Posts by -tim

Time to register a new domain?

Should I register 'ICANN go to jail.org' because I'm guessing someone could use it in the near future.

Can musical instruments be far behind?

I bet they could do great things if they could get the camera to work out air guitar!

Another way to suck data

Has anyone else noticed how much more data goes to google's servers once you log into one service that uses a google login?

Big Data?

Big Data by definition is the ability to de-anonymise data like this.

You take medicine A and B live in an post code area with a known pollution level. The Venn Diagram intersection of that consists of just you. Repeat for all the rest of the data and other factors. It gets even easier once you can start removing people from the data set since the birthday paradox can be used in reverse. A few trillion iterations through a large data set can keep a modern PC from sleeping for hours at a time.

ROI?

So a billion dollars for about 20 million DNS records. The operation of that database should cost about $1.2 million a year (figure $.06 cost per record which is high). Put another way, about $50 for every .org domain now needs to go to pay back the investment.

Infiltration?

How can you tell if your countries top law enforcement agency has been infiltrated by criminals? They want to ban encryption or allow back doors for their own evil reasons.

Who is the product again?

I see they are like most sites that have mobile phone apps and insist I go to the App store or Google play and won't provide an link to the image. Sorry, but that makes me the product. Add a link to the other device images please.

The lovely problem of a complex problem

One of the great issues of any GPS system is you don't know exactly where anything is at any given time. You know were it was and you can predict where it is going to be but its only a very good guess. The satellites are being tracked but there is a delay between signal tracking them and getting the info into a computer half a continent away. The weather is going to delay signals in odd ways that usually allows compensation using different frequencies but only some times. The clocks are ticking away with some very high degree of accuracy yet subject to all the oddness that relativity in a gravity well has to offer. The ground stations are busy floating on land that is cruising in different directions at a few cm a year which was considered slow and stable until better GPS systems showed drift rate can vary over the months yet maintain a rock solid annual average. Yet in all that chaos, my phone still can display a map of where it is down to a few meters. I guess this problem demonstrated just how related the chaos of all guesses can be.

A change in direction?

So will it get back to at least the level it was 5 years ago?

It's about time

The perl 6 issue has caused much confusion and is limiting future adoption of perl.

Out of all the languages we use, perl 5 is the clear winner in dollars profit per line of code, lines of code needing changes per year and feature set per line of code. Some of the other languages have maintenance costs that are more than 4 times maintenance cost of the perl code base.

Raku has some very interesting concepts and I recommend watching one of Damian Conway's talks about its advanced features.

Not all special characters worked 40 years ago

The tty drivers for the serial port would default to @ and # as line delete and backspace so foo@ was an empty password and 123#456 was the same as just 456.

Satan vs Santa?

The late 80s security tool Security Administrator Tool for Analyzing Networks (SATAN) came with a program called Repent that renamed it to Security Analysis Network Tool for Administrators (SANTA).

Dodgy ephemeris?

It looks like the sats might be sending bad ephemeris. GPS systems send a pulse out like "at the sound of the tone it will be "xx:xx:xx.0000000000". They also send out rough position info on all the other sats which allows a receiver to get a rough position. Once it has a rough position, then it uses speed of light to set its clock better and use that to gauge the difference between each sat and itself. It then will use the ephemeris data to get a precise idea of where the sat is and how fast its moving. That data includes atmosphere model hints as well as calculations for orbital wobble. For those who want to play at home, they are something like 12th order 3d polar coordinate polynomials. They include factors that change the wobble because of things like the Moons gravity as well as factors for Saturn and Jupiter. If there is a problem with the wobble model or the atmosphere model, these sorts of problems will show up.

Noticed, reported up stream, fixed days later

We noticed. We lit up a new IPv6 link and our provider is still using 1999 BGP concepts on filters so we had to debug links without being able to see what filters they had, what routes they were accepting, a silly process that won't allow us to talk to the NOC combined with a "order" system that not only is clueless about IPv6 but crashes when it finds IPv6 addressees where it expects IPv4 ones.

RFC 7454 would imply more ISPs need to look into the "GE" and "LE" values on their BGP filter lists.

In our cases, the unused parts of our /32 were all going to Hurricane Electric San Jose. Makes be wonder if the routers are a fan of Dionne Warwick.

The "high tech, high growth" fund wasn't?

When I worked for a stock market data processing company, we noticed that the total amount of periodic buys that fit a specific pattern matched some of the retirement funds exactly. i.e. we knew what the fund bought before anyone except their management team. They had a fixed formula of taking their nearly billion dollars of new funds each week and investing it in what made the most sense according to their rules and then spreading out what ever was left using some other system that might have involved a dart board or dice. We could watch the option buys where others had spotted this and were gambling on the major buys but we didn't see much evidence of the secondary buys but knowing them would have been very profitable. If a small group saw this in the data more than two decades ago, who is playing the system now? Oddly enough, IBM seemed to be the catchall stock when there wasn't anything making news.

Thin end of the wedge

I've had .amazon blocked in my dns for a long time. I run my own dns server that delegates to what I consider legit TLD and most country codes. Everything else gets an address that tells the proxy and email systems to drop the connection and it cuts out massive amounts of abuse.

The $130,000 is a trivial amount for most companies. When I worked in a sign shop in the 80s, the better neon restaurant signs would have cost $80,000 for one franchise location so if amazon gets their domain, everyone will have to have one too.

Isn't it more like everyone?

Remember the Equifax data leak was households, not people. They seemed to have leaked a recored for everyone living in a house with an employed person in the US, UK and Australia.

If your redirecting these domains in house...

If your redirect garbage domains in house to your own server, change GET to the POST in the handling code and return a cookie and then the log can get much more interesting. A list of potential cookie names can be found in the VPN memory image and the thing gets chatty.

Someone needs to hack a dns local resolver like named/bind to do something useful with regex patterns. It would be so cool to be able to be able to tell it "add regexzone /^[a-z0-9]{32,64}/ ; file local_capture"

Stateless firewalls are the core problem

Most so called stateful firewalls only look at TCP state so if the packet says its not new, it gets handed off through the firewall. Things like VPNs and VOIP tend to use stateless protocols so most firewalls don't do a proper stateful firewall with those packets. Most VPN software inserts packets on the trusted side of firewalls so there will be no end of security issues. Add in the fact that nearly no one checks for IPv6 even though it is on for nearly every bit of hardware around these days mean the old days of Untrusted/DMV/Trust network design was obsolete two decades ago. A modern firewall must be truly stateful (based on its own idea of state, not bits in the packet) and zone based (using names for groups of interfaces no matter what the ip addresses or vlan) or else these issues will keep showing up.

Who cracked their secure enclave?

The scope of these patches makes it looks like someone with talent managed to extract the software from their secure enclave and took a look at it. Someone who was willing to tell Intel about the problems as opposed to those willing to sell zero day exploits.

I'm sure the market will correct

The prices will go up to make up the losses just as soon as $RANDOM_DISASTER happens in $SOME_REMOTE_VILLAGE and wipes out the single source of $DRAM_MAGIC_INGREDIENT.

1st attack to mention write?

Spectre and its friends are mostly academic as long as they are read only. This is the 1st published one implying the ability to change memory. Once there are published public read/write attacks, then the malware people will take notice and then everyone will be shopping for a new computers. Hackers aren't so interested in hacking a system with a one in a million chance of finding a banking password but if they have a one in a hundred chance of getting to an entire password list, they will.

This will just move then to stranger chan boards

A number of videos that my sister made of dance recitals have been found by adolescent boys and "fixed". The initial updates were crudely putting boy classmate's faces on the girls but I'm guessing someone found a pirate version of better video editing software so the fixes got better. Some of the latter work was fortune 500 tv commercial quality. And since these were adolescent boys, most can guess what else was added.

Disgusting old control systems

I worked for company made valve actuators which are the fancy motors that turn pipeline type valves and they had recently finished their new product. The first one installed in Australia at the Longford gas plant on 24 September 1998. I know the day because there is a wikipedia page about the explosion the next day. While the device had nothing to do with the fire, the local news paper had a nice front page photo of the damage to the plant so I sent that back to company with a nice note saying that it did work as advertised. The device had been in debug mode and had recorded quite a bits of data, some of which was used to figure out just what had happened the other side of the plant. At least the company had a nice photo of one of their test sites.