Feeds

* Posts by gerdesj

249 posts • joined 15 Aug 2009

Page:

GCHQ staff 'would sooner walk' than do anything 'resembling mass surveillance’

gerdesj
Bronze badge

So where the f*** is this coming from?

I regularly see this sort of thing in my firewall logs:

Time If Rule Source Destination Proto

Oct 25 13:53:28 WAN1 Block private networks from WAN1 block 192.168/16 (@67)   192.168.54.1   w.x.y.z ICMP

ie a ping from 192.168.54.1 to my WAN address (w.x.y.z) at home. I've asked my ISP and they say they do not pass RFC1918 addresses (those in 10.x.x.x, 172.16-31.x.x, 192.168.x.x etc etc). 192.168.51 is nothing to do with me nor are the other random attempts I see.

Wonder where the probes come from?

Only tin foil hat wearers need apply.

Cheers

Jon

0
0

Something ate Google's 8.8.8.8 at about eight in Asia's evening

gerdesj
Bronze badge

Re: These are not DNS-Servers

Factually you are correct(ish) However, Unix based systems (at least) will have in /etc/resolv.conf something like:

domain example.co.uk

nameserver a.b.c.d

nameserver e.f.g.h

So the newbie: Windows using the term "DNS server" in their dialogues is fair enough - they are servers that spit out DNS information. As it turns out, a large proportion of the world refers to non auth resolvers as "DNS servers" or "nameservers".

I manage many Windows DNS, BIND, PowerDNS, Unbound, int al and feel I have a pretty good handle on how DNS works. Criticising people for their use of "DNS server" for a "resolver" is pretty low on my list of thing to get wound up about. Incidentally, many of those mere "resolvers" may of course be authoritative for some domains. In which case how do you refer to them?

Perhaps you might also get upset at an Apache instance being used as a reverse proxy being called a "web server".

Now if you really understood DNS 'n' IP to a level where you can get uptight in public and not expect to be flamed then you would have pointed out that MS's biggest mistake was to make it appear that DNS settings are per interface and not per host.

... or to put it another way: how would you like me to refer to a system that does DNS thingies as a resolver, authoritative for some zones and non-authoritative for other zones. I think I'll just call the whole lot of them DNS servers and if I'm not sure what they do but they perform this function then I'll still call them DNS servers. Oh and even if I bother to check the finer details, I'll still call them DNS servers.

Cheers

Jon

2
0

South Korea faces $1bn bill after hackers raid national ID database

gerdesj
Bronze badge

Classic error

It's always a bad idea to make an index number mean something. An index should just be that and not hold data in it. Apart from anything else it limits possibilities. For example they have a field that is 1 or 0 for sex: that dichotomy is meaningless in some cases. The UK driver number is nearly as bad - it encodes your date of birth.

@Christoph: a National ID? Have a closer look at your driver's license and tell me we don't already have one by proxy. If you don't have one then your passport will do the job instead (they are linked nowadays as well). If you don't have either then there are still plenty of other ways to identify you. Got a mobile phone? debit or credit card? Oooh: don't tell me you were born here - you have an NI number. So your NHS card will do the job.

National ID card? Get a grip: we know who you are without some piece of plastic.

Cheers

Jon

5
0

It's 2014 and you can still own a Windows box using a Word file or font

gerdesj
Bronze badge

Where's the daft name and funky logo?

When my Linux boxen fall prey to a nasty they get trendy names and a logo (Heartbleed, Shellshock) with Windows you only get CVEs and a load of blather.

(EDIT:) My word! I glazed over the DougS comment just above here, surely a troll, and re-read the list. Sure enough, the Win kernel apparently does TTF parsing. Sorry mate and as you said: WTF.

7
0

FACEPALM! HP cert used to sign malware

gerdesj
Bronze badge

Scale of negligence

I might being sound of wind and limb suggest that further analysis should that analysis be warranted or required or be intimated of this incident or any other incident now or past or present or future and that incident be connected to this incident or any other incident or happening now or in the past or present or in the future whereby the terms past present or pink goblins be defined hereforeto herewith or my teeth fall out or other bollocks be defined wherein.

Sorry, someone else's day job interferred with my post.

This is negligence of one sort or another. The scale of which probably needs to go to court. On the face of it as presented, in my opinion: it's probably errr should be criminal.

Cheers

Jon

3
0

Rebellion sees Chromium reverse plans to dump EXT filesystem

gerdesj
Bronze badge

Why on earth is this news?

Why would an OS designed to work on devices with presumably USB connections or similar to external devices really need EXTx support? You generally don't use EXTn on them anyway.

Perhaps RAM is restricted in some way on these things. I note that the xfs module on my laptop is around 680KB in size and the btrfs one is a jaw dropping 740KB. Nightmare! God only knows how big the ext ones would be.

I can easily remember when RAM was £30 per 1MB and with some effort when it was priced in GDP.

The world turns ...

Cheers

Jon

3
17

Red Bull does NOT give you wings, $13.5m lawsuit says so

gerdesj
Bronze badge

Re: HAHA HAHA HAHA HAHA

"This is like suing "The Neverending Story" because it ended !!"

No its not. "The Neverending Story" is the name of a film about a neverending story. Following that line of reasoning would mean that Terminator 2 would have had a pretty small audience and T3 would have been a mop up operation.

Jon

2
1

Pen-testers outline golden rules to make hacks more €xpen$ive

gerdesj
Bronze badge

"Most PHB only get concerned when a security threat affects them. If they want to play farmville at lunch, well tough they will play farmville at lunch."

Yep and your carefully crafted Squid ruleset gets neutered to allow them access to gambling sites etc etc.

1
0
gerdesj
Bronze badge

Re: Just a thought...

"Just try disabling your own internet access (I'm assuming you're in some IT role) and see how much work you can get done."

Well for starters - no el Reg and hence a massive increase in productivity 8) But we lose the benefit of their insightful comments.

Jon

1
0

Adobe spies on readers: 'EVERY page you turn, EVERY book you own' leaked back to base

gerdesj
Bronze badge

It's still there

$ curl -X POST http://adelogs.adobe.com/datacollector/ping?id=com.adobe.rmsdk.dev.demac

UP

Where the hell are the script kiddies when you need them?

7
0

Dear Reg readers. I want Metro tiles to replace ALL ICONS in Windows. Is this a good idea?

gerdesj
Bronze badge

There are lies ...

"In your 13 posts (thus far) on this thread, you've garnered 16 upvotes and 84 downvotes. That gives you an approval rating of 19.04%."

Hmmm: 13+84=100 votes cast. So that's either a 13% approval or an 84% disapproval rating depending on which way you want to spin it.

Apples and oranges are both fruit so you can say that 13% of the fruit are apples and 84% are oranges.

Simply dividing apples by oranges like that is only going to leave mixed metaphor on your face.

Cheers

Jon

1
0

Oracle will 'kill MySQL' and steal its users? Ha ha, haha, ha. Seriously, we won't – Oracle exec

gerdesj
Bronze badge

FYI

Ever wondered why its called MySQL?

Monty's first daughter is called My. Luckily he had another, called Maria. Handy when you've got a DBMS to name.

1
0

OpenVPN open to pre-auth Bash Shellshock bug – researcher

gerdesj
Bronze badge

Re: auth-user-pass-verify Option

"Thank god we already migrated to a DirectAccess VPN."

Yep, thank God. You'll be enjoying this month's patch Tuesday - it's a bumper crop. Having to reboot your firewall so often must be a real bugger though.

2
1

'Google is NOT the gatekeeper to the web, as some claim'

gerdesj
Bronze badge

iT just works (tm)

Ahh - so that's how "iT just works" err works. Cyanogenmod nightly builds are more stable than iOS releases at the moment.

1
0

Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open

gerdesj
Bronze badge

Get a grip

"... Scan your network for things like Telnet, FTP, and old versions of Apache ..." and old versions of anything else - FTFY.

I'm not aware of many web servers that run BASH any more. Also BASH normally sits behind other stuff like sshd so IS protected by authentication.

Yawn - can't be arsed to get excited by this: IT IS NOT A HEARTBLEED SCALE SNAG. It's just a bug. Schools and Unis will probably want to patch this quickly though - for obvious reasons 8)

Cheers

Jon

6
17

MOST iPhone strokers SPURN iOS 8: iOS 7 'un-updatening' in 5...4...

gerdesj
Bronze badge

Re: Stats are meaningless

"But still much faster than Android."

Really? I get nightly builds on mine and I get to read the Changelog. Fancy having alternatives like Cyanogenmod available. Damn all that choice.

10
15

Jesus phone RAISED from DEAD. Watch iPhone 6 get BURNED, DROWNED, SMASHED

gerdesj
Bronze badge

My wife managed to chuck her SG S4 though the 2" opening in the car window whilst inside. It hit good Cumbrian limestone (5'+ drop) and somehow only chipped a corner, bounced and then sat in a puddle.

A colleague with the same phone had crazy paving on the screen after a 2' drop onto a stony beach - it hit on the corner as well.

Mine has flown across the room onto a wooden floor and also reacquainted itself with gravity and the tiles in our kitchen from various heights. It's fine.

Conclusion: you need to do a shit load of drop tests to prove toughness. Anecdotes are not data, especially not with the variations possible. Still, help yourself to my anecdotes - you're worth it.

Cheers

Jon

2
0

Mushy spam law's IDEAL for toothless watchdog: Spamhaus slams CAN-SPAM

gerdesj
Bronze badge

Re: Zero enforcement in the UK

Asterisk: Yes you can blacklist which is nearly useless.

On mine I have a message (IVR) that says: "Press 1 if you think we'd like to speak to you, press 2 to leave a message. Unsolicited callers - please hang up."

No spam any more at all. The auto diallers don't know what to do. You can bypass it with a white list for friends and family if you like if they pass CLID (painful!)

Cheers

Jon

3
0

Bacon-related medical breakthrough wins Ig Nobel prize

gerdesj
Bronze badge

Re: "Bad Science"

Yep - "follow the money" is a good mental habit to get into when you are deciding on the validity of something.

For example I note that the iPhone features rather heavily in New Scientist this week and on numerous news sites across t-interwebs, even when the new v6 is not being reviewed.

Cheers

Jon

0
0

JINGS! Microsoft Bing called Scots indyref RIGHT!

gerdesj
Bronze badge

BING was not right

"Bingly-bingly-beep" was badly wrong and demonstrates how crap IT based predictions with funky algorithms and huge budgets really are - cf financial algos and their effects. They had access to vast amounts of data but could not get it right. I notice they only gave a number without error estimates.

The end result was 55%-45% not "too close for error bars" [my term]

I note that Edinbugh, Orkney and Shetland were massively against indy, ie the capital and the two most remote bits of Jockland want to be Brits and good on them.

Cheers

Jon

0
0

Oracle's Larry Ellison quits as CEO – new bosses are Hurd'n'Catz

gerdesj
Bronze badge

Re: The beginning of a long and slow decline...

Who on earth is EDS?

TCFKAE(DS) is a long subsumed business unit of HPEDigiSynPac - and that's only made up of the one's I can recall at the mo ...

Cheers

Jon

1
0

Boffins plot global (browser) cookie crumb trail

gerdesj
Bronze badge

Privacy badger

I run PB in Chrome and notice that el Reg gets a rather high score for the sheer number of third party sites linked. That probably helps explain the page load times being on a par with Facebook ...

1
0

OECD lashes out at tax avoiding globocorps' location-flipping antics

gerdesj
Bronze badge

Re: hmm

"or that it'll need it during rainy days."

The last set of rainy days for my company lasted several years. Apparently it was some sort of global recession. The last one in the early 90s caused me a change of career.

How facile a simple "rainy day" trips off the keyboard. Our staff are damn glad we keep a big brolly handy.

Cheers

Jon

2
1

New Snowden leak: US and Brit spooks 'tap into German telco networks to map end devices'

gerdesj
Bronze badge

Re: Atlas of Cyberspace!

No need for active scanning when you pwn the tubes - just simply listen.

Jon

1
0

Be your own Big Brother: Monitoring your manor, the easy way

gerdesj
Bronze badge

(IoT - Internet of Things)

Homeplugs can work well. Avoid using an extension lead if you can. I have several and reboot times are in years.

Securitywise, if you are worried then you will need to use a more sophisticated router and discover the joys of VLANs. Separate your IoT stuff to their own VLAN and have an aggregator like Synology or Zoneminder on another VLAN. Allow access TO the IoT but not FROM and allow access FROM your aggregator TO your IoT stuff. Allow access TO your aggregator FROM the internet or ideally via VPN only. OpenVPN has clients for any device you can possibly want to use and many routers support it - eg pfSense.

Yes it will be more expensive than your ISP provided pile of shite but its your privacy. Netgear do some cheap 8 port switches that support VLANs and various Power over Ethernet options.

You can run Cat5e externally inside black conduit and then it need not be wife unfriendly and you avoid channeling the walls, although you will need a hammer drill and big bits to get the wires in and out! Phone wiring can run over it as well (an RJ11 can use and RJ45 socket) and satelite cables can be run through it as well.

I use all three of these at home - physical wires, WiFi and powerline as required, including a 60m run down the garden to our summer house for Wifi and a camera with PoE.

Cheers

Jon

1
0

VMware updates vSphere, recommends new security fixes

gerdesj
Bronze badge

Web client works in Chrome on Linux

Chrome's internal Flash plugin works fine with the web client.

0
0

EE fails to apologise for HUGE T-Mobile outage that hit Brits on Friday

gerdesj
Bronze badge

I wonder if someone knicked the cable thinking it was copper. This has happened many times across the UK eg Street(*) a couple of years ago.

Cheers

Jon

* That's the town's name, not a road missing its name.

0
0

Discovery BATTLED 2-foot-long WEE ICICLE on first mission - 30 years ago today

gerdesj
Bronze badge

I remember the launch (I was ten).

Due to the delays, it seemed like the damn thing was lucky to get more than 20 feet in the air. It looked awesome though when it did finally lurch heavenwards.

Not everything in the '80s was shit 8)

2
0

Community chest: Storage firms need to pay open-source debts

gerdesj
Bronze badge

An el Reg comments page that reads like LWN, complete with visitations from the cognoscenti err devs.

Cheers for your work on Samba, Jeremy.

0
0

Experimental hypersonic SUPERMISSILE destroyed 4 SECONDS after US launched it

gerdesj
Bronze badge

Re: Anywhere in the world within 60 minutes?

Mach 6 at what height?

You can have more than one launcher.

0
0

NIST to sysadmins: clean up your SSH mess

gerdesj
Bronze badge

Non sequiter

"Wasn't Heartbleed..."

ssh = Secure Shell, ssl = Secure Socket Layer. ssl != ssh.

0
3

'I'll dance on their graves at 1 MILLION operations per second'

gerdesj
Bronze badge

Meta comments

Comments posted here are meta-comments and hence will require a MCotW section opening for them.

Continue ad-nauseam. Feel free to whitter on about "... elephants all the way down" as required.

Cheers

Jon

2
0

VMware vaporises vCHS hybrid cloud service

gerdesj
Bronze badge

vHot Air

(Shame you have to fill in a body comment - the subject is all I wanted to say)

1
0

Linux Foundation says many Linux admins and engineers are certifiable

gerdesj
Bronze badge

Re: I am not sure if the author is American

Try clicking on Mr McAllister's link at the top of the article and read the headlines of his previous posts and make your own mind up.

Also, are you sure that certifiable doesn't mean http://www.oxforddictionaries.com/definition/american_english/certifiable the same in the US as you are implying?

Cheers

Jon

4
0
gerdesj
Bronze badge

CLP here

Years ago I took a Novell Cert. Lin. Pro. exam (freebie at a conference). I think these are pretty similar.

The "practicum" was a proper job and a bit of a doddle once I'd pointed Apache at /usr/share/doc - but that meant I was working in a similar way to the real world, where man and docs are available. I had to set up users and quotas, Apache, BIND (including zones), Samba, cron and other stuff on two VM SLES servers and a script went through and tested my solutions to the scenarios given.

It's not just a memory test, it genuinely tested whether I could perform basic admin tasks and hence I passed without having to do any revision - I am a Linux sysadmin after all.

I've also done a VMWare VCP - it's a memory test and nothing more. My eight years experience with the products is the useful bit, not the naff exam and quali. I generally park MSCE in the same box - bloody useless in and of itself.

I have nearly got over the use of the term "Engineer" in IT, used for non chartered practitioners but I'm not happy about it. Once upon a time I was headed towards MICE until the building industry in the UK collapsed in the early 1990s recession, just as I graduated ...

Cheers

Jon

3
0

Hackers' Paradise: The rise of soft options and the demise of hard choices

gerdesj
Bronze badge

Eye watering complexity

As has been mentioned above, modern PCs are far more complex and potentially competent than a VAX. VAXen, System/36, AS400 not to mention mainframes and other old beasts I have used did have flaws which were mercilessly exploited but normally for a laugh rather than extortion. Mainly because there wasn't really anything to exploit in the same way that my phone or browser can get at my bank account.

The laptop I am using now has a quad core i7 beastie and 16GB RAM in it. This thing could produce spam email at a heck of a rate, especially given it has an 80/20Mbs-1 connection to t'interwebs. However, Mr pfSense has been to told to stop that sort of nonsense.

The OS n apps on this thing was compiled from source code via the magic of Gentoo but I have no idea whether it is particularly more secure than a Windows box. There could be all sorts of nasties lurking in anything from the Intel microcode, through to Chrome or FF.

I still seem to be the only person accessing my bank account at the moment so it seems reasonable to assume its OK (for now).

Cheers

Jon

0
0

Apple slings fanbois' data at Chinese servers in China Telecom deal

gerdesj
Bronze badge

Wonder if they'll simply hand over the keys to the two additional special services that run on iThangs?

http://www.theregister.co.uk/2014/07/21/ios_firmware_contains_packet_sniffer_and_host_of_secret_spying_tools/

1
0

El Reg's virtualisation desk pulls out the VMworld crystal ball

gerdesj
Bronze badge

More money?

It's bloody expensive enough as it is. If you want to do large data centre then you need Enterprise Plus - and that costs real cash, shit loads of it. Add that to the SANs, switches, cost of racks in CoLo and/or your own machine room and IT is a major overhead. Then you need some OSs, apps, backup stuff, DR site.

Money pit - and a large part of it is the "v" bit - regardless of vendor.

Obviously you can always do the vCloud suite instead and PAY BY THE GB OF VRAM. It comes in three flavours or so.

el Reg - you do know about vCloud - don't you? ITS CHARGED BY THE GB.

Now install: 1x vCentre - 8GB, 1x Ops Manager - 8GB, 1x vNetworky thingie - 8GB + other bits - 8+ GB, Orchestrator - 4GB. You'll also need a vLicenser thing - 512MB (I think), assorted backup things. etc etc. That management cluster is looking a bit big now already and you haven't even deployed a customer VM yet.

Hilarious.

Cheers

Jon

PS I do actually like VMWare - I own a reseller 8)

0
2

Supervalu supermarket stores stung by sneaky sales system scammers

gerdesj
Bronze badge

PoS

"The POS is a MS Windows system, but it only runs the POS application"

Now substitute Piece of Shit for the abbreviation. FTFY

Cheers

Jon

8
1

New twist in China Apple hardware ban riddle: THE TRUTH at last?

gerdesj
Bronze badge

Given that an iDevice has a "secret" file uploader that bypasses the iCloud encryption and network sniffer built in, then security concerns would seem justified.

1
0

World's only flyable WWII Lancaster bombers meet in Lincs

gerdesj
Bronze badge

A flight or two of Phantoms going in and out of RAF Wildenrath made a fair bit of noise over my school play ground in the 70s. As did the air displays they would put on - including the obligatory pair of nodding Harriers mucking about not very far from the crowd.

Watching Starfighters n Phantoms (Luftwaffe) and all sorts of other bloody great military noise makers was how I grew up. Leopards, Chieftans, Lucks, Saladins, Saracens and others would run up and down the road. Oh and Gazelles, Jaguars, Chinooks and others also filled the air.

Dad used to blow things up for a living (ATO) before settling down to quieter pursuits like blowing things up in demos at the local ammunition depot.

Wonder where the tinnitus came from ...

0
0

What's the point of the Internet of Things?

gerdesj
Bronze badge

Re: not convinced, but can see potential

Trev

Please start swearing again.

It somehow seems wrong to see you holding back. Whomever told you to do so, be that editor, pixie or a new drugs regime, are badly wrong. You need to vent your spleen or the consequences could be damaging. No one can go from 20+ highly offensive expletives per comment to zero without serious long term health issues.

It looks like a lack of passion about the subject you are writing on to those familiar with your previous missives.

Jon

3
0

Microsoft KILLS Windows 8.1 Update 2 and Patch Tuesday

gerdesj
Bronze badge

As it turns out

"Any enterprise that goes with Windows at the next refresh is totally moronic. I can't think of one reason for that. Even the Exchange/Outlook pig is ready for culling."

I've just found my first customer who don't do the Windows thing wholesale. They seem quite happy running Linux on everything - quite refreshing really. Things aren't perfect - as you'd expect - but the flaws are simple admin things and not OS related.

They aren't anti commercial stuff, they just don't like MS's offerings. I've just P2V'd their systems into VMware with a dose of Veeam sprinkled in.

This is in the north of Somerset (county) which, for the benefit of our ex-colonial friends, is a pretty rural part of the UK.

Cheers

Jon

8
2

White Hats splat Black Hat chats: Talks on home alarm flaws and Russian spy tools axed

gerdesj
Bronze badge

Talk amongst youselves

It's going to be pretty boring this year at the Mad Black Hatter's Party.

Soon they will be left with presenting how the "who" command can show a list of logins on a Unix box. - ooooh naughty.

4
0

Multifunction printer p0wnage just getting worse, researcher finds

gerdesj
Bronze badge

Re: Apparently ...

>The mid 1980s just called, they want their exploits back.

I was using a Commodore 64 then and hadn't even heard of TCP/IP. I had an Epson DM printer with a weird Centronics to serial interface which occasionally worked. Not sure what Metasploit would have made of my setup.

Perhaps you mean the 90's?

4
0

Pentagon hacker McKinnon can't visit sick dad for fear of extradition

gerdesj
Bronze badge

Re: More anti-US bashing

>> By my non-scientific evidence, Americans are the second highest readership of the Reg, by count (second only to the UK) - I'm beginning to wonder why they bother.

Possibly the highest and almost certainly if you don't restrict "Americans" to citizens of the USA. "They" probably still bother with the reg for the same reason that you do: to have the piss taken. Where would you like me to put it?

Not every comment stream ends up like the above bollocks. Me? I love 'mercania and all who sail in her, but I will agree with whomever (above) whittered on about our strange love of the froggy -our rather than -or. I will obviously fight to the death for "disc" over "disk" however, regardless of etymology.

Cheers

Jon

2
1

Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales

gerdesj
Bronze badge

Re: Headcount growth reduces revenue?

> Revenue is revenue, regardless of headcount.

Aah - you assume that they account in the same way as you or I do (I am a partner in a small business). Perhaps in the rarefied atmosphere they inhabit it is possible to consider the wage bill as a sort of negative revenue.

Or someone needs to reread the article.

Cheers

Jon

1
1

US Social Security 'wasted $300 million on an IT BOONDOGGLE'

gerdesj
Bronze badge

Re: Google, AWS, Facebook

You are having a laugh obviously.

Try replacing the name of the project with "Surface" for example, then substitute the other details as required, adjust the figures accordingly, replace UK with Microsoft and see how one of your poster boys fuck up a perceived strategic direction.

OK you didn't mention MS but the rest have similar screw ups in the bag. G+ anyone?

0
0

Don't put that duffel bag full of cash in the hotel room safe

gerdesj
Bronze badge

Re: If everyone has their own number ...

1066 is the default on a certain make.

0
0

Own a Cisco modem or wireless gateway? It might be owned by someone else, too

gerdesj
Bronze badge

Re: Local management

Probably if these things are like their switches - I often find telnet enabled and cisco as the enable password. Even more hilarious are the number of Cisco switches I find with the default web user/password.

Cheers

Jon

1
0

Page: