* Posts by -tim

366 posts • joined 10 Jul 2009

Page:

BB10 AND Android? How BlackBerry can have its cake and eat it

-tim

I've just switched to blackberry

After years of playing with different smart phones and always going back to my old S40 Nokia I ended up with a BB Q10 and they do most things right. I used the phone for a week without ever signing up for an account with them and the hardware is happy to talk to my servers and my cloud. The only issues were that it had some trouble importing a few bizarre contacts, its IPv6 doesn't work with my home wifi router, and it can't use just DAV for its calendars and needs CalDAV. It did take some tweaking to the notifications since its default mode is "sleep mode is off mode" which is isn't the best someone on call 24x7. Its permissions for apps is much better too as you don't need to hack the thing to tell it "this app doesn't get that permission". The sand boxing seems to work very well too for both BB and Android apps. I like the real keyboard on a device that was just about as large as I'm willing to carry around.

1
0

Awoogah: Get ready to patch 'severe' bug in OpenSSL this Thursday

-tim

It looks like if you built something aginst the 1.0.1o or 1.0.1n and used the other shared library, someone might be able to do very bad things to your server. Until patch thur comes around, it might be wise to check that the version that is being linked aginst is the version that the programs were built aginst.

0
0

Wind River VxWorks patches some TCP sequence spoofing bugs

-tim

So my $20,000 NBX phone system still has this bug even if I reported it to the owning company at the time? And it still hasn't been fixed?

1
0

Triple glitch grounds ALL aircraft in New Zealand

-tim
Black Helicopters

Didn't the OOD books tell us about this?

Oh wait, the OOD books were about how we could model an aircraft and assume a helicopter was close using inheritance and not about the real world at all.

In the olden days, the flight controllers would write the data on a card and pass it from station to station based on where it was or their best guess if it lost communication. If all else failed, they could grab a pen and make a copy if the plane could be in more than one area.

Modern air traffic control assumes controllers know where everything is all the time. Old air traffic control assumed that the controllers had a good idea but when when things went wrong, all the pilots would continue to a plan and there were ways out when those plans didn't work out even if there was no communication. Oddly enough, one has had far fewer issues than the other with no gains in traffic between the two systems.

0
0

Oracle confirms David Donatelli hired to head hardware unit

-tim

History?

Sun grew because they sold a bunch of systems into computer science departments right before the dot.com bubble and the people who used those knew them as the fastest and best computers they had ever used so when a CEO asked, they recommended Sun. These days that isn't ture so the next generation of specifiers aren't going down that path.

0
0

The insidious danger of the lone wolf control freak sysadmin

-tim

Re: Internal wikis - do they ever live up to expectations?

Internal Wikis can work but only if you have a real librarian to manage it.

1
0

Disk is dead, screeches Violin – and here's how it might happen

-tim

Re: This will kill X blah blah blah!

I can't pop open an hard drive and read the bit stream using a jtag probe. I can with an SSD.

It isn't the controllers that fail, its the database the controller keeps about how it mapped the blocks that fails assuming the controller hasn't decided to EOL the drive. If a file system uses lots of extra data to checksum that, the blocks can be recovered and reassembled. There are off the shelf programs that can recover amazing amounts of data from scrambled blocks of even common file systems so I expect that it is easier to recover some data from a broken SSD than a broken spinning disk.

0
0

Don't panic. Stupid smart meters are still 50 YEARS away

-tim

Re: WHY. in other countries, are utilities ...

North American utilities have been using common form factor meters for years and those meters don't require any wiring changes to swap out.

When this was tried in Australia, there were several homes that had fires soon after someone touched the wiring since the old insulation broke off after being touched for the 1st time in decades. There is also the problem that many old meters had worn out and the new meters provided a huge shocking bill the 1st time they were read.

I don't understand why they don't start putting the smart meters on the poles where the customers can't tamper with them and the can communicate to the world with ease.

0
0

Les unsporting gits! French spies BUGGED Concorde passengers

-tim
Black Helicopters

Industrial espionage goes way back.

Espionage isn't just spying, but actively trying to adjust the outcome to help your side.

One of the first published cases of espionage was when buyers were sent to Portugal to drive up the prices of cannon balls by out bidding the Spanish even if they bidders never bought anything. The result was the Spanish ended up buying inferior product at an inflated price. There was a book published in the 80s or 90s with "C" on its cover that described the details but I can't remember the full name of the book or its author.

0
0

Mainframe staffing dilemma bedevils CIO dependents

-tim
Mushroom

It can't be useless, the power bill proves it

The only thing worse then special mailframe software to keep the big iron in place is special hardware. I used an IBM 3081 with custom hardware add ons. At the weekly status report meetings, the head sysadm used to report the uptime ($today - $install date) in some random time unit (like miliseconds, deca centuries, centi synodic months) which would be recorded and plotted by the manager who never questiioned or recored the units. The sysadm calimed it made the uptime graphs more interesting. Somehow I expect the old array of boxes are still converting power to heat and producing no useful results just like it was doing in the early 80s.

1
2

NBN build contracts rejigged, without Telstra

-tim
Coat

Who does the real work?

It cost about $85,000 to set up a van with the tools need to install and cerify fibre but the only people allowed to operate that equipment have to pass a long certifed test that mixes in a few industries for good measure. The current data cabling requirements include sections so installers don't drill into power in walls but that is just for the datacabling certificates. Electricians installing power points can't touch data cables without an extra cert and data only cablers can't touch the power at all. Working in the pits have other sets of requiements and dealing with pole mounted cable is even more. To get the good subcontract gigs requires several years of training and apprenticeship, the very expensive white van and a ROI that would worry a bank manager that holds a mortgage on a nearly paid off house.

0
1

Facebook farewells flaky SHA-1

-tim
Black Helicopters

Win/win? for who?

I can buy a $80 usb device that does 90 billion sha2 hashes a second from a bit coin vender selling me the slow stuff. What is weak and what is stong is still up in the air. The descracker built by EFF did 90 billion keys a second and cost 1/4 million.

0
0

Turnbull's Digital Transformers discover log files contain more than meets the eye

-tim
Black Helicopters

Prviacy act?

Sending what pages I visit to google is a violation of privacy act stuff. The government shouldn't be using outsourced web analytics packages that are covered under laws of a different country.

The PTV in Victoria already seems to see the need to send my planned journey details (including street addresses) to a company in Germany just so they can tell if my browswer is out of date.

0
0

Patch-crazy Aust Govt fought off EVERY hacker since 2013

-tim
Coat

Is that just electronic attacks?

Do the stats include people just walking off with servers?

0
0

Airplane HACK PANIC! Hold on, it's surely a STORM in a TEACUP

-tim
Black Helicopters

Say it isn't so!

Rockwell Collins says their new moving map needs to be connected to the ARINC bus for some features:

http://www.rockwellcollins.com/~/media/Files/Unsecure/Marketing%20Bulletins%20Rev1/BRS/MBAirshow%204000%20BRS110087.aspx

Virtual pilot's eye view using the aircraft's flight and navigation information. Requires pitch and roll labels to be available on ARINC busses.

0
0

Kiwi company posts job ad for Windows support scammers

-tim
Facepalm

Do they have a qualified candidate already?

I figured they turned one of their many received CVs into a job advert.

0
0

Take cover! Out-of-control Russian spaceship to smash into Earth within hours

-tim
Flame

It fell out of the sky.

https://blogs.nasa.gov/spacestation/2015/05/07/progress-59-update/

1
0

Mozilla to whack HTTP sites with feature-ban stick

-tim
Black Helicopters

Re: why, why, why... what is the point?

Why is simple, it allows the cert issuers to snoop on metadata. While there are ways to do certificate revocation that don't ask the CA everytime you talk to your bank, they aren't well supported. That meta data links your computer to the remote site and typically provides enough data to figure out what pages you went to with absolute certainty just by using the the netflow data (which your ISP is already collecting) combined with the CA's data. Oddly enough you can't do that with http without looking inside the packets. There is no plausible deniability with https as there are records it came from your computer, not your network.

Remember that all major CAs were founded by spooks. Some of them are much better at their jobs than most of the "security experts" on the net.

0
2

PayPal adopts ARM servers, gets mightily dense

-tim

Harder remote exploit vector?

The ARM is much harder to play games with when trying remote exploits as it tends to take many more complex steps than x386 code to acchieve the same hacker goals but they are steps that can be done.

I'll be happy with ARM CPUs for my server loads but I have concerns about how its many instruction sets can be used together to do return based programming when hacked. It would be much happier if I could mark a page a "instruction set type X only" to help prevent any random bit of data being used for remote exploits or even disable some of them on boot so they can never happen.

0
7

Debian ships new 'Jessie' release with systemd AND sysvinit

-tim
Facepalm

Re: systemd a copy of Solaris SMF

AIX was the 1st to try this and it failed. Solaris tried this is failed. Is there a trend?

SMF is a major reason why so many people dumped Solaris 10 (and failed to abandon Sol 9).

However, you only need a tiny little svc.startd program to grab a contract and sleep to the end of days and the old init system is still all there (even in 11.2). Even better, in 11.2 they rewrote all the SMF scripts using a new tool which means a bit of perl script should be able to turn them back in to proper init.d scripts. A modern 11.2 system can be stripped to less than 40 processes outside of what it is supposed to be doing. With 50 processes, it can be both a parent LDOM and root zone too. I've played with system where instead of isntalling pkg://minimal-server, i used just pkg://package.pkg and it is about the smallest sol 11.2 install that I think is easy to make.

1
0

Google: Go ahead, XP stalwarts, keep on using Chrome safely all YEAR

-tim

unsupported?

Tell me more about this "officially discontinued support for XP on April 8, 2014." because it seems to be that they are still supporting it, they just aren't doing it for free anymore. There are plenty of compaines that looked at the $200/year/machine support fee and signed up.

3
0

Daddy Dyson keeps it in the family and hoovers up son’s energy biz

-tim
Coat

Who is keeping score?

He gets points for making prototypes out of cardboard. The fact that his core tech is based on the same concept as a 1956 Filter Queen tech costs points. Since the old school metal one moves far more air at nearly the same pressure, the new plastic stuff isn't such a winer. Dyson also loses points for failing to certify any of their modern hepa filters. Is an H14 or U15 that hard to put in the marketing materials assuming the modern ones can even get close?

/mines the one with the vacuum gauge in the pocket

//and the dust in the other

0
0

Comcast: Google, we'll see your 1Gbps fiber and DOUBLE IT

-tim

2 gig is far behind the curve.

Google's stuff in Kanas City is lots of different technologies since it is an R&D project. All of them can do faster than 1Gig up/1Gig down. A friend plugged his google fiber link (which was supposed to go into his google device) into a 10g ethernet switch and it was getting proper packets. From what I can tell, they are running up to 10 x 100 gig links to each node and then that node is doing 1 gig ether or 10 gig ether or xPON or whatever as last mile. The basic fiberhood had 2 parallel 100 gig connections to 4 nearest and maybe 2 additional long haul connections far away. That is just a guess based on what I've seen in of their gear and packet traces.

1
0

Smart meters are a ‘costly mistake’ that'll add BILLIONS to bills

-tim
Flame

More Smart meter fail?

The 1st smart meters were the ones where they started transmitting so the guy at the meter spent about 10 seconds less at each meter and then someone spent a far longer time with batteries every few years.

The next take was the custom frequency/sms/whatever meters hacked into normal digital meters which is fine for areas with new rollout where there is decent network coverage but not so good in other places.

The local guys decided to roll out an IPv6 Wimax network for their meters which mostly weren't upgraded. Of course people figured out you could torrent over that network with a card removed from someone else's meter. With billions of IP address IPv6 didn't need security because the address space can't be scanned except that we know all 8 bytes of the /64 network number and 5 out of the low 8 bytes which means hacker search space is just a couple dozen million packets.

Then there is the radio in my brain crazy issues to deal with.

I figured a smart system would put the meters up on the poles were they can talk to each other without much in the way, hard to tamper with, fully under the utility control, cheaper because one meter could do many houses. It would reduce risk to burning down houses when the old meter boards had undetected flaws and there would be some redundancy when the new meter was reading far more power use than the old one because someone put in the wrong current transformers.

/two firey icons and no zappy ones?

2
0

Australian online voting system may have FREAK bug

-tim
Facepalm

Re: Ah, political speak...

It means your brown envelope campaign contributions are best delivered to hackers rather than the politicians.

6
0

GoDaddy float values puppy-bothering hosting company at £1.9bn

-tim
Devil

Deep pockets?

Public compaines tend to fold much faster than private ones when the lawsuits come in and they know the were wrong. How long before the 1st class action suit about "they stole our domains" happens?

0
0

A gold MacBook with just ONE USB port? Apple, you're DRUNK

-tim

No sockets or screws can be fine

I would be happy with no sockets assuming the thing is water proof enough to put in a dishwasher or the bottom of a swimming pool. Some how I don't think Apple will be doing that.

0
0

Juniper fights back against white-box world with high-performance silicon

-tim
Meh

A swing and a miss?

They failed to fix the largest weakness in the SRX line which was more low cost gige ports. You can have an EOLed SSG-140 with 26 gige ports and 8 10/100 ports all on their own zones. I like all my servers on their own zone since the ancient 3 zone Trust/DMZ/UnTrust model goes out the window when you can put 34 different zones in one small 1RU unit. If the 8 port cards weren't so expensive, I would be temped to use them for switches, particularly for the employees that loves to click on everything they find on the web and in their inboxes.

1
0

Telstra to let customers access their own metadata for AU$25

-tim
Devil

What call records?

Telstra doesn't store call records, they store billing records and now that some bright bean counter has finally figured out that it cost far more to process a billing record than it does to process a call, they are trying to change their traditional business plan of charging every call. That had the potential for making the ability to track calls go away so when they informed the police agencies that their metadata pool was about to be closed, the politicians stepped in and went down the legislation path.

0
0

Linux clockpocalypse in 2038 is looming and there's no 'serious plan'

-tim
Alert

Broken time?

I had a solaris server wake up in the mid 1800s and its loader wouldn't load shared libraries until the clock was set to something post disco time.

I haven't been able to replicate the problem since its very hard to tell a Unix system to set the hardware clock to that century and reboot.

0
1

Australian ISPs agree to three-strikes-plus-court-order anti-piracy plan

-tim
Facepalm

Who agreed?

Who are these jokers?

From their web site:

The Board consists of:

Not less than three (3) and not more than five (5) positions reserved for the High Revenue members as determined by the annual revenue of that Member during the most recent full financial year of the Company;

Their main guy seems to be a baby in the field except for the experience at People Telecom which was a $90m a year telco reseller.

Why is iiNet dealing with them? They used to keep better company.

0
0

David Cameron: I'm off to the US to get my bro Barack to ban crypto – report

-tim
Facepalm

Even the spooks don't want things that easy.

I propose we rename ROT13 the David Cameron Cypher.

0
0

FBI fingering Norks for Sony hack: The TRUTH – by the NSA's spyboss

-tim
Black Helicopters

So much for solid evidence

IP addresses? Aren't the NK IP ranges some of the most abused via BGP peering? A few tend to flop between SK and China. The last time I pinged one, they seemed to be about 10 ms from a server in Los Angeles.

If the spooks want people to believe them, may they should provide Dear Eater's porn or search history.

4
0

Broadband isn't broadband unless it's 25Mbps, mulls FCC boss

-tim

How about investment incentives too?

Take it one more step. Change the tax incentives so that the best incentives are only allowed for services that can carry 10g/10g today (going to 100g/100g in 4 years) even if it is too expensive every home user. With other steps at the points where the other newer forms of technology allow rollouts today. They should also take some ideas from the EPA Miles Per Gallon about how to measure speed of broadband.

0
0

Verizon wants to sell 'antiquated' copper assets, stick to wireless for voice

-tim

Not an aggressive rollout.

They used to have 63 million land lines. 200,000 a year isn't much even if they are up to 13 million already converted. At that rate, I can see why they would prefer to simply abandon the fixed line stuff.

0
0

TCL confirms plans to 'bring back' Palm – provided you tell it how

-tim
Pint

The palm was great for its day

One of its best feature was that it would work for months on a set of batteries. I even had a modem for mine and it would browse the web.

What I would love to see in a Palm or any other smart phone is a low power mode so it can run a long time where it can do basics like clock, calendar, todo list and wait for the phone to ring. Then if I need to run a smart phone app, it fires up a modern processor that does the fancy modern stuff and then when its done with that, reverts back to the slow but useful lower power mode. The same could be done by putting the "smart phone" in a virtual machine.

6
0

Brit iPad sellers feel the pain of VAT-free imports

-tim
Pint

A problem all over the world

Australia doesn't charge 10% GST on imported packages less than $1,000 because it cost more to do so than it collects but the local retailers are screaming about that. They scream so loud that number of people are boycotting them because of their spite so their sales just keep going down.

Many states in the US now ask how many dollars worth of things were bought online and then ask for sales tax on that but US sales tax only covers goods and not services and gets very tricky with things like software license.

Of course the worst tax of all is the tax on beer

1
0

Google unveils Windows 8.1 zero-day vuln – complete with exploit code

-tim
Thumb Down

More like a 90-day vuln

Is 90 days reasonable when part of that 90 includes many holidays? If code is deep enough, fixing bugs can often have nasty side effects resulting in dead-locking the kernel or worse. If the code was serverly broken, it might require a rewrite of major systems and the access control elements are spread far an wide in modern kernels.

I wish people would stop describing this type of thing as a zero day but I expect that ship has sailed. Microsoft has already had 90+ days to fix it. A zero day is a bug that is actively exploited before the coders know about it.

1
2

ISC.org website hacked: Scan your PC for malware if you stopped by

-tim
Facepalm

Staging servers?

What happened to the practice of doing your content on a staging server and then promoting it to a locked down web server that doesn't have any ability to do much of anything?

2
0

Australia's future tech news headlines ... for 2016!

-tim
Facepalm

Microsoft is still cashing in on the XP

I can see a story like this:

At $200 per machine for XP support, Microsoft is continuing to offer support for the next 5 years. Less popular products such as Win 3.1 and DOS 5 are also being supported for about double the price.

0
0

Ghosts of Christmas Past: The long-ago geek gifts that made us what we are

-tim
Happy

Happy Christmas memories

One of the best presents I ever received was a used 1950s Erector Set (like Mechano) when my father found his old sets in my Grandmother's attic. It had an A/C motor that plugged into the wall and was something like a 60W motor and enough torque to strip gears. It had so many more parts than the recent kit in a small plastic box. The old ones came in a huge steel cases.

In 1975 I ended up with a Tyco HO train set that let me extend the old loop I had had for years. That lead me to wondering how make proper signals lights on track segments and lead me in to the wonderful world of logic gates.

In the early 1980s I ended up with a Radio Shack CoCo and year later an Epson RX-80 printer. By the time the CoCo went into the dumpster, it was like Marvin the paranoid android, the only thing left was the diodes on the left side. The RX-80 still works.

3
0

UK flights CRIPPLED by system outage that shut ALL London airspace

-tim
Mushroom

Its progress! right?

I wonder how many ATC systems were written by people who learned Object-oriented programmingfrom Booch books where the common example was an ATC system that only a programmer would ever consider. ATC systems should never have to consider where the plane is and focus on where the plane might be. Otherwise things get odd when there are failures.

0
0

El Reg Redesign - leave your comment here.

-tim
FAIL

It is April fools day?

If you have to modify the java script to support browsers you are doing it wrong. If it doesn't work in IE 2.x, your designer should be sent off to work for the BOFH so we never need to see their bad work ever again.

1
0

Sony Pictures email hack: The bitter 'piracy war' between Google and Hollywood laid bare

-tim

Re: Are MPAA worse scum than RIAA?

The RIAA used to do good things. They used to help set and promote technical standards for recording and broadcast. Of course that was half a century ago.

7
0

QEMU, FFMPEG guru unleashes JPEG-slaying graphics compressor

-tim

Re: It's probably not what the web needs urgently...

When I had access to a full 24 bit frame buffer in the mid 1980s, I decided to see just how many of the 16 million colours were useful. It turns out that there are less then 200 oranges and even less if you ask "is this brown or orange?" About 8 million of the colours are greys or browns and only about 4 million of the colours result in people being able to name the colour such as "that is a blue".

Later I found out that if you use Gray Code for pictures, they existing gif and jpg libraries would make the images much smaller will less loss.

The oddest thing I found was when we scanned a poster of The Starry Night, our edge detection software found a different picture so either we detected the picture that went through the printting press before so someone should x-ray van Gogh's work.

4
1

Australia to block piracy sites if Big Content asks nicely in court

-tim

Re: "Fly on the wall"

8.8.8.8 goes to a server in Sydney for most Aussies.

1
0

Wanna buy a dot-word? If you want a .pizza the action, now's a chance

-tim
Megaphone

spam from .email?

So far every message from .email has been spam. I've added it to my root domain so it now gets auto rejected.

Other than a few .info sites, I don't think I've seen a legit web site with an alternate domain name.

I've been telling people that visiting the odd dot words are premium sites so they end up being like calling a 900 number and their ISP may charge them for it. The reality is they are more likely to pick up malware.

5
0

The Pirate Bay SUNK: It vanishes after Swedish data center raid

-tim
Black Helicopters

Pastebay??

Isn't Pastebay the new preferred anon pastebin?

I'm thinking this has more to do with the Sony leak than pirate operations.

But was the Sony leak was a result of them ramping up their anti-piracy activity.

We need a gate/horse icon.

2
0

Gigabit-over-copper VDSL successor G.fast signed off at last

-tim
Coat

Many small buildings are also way above the 100m* Ethernet distance when you consider the telco bits tend to be on a far corner and the risers are often in the middle of the building.

* 100 + patch on each end + other stuff.

/Mines the working 219 meter ethernet cable in the pocket

1
0

Drone in NEAR-MISS with passenger jet at Heathrow airport

-tim
Black Helicopters

Were are the Chicken guns?

I figure another major issue is that if one of these things hits a plane, there might be enough stray styrofoam to clog up a pitot tube. Modern jets use a complex system to detect which of the pitot tubes are iced up to select which other ones are more trusted. I wonder if that software will properly compensate for blockages of non-icy materials.

/black helicopters don't care about drones

0
0

Page:

Forums