84 posts • joined 11 May 2007
It appears now, however that is likely to be due to a number of news sites linking to it, which wouldn't otherwise have happened and thus not brought its page rank etc up so high...
Re: There are plenty .......
Just don't follow the model used by Ofcom in the UK, whereby they accepted BT's proposal to split themselves into three parts (BT retail, BT wholesale, and BT Openreach, with the latter being the 'local loop' part), leading to a sort of corporate schizophrenia and now basically ends up with the different parts blaming each other when something goes wrong, and bouncing the fault backwards and forwards and not actually fixing it (and trying to charge the customer for the privilege with SFI2)...
Re: As if this will make people happy!
'WIMP GUIs have always been designed to provide neophytes a way to discover functionality for themselves and learn the keyboard shortcuts as they do so.' - can you explain then why with the Ribbon in Office MS have been actively discouraging the use of keyboard shortcuts?
Re: Backups ?
There's a small pub chain that will let you buy beer *directly* with bitcoins: http://www.individualpubs.co.uk/bitcoin.html
As I understand it this wasn't actually a DNS amplification attack as you described in the article, instead they were sending DNS requests with the source address spoofed to be the target, causing the DNS servers to send its response directly to the target. As the request is quite small it isn't too difficult to send lots of them, and by targetting the request appropriately you can get the response to be quite large, thus causing the DDOS.
This also means that often simply turning recursion off in BIND is not sufficient, as in the default configuration it will likely (depending on which version of BIND) still return the list of root servers as a referral instead of simply refusing the query. The list of root servers is quite a large response on its own, and thus can be used in this attack.
The magic line you need to add is "additional-from-cache no;" - this will stop that behaviour.
They seem to be claiming that from the grid and the entered code you can't work out the pattern - this is true if the grid is a suitably randomised set of numbers with numbers occurring multiple times in different places etc, however surely all a MITM attacker needs to do to get the pattern, is display a grid with numbers set up such that you can identify which ones were selected (with 10 digits and the grid the size they suggest you'd need to do this 2-3 times, but that's probably not a big deal), and then you have the pattern...
Re: Killed by numeric overflow?
I think what he was referring to was the way the same overpressure wave which damaged the TPS also caused a body flap to be deflected beyond the point where damage would have been expected...
As I understand it they were wearing pressure suits, so they would presumably have survived the decompression of the cabin at least for a short period?
Sadly the ISPs are looking at CGN
Unfortunately the ISPs see the answer as Carrier Grade NAT (CGN) - while for a fairly large proportion of their customers this will likely work (most *commonly used* protocols don't require you to have a public IP, the only notable exception that comes to mind is BitTorrent, but I'm sure ISPs won't mind causing their users problems there!), the big thing they're missing is that it won't be long before we start having services that are IPv6 only (as the providers can't get any IPv4 addressing for them), at which point CGN doesn't help...
Re: Speaking of Armstrong
While I'm not denying the Apollo astronauts were very brave to take on such a lot of risk etc, it is worth mentioning that the LLTV was always going to be much more unstable than the real lunar lander, as it was operating in an environment with 6 times the force of gravity than the LEM was going to operate in, so having to bail out of it was unlikely to add any significan worry over the real thing...
Do it gradually?
Surely the solution here for any competent ISP is to gradually block subsets of customers from accessing these DNS servers in stages, and handle the support calls over time rather than waiting for them all to get blocked in one go and have a deluge of phone calls to deal with...
How does this differ from their other fibre products?
How does FTTP differ from any other BT product involving fibre installed to the premises (such as WES/BES), other than it's presumably a bit cheaper?
They're not a patch on Russ Andrews - they've had several ASA judgements against them (e.g. http://www.theregister.co.uk/2011/01/13/russ_accessories/), with no sign of stopping (just tweaking the wording of their claims so they can't be proved wrong)...
It's like with DVDs...
The thing is I suspect a lot of people don't want the logos / anthems / graphics etc anyway - it's like with a DVD / Blu-ray how when you put it in you have to watch (as they make them unskippable) a load of anti-copyright messages (and in some cases trailers), followed by a useless menu all to actually start playing the film. This is vs a pirated film where as they tend to only pull the movie you stick it in and it plays - why does the pirate get a better user experience than someone who has paid for the film?
I was pleasantly surprised by the Blu-ray of Die Hard 4, as although from memory it did have the copyright notices, after that it actually did just start the movie, with the menus etc all available as overlays. I wish more films were like that...
Is it not possible that due to lack of thrusters etc to maintain an orbital rate rotation such that it was facing the same direction from Earth's PoV it's just gone in to a mostly inertial attitude (i.e. 50% of the orbit it will appear to be facing the 'correct' way, 50% of the orbit it won't)?
While I agree they're annoying there is at least a reason for them - with a 'booking fee' the entirety of it goes straight to the venue, whereas if they just increased the ticket price the increase would normally be split with the film (or the producing company in the case of theatre), so to make the same amount they would have to increase the ticket price significantly more (hence it's actually better for you in the long run)...
We don't know it's actually *logging* anything
All the video shows is that it is receiving events when keypresses are made etc - there's no evidence from the video that it is actually logging and/or transmitting any of these on. It might simply be that in order to get the events it reasonably needs for diagnosing issues it has to get *everything* and then ignore the things it doesn't.
On the other hand, it could of course be logging all of this which would be bad, but compare it to for example an AV application on a PC, which does intercept a lot of things to check for viruses, but is not syphoning off any of that data etc...
One of the biggest issues with laying any sort of fibre network is the fact that fibre optic cables in the ground are subject to (believe it or not) business rates, though on a very strange scale (it gets significantly cheaper per fibre the more you have, such that it presents a big barrier to entry for new players who will only have a few).
Combined with the fact that because BT apparently don't know how much fibre they have, they have a deal worked out with the valuations office, that (from 2010 figures) means their bill comes to £255m, but if worked out (very approximately) on the distance rules everybody else pays should be over £1bn...
OK taking each point in turn:
- Privacy extensions (on by default in Windows and some other OSs) negate this as the machine rotates IPv6 addresses regularly
- The *prefix* is tied to the ISP yes, but by using router advertisement should the prefix change the only change needed is on the router and then everything else should just work (note that in most cases the router will handle it automatically)
- OK I'll give you this one, writing IPs is much harder, however needing to use IPs is becoming much rarer now
- In a consumer / SME environment you would expect IPv6 devices to ship with a ruleset that is secure by default, and require some sort of 'advanced' mode to remove the 'block inbound unless related to outbound' rule that makes it do the equivalent of a typical IPv4 NAT device
Might not be a mobile
If the hacking was as has been widely reported by setting the caller ID to be the mobile you wanted to hack and dialling the voicemail access number, then I doubt this is a mobile, but most likely a phone on its own ISDN or similar set up to allow it to specify caller ID...
Surely at worst this kills binaries on usenet?
I would have thought that at the worst case this would kill putting binaries on usenet, not usenet entirely, since surely the simplest solution is to just strip all binaries from posts?
All sounds good in theory...
...until you realise that a lot of Communication Providers (CPs) who offer local numbering have to have a block in every area code, and given restrictions due to the traditional telco's equipment not being able to cope with smaller, some of these blocks are 10,000 numbers big. This means that for a provider with the smallest possible block in every area code they end up having an annual bill of £400,000 (if they were to charge for every area code, which I'm sure will be the next step).
If they charged based on numbers actually in use, or only charged if the provider couldn't cope with a smaller block (i.e. give the companies whose equipment needs updating a financial incentive to do so) then it might be OK, but as is it's just going to put smaller CPs out of business...
Don't they use them already?
I thought they used them already in some places, I've certainly had problems where both my Virgin Media cable broadband has failed, and I've not been able to pass any data on my Three 3G stick, so I had always assumed there was some shared backhaul somewhere (I live very close to a mast)...
Experienced this at a previous job
I was doing an internship in the IT dept for a UK software company a good few years ago now - we had a large batch of GX270s and I think we had a Dell engineer out on average once or twice a week to replace a motherboard - we even had a couple of 'loan' machines we'd swap out with users desktops when they failed.
The really tedious thing was we couldn't get Dell to agree to just replace all of them in one go, or leave us with a stock of motherboards and instructions on how to replace them oureslves, so every time one failed we had to call up the support team (in India on a very bad quality line of course), and explain to them that yes it's the same issue we've reported on n other boxes. It was amusing what they sent the engineer out with sometimes - he'd turn up with a new PSU despite the fact we had made perfectly clear it was faulty capacitors on the motherboard!
Name and shame?
That's a bit worrying - care to name and shame the operator so people know who to avoid?
Caller ID spoofing
My understanding is the way they got in is by spoofing the caller ID to be the mobile number, which with an appropriate connection in to the telephone network is quite trivial (though normally against contract terms, and possibly against Ofcom rules). Getting such a connection is not particularly expensive or difficult...
The voicemail systems then naively trusted this caller ID, and so believed the call was coming from the mobile itself, so let it in without asking for a PIN.
This has since been rectified by most (all?) operators so it now actually checks if the call originated from the network in addition to having the right caller ID...
no, there are cables that meet the spec, and cables that don't...
With a digital standard such as HDMI, a cable will either meet the specification, and pass through the data with a suitably low error rate that it can do the required level (e.g. 1080p), or not - once it meets the spec, it can't get any better.
Show me a proper double-blind study of sufficient size to prove otherwise and I'll happily eat my £5 HDMI cable...
QoS might help
Part of the problem is if your upstream is saturated, then the decisions the cable modem makes about what to drop are often braindead, and leads to some of these issues.
By putting in place appropriate QoS at the router level that means what leaves your router is capped to the level of the upstream link, you can make sure your prioritise interactive things such as games, VoIP etc at the highest level, TCP ACKs at the next, and everything else (so large downloads, web browsing etc) at the lowest - when I did this on my connection everything suddenly became a lot better!
IPv6 to the rescue?
Interestingly this is an area where IPv6 will actually help to prove your innocence - because you don't use NAT, and each machine has a unique address, it's easy to show that it wasn't your PCs that accessed the material, as the server will see the unique address, not a random single IPv4 address that only identifies the connection.
Of course, there's nothing to stop the clever person from changing the IPv6 address they use when accessing dodgy things, but it should make it easier to clear people who obviously wouldn't know how to do that...
"We do look forward to Virgin confirming that they will open their infrastructure to enable all companies to have the opportunity to invest in a new fibre future."
Virgin didn't have most of their infrastructure (at least the ducts etc) put in at public expense, so they are under no obligation to open their infrastructure if they don't want to, unlike BT who inherited most of their network from the GPO...
Please not as much CGI as the specials
The thing that most annoyed me about the specials, was the CGI used to create Red Dwarf - it was ridiculous as everything looked far too 'shiny' compared to the sets in the previous series, not at all what you'd expect given the cleaning is supposedly down to the crew and the scutters!
Re: ACQ/CDB Call Routing
The UK does indeed still use onward/indirect routing, and not ACQ, for both fixed and mobile numbers, thus calls are still routed via the donor network. Ofcom rescinded its mandate that they move to ACQ after Vodafone (supported by some of the other MNOs) appealed to the Competition Appeal Tribunal (CAT) claiming that Ofcom's cost benefit analysis didn't prove the need for change. CAT agreed with Vodafone, and thus in November 2008 Ofcom set aside its previous statement and removed the obligations...
They have managed to get mobile porting to happen relatively simply (call up get a PAC from losing provider, give it to gaining provider), and other than issues like this it seems to work OK, but for fixed line it's even worse - the gaining provider has to send a Letter of Authority signed by the customer to the losing provider, who can reject it for one of about 52 different reasons (some seemingly stupid), and then takes about 1-2 weeks to happen!
Three and cancelling
It took me 3 attempts to get them to cancel a 30 day rolling contract on a data SIM where I didn't even want a PAC etc - they do just keep going round in circles, and on I think 2 of the calls I just got fed up and hung up - finally got it sorted by submitting a complaint which got someone to call me...
I can't remember where I read this so not 100% sure if it's right, but I believe a lot of the tabloid voicemail hacking was possible not due to guessing the PIN, but due to stupidity in mobile operators systems.
AIUI the issue is that they trusted caller ID coming from other networks, hence whoever did it simply got a phone line where they could set the caller ID to whatever they wanted (which is difficult in the UK, and almost certainly against the terms of whoever provided the connection, but not impossible), set it to present the mobile number they were trying to hack, then dialled the operators voicemail system - as it thought it was a call straight from the phone it let them in without any PIN checking.
I believe the issue has now been fixed on all the major operators, so they no longer trust caller ID from outside their network in this way...
If he needs funds to appeal it / get a judicial review etc, then I'm happy to make a modest donation (as I suspect many other people would be)...
The beeb article also has some mentions around open source:
He insisted the government was committed to using more "open source" software to save cash - but had to balance this with concerns about how easily it could be "hacked".
I'm confused as to the logic of that statement - if they'd said something about useability concerns sure, there's an argument to be made there (not saying I necessarily agree with it, but there is contention), however to say that we can't use open source because it's easily hacked is ridiculous...
Surely the easiest solution is just build your faraday cage or whatever in two layers with an air gap between them. Obviously you'd need to have a few supports to keep everything structural, but make those of a material very different to steel (and one very poor at conducting ultrasound) and you're sorted?
Have they not heard of aggregation?
Surely you just filter the entire /64 the person is spamming from, best practice is for each unique customer to get their own /64, so that shouldn't cause any issues with one customer causing problems for others.
You can then quite easily do a bit of checking and if you build up a large number of /64s you block the containing e.g. /48 or whatever. Given I've just come up with this in about a minute, you'd expect the anti-spam companies to have already sorted it given they've had since 1998 to do so!
Well, firstly it's route flap damping not dampening (you're not making them wet!), but I think you could probably get round that by ensuring the time between the link going down and up was enough not to trigger the damping logic - plus it's my understanding that a lot of ASs only implement RFD on external links, so if you hit the 'right' link within an AS you could still cause lots of issues...
Re: >only affects small business?
Assuming you're VAT registered, then it all depends on who your customers are, if you are a B2B supplier, then your customers are likely VAT registered anyway, and hence the change only makes a cashflow difference to them, as they're going to claim the VAT they've paid back anyway, thus not a big deal - no change to your profit margins as you claim back the increased VAT from your suppliers etc.
For a B2C supplier, or supply very small businesses that aren't VAT registered themselves then it's more tricky as at that point your customers likely care about the 'including VAT' price rather than the excluding, so your goods will have just become ~2.1% more expensive to them, unless you swallow the rise in which case your profit margin decreases obviously.
If you're not VAT registered at all then your costs will likely have increased ~2.1%, so you have to decide whether to pass that on etc, and at that point it can have an effect on your profit margin. Note that most fixed costs like energy bills etc are either not VATable at all, or charged at the reduced rate which is unchanged at 5%, so there is little change there.
Re: Where did they get 1000s of Mega supernodes at zero notice?
It's unlikely they 'promoted' lots of 'ordinary customer peers', as it isn't something you choose when you sign up to Skype whether you become a supernode or not, it's done based on the type and quality of your connectivity, so if you fire up Skype on a very good internet connection (no NAT, lots of bandwidth etc) you'll almost certainly become a supernode and start handling directory info and routing other people's phone calls...
I suspect they got these thousands of 'mega supernodes' from somewhere like Amazon EC2, or other cloud providers - with something like that once you've set up one image firing up thousands of copies of it is trivial, it's not like they had to set each one up manually.
One easy fix...
...they could make is to instruct public sector purchasing teams not to put "must have experience of supplying product/service X to the public sector", and just have "must have experience of supplying product/service X" in their tendors - that would open up the market significantly rather than limiting it to the ~3 big public sector suppliers!
The issue is the system the UK uses for number routing - communication providers (CPs) get allocated a 1000-number block, and other CPs then send any calls for that block to the particular CP. Aside from the number wastage problem, it also makes porting difficult - we have to use a system called onward routing which means the CP who 'owns' the number block (the donor CP) forwards calls to a ported number on to the CP who now has that number. Porting a number that has already been ported then gets even more complicated as you can imagine!
Internationally the UK is actually held up as an example of how not to do it - if (like most countries now) we had a central database then porting gets much simpler (just update the relevant DB entry), and you no longer have to issue 1000 number blocks - you can do much smaller allocations (even down to single numbers) without problems. CPs can also return numbers they no longer need. It even has the benefit that you can specify multiple ways to connect a call, so a VoIP provider calling another VoIP providers number can keep it pure VoIP rather than having to go via the PSTN.
Unfortunately, it's the large carriers like BT who will likely be against this, as it would end up quite expensive for them to adapt all their systems to do this central lookup rather than onward routing, and have very little benefit for them. Being the large carriers, they have a lot of influence with Ofcom etc, so it's likely nothing is going to happen in the short term...
Re: I saw this...
> But what's the harm of telling them the name of the first bird I ever snogged?
They might suggest to her that she add you as a friend?
Given the comment about 'recalling' it, it looks like they might understand Outlook, I think claiming they understand email is giving them perhaps a bit too much credit...
The worst thing is even the opportunities that public sector organisations do put out to 'open' tender, they normally stipulate such strict absolute requirements (e.g. must have been in business x million years, must have provided similar services to at least x other public sector organisations etc) that they basically preselect who can tender as very few companies properly meet their requirements, despite many companies being able to offer a decent service at a fraction of the price they pay the 'big boys'.
I realise they need to ensure some amount of stability (you don't want to go through the hassle of setting up a 3 year contract for the supplier to then go bust the next day) and need to get proof the supplier knows what they're doing, but the way they do it at the moment with such strict requirements is just wrong...
I don't know how this works, but if Apple have e.g. a UK office that actually handles the transactions, do they pay corporation tax on UK profits, and if so how does that compare with rates in the US?
Not trying to defend them (I'm a long distance from being an Apple fanboi!), but wondering if there is a possible reason here that they charge slightly more so they make the same post-tax profit or whatever...
Even the Reg can't get it right...
I kind of expected the sensationalist reporting on other (less technical) sites, including comments like "reboot the internet" etc, but I did hope the Reg would get it right...
"rebuilding the digital map used to route traffic on the internet" - DNS has nothing to do with how traffic is routed, that's managed by routing protocols, the primary one in use being BGP.
"to guard against the possibility of surfers being deceived by forged web sites or spoofed emails" - DNSSEC does not stop someone seeing a spoofed e-mail and following a link - what it protects against is DNS cache posioning and the like, it will make absolutely zero difference to the multitude of phising e-mails that exist.
Re: NASA channel
They don't actually have to do the campout procedure, they used to just do a load of prebreathing of the right concentration of oxygen to purge the nitrogen from their blood, but have discovered that it's difficult to don the suit while maintaining this protocol (you can only breathe 'normal' air for a small period of time without having to start again etc), so the campout makes life much easier for them...
Unfortunately this is something most people fail to understand - it's why I have to start going in to long explanations to potential customers of why my email2fax service doesn't accept .docx files - even though they may claim to be an ISO approved standard - in reality they're not, and there are no 3rd party libraries that properly implement decoding them!
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs
- Episode 4 BOFH: Oh DO tell us what you think. *CLICK*