIX experience to being able to solve 99% of their own issues (Including fixing networking issues, diagnosing hardware problems to being able to install and configure their own Desktop environments and even tweak X)

1
0
Crazy Operations Guy
Bronze badge

Re: No...

They say RTFM a lot because you have a bunch of idiots that install OpenBSD then ask why apt-get doesn't work (Happened this week) or people that ask questions that would have been solved by just running man afterboot or man <command>. The OPenBSD developers are extremely anal about the accuracy of the man pages and docs and people just ignoring them is really annoying.

9
1
Crazy Operations Guy
Bronze badge

Re: Think about this...

Like Linus is much better at talking to the public...

1
1
Crazy Operations Guy
Bronze badge

Re: OpenBSD is included in ... third-party packages ...

Code patches developed by OpenBSD is included in those packages, it should also be noted that OpenSSH is also affected by all this since they are part of the same project/foundation.

5
0

Ex-Google, Mozilla bods to outwit EVIL BOTS with 'polymorphic' defence

Crazy Operations Guy
Bronze badge

Yet another appliance...

I don't need any more crap in the network racks when I already have the BGP routers, forward firewalls, load balancers, anti-malware engine, IDS/IPS system, web cache appliance, vpn gateways, rear-facing firewalls, packets shapers...

Typical Web 2.0 idiot programmer thinking: "I have no time to check my code for security bugs, I'm too busy inventing the next InstaSnapLinkedFaceGram+. Lets just make something to cover this up and make it the responsibility of the Dev/Ops team!"

1
0

Redmond researchers profile Skype scammers

Crazy Operations Guy
Bronze badge

Neither, the algorithm they built was able to detect 68% of the known-spam accounts and incorrectly identified 5% of the known-good accounts as spam.

The algorithm wasn't running for 4 months either, the data they were using was on accounts that have been active for 4 months without being flagged but were determined to be spam accounts.

1
0

SAY MY NAME, ALIEN SCUM. NASA to send 'you' into SPAAACE...

Crazy Operations Guy
Bronze badge

Re: Probably the most expensive 60g anyone will ever buy..

Or HP toner

At one point that stuff ended up costing more than pure, uncut cocaine.

0
0

Chinese Moon rover, lander duo wake up after two-week snooze

Crazy Operations Guy
Bronze badge

Re: Politics v engineering

That's a side panel, not a solar panel. Also, every space-faring nation/organization puts their flag on the side.

0
0

Ready, aim ... exploit! Experts calculate exact moment to launch that precious 0-day weapon

Crazy Operations Guy
Bronze badge

Patched in the future even if the exploit isn't used

Yeah, like that happens...

0
0

Google gobbles Wi-Fi thermostat maker Nest for $3.2 BEEELLION IN CASH

Crazy Operations Guy
Bronze badge

Re: More not being evil coming up

I think its more like that guy in his late 30's buying a $500 hat to show that he "is still hip with the kids" and not some kind of corporate sell-out.

0
0
Crazy Operations Guy
Bronze badge

Re: Stupid American Patents.

A bit of irony considering that the creator came from Apple...

0
0

Italian woman stunned by exploding artichoke

Crazy Operations Guy
Bronze badge

Re: No one said

No one said it because they were afraid of breaking such an ancient relic.

0
0

Bitcoin blasts past $1,000 AGAIN after Zynga accepts cryptocurrency

Crazy Operations Guy
Bronze badge

The real news

is that Zynga is still operating...

3
0

Snapchat vows to shut its hole in wake of 4.6 million user data breach

Crazy Operations Guy
Bronze badge

Re: Data retention...

"pics are from under 18s sending nudeys"

Something tells me that that is likely the reason they didn't take the $4 Billion dollars; someone was afraid their endless stream of porn would be found and they'd get thrown in prison.

1
1

Curiosity rover: While you humans were busy being hungover, this bot hit its 500th Martian day

Crazy Operations Guy
Bronze badge

Re: Predictable

Predictable but has a wide margin of error. That figures given for the life of a nuclear plant is the length of time they can guarantee a certain level of power output.

The rover also has a couple solar panels to power its control circuitry and some of its basic equipment, so it could theoretically keep going indefinitely reporting back the weather, levels of radiation and pictures or whatever else they have the power budget for.

2
0

Snapchat: In 'theory' you could hack... Oh CRAP is that 4.6 MILLION users' details?

Crazy Operations Guy
Bronze badge

Re: > if they can't guarantee that ephemeral really is ephemeral

First law of data on the internet:

If you want something on the internet, it'll disappear the second you look away;

however if you never wanted to get out onto the internet, it'll be there well past the heat-death of the universe.

3
0
Crazy Operations Guy
Bronze badge

Re: useful stuff

They've already proven to be blindingly trustful of people on the internet, just claim to be a new internet payment company that deletes their banking details 6 seconds after the transaction and you can start extracting obscene amounts of cash from them.

I know that most of the users are teenagers living at home, but the same kind of parent that gives their kids a smartphone is also the same kind of idiot that gives them a credit card.

0
0

WikiLeaks Party meets Syrian leader Bashar al-Assad

Crazy Operations Guy
Bronze badge

Re: Is Julian Assange

Probably not for much longer. If his party keeps doing stupid stuff like this, I'd imagine that the Ecuadorians would throw him out to void looking like they agree with the bat-shit insanity of the guy's party.

0
0

Page: