* Posts by gerdesj

803 posts • joined 15 Aug 2009

Page:

UK's 'superfast' broadband is still complete dog toffee, even in London

gerdesj
Silver badge

"It could be way worse, you could be in the rural US. "

I agree but it does seem a bit daft that a small, highly populated and pretty damn rich country can't manage decent connectivity for all.

0
0

Nearly two billion in the bank and yet this VC is slowly losing his beach-blocking battle

gerdesj
Silver badge

Beach kit

Surf board - check

Towel - check

Sunblock - check

Budgie smugglers - check

Wet suit - check (oh sorry: CA not Cornwall) no need

Hacksaw - check

Lawyer - check

Off we go to the beach.

3
0

Reskilling to become a devops dude could net you $105k+

gerdesj
Silver badge

Re: /dev/ops

I have a udev rule that fires when /dev/null is created and symlinks /dev/ops to /dev/null. I then send relevant content to where it belongs, by writing it to /dev/ops.

1
0

Batten down the hatches! OpenSSL preps fix for high impact vuln

gerdesj
Silver badge

Re: Maybe we should Open Source Government.

"amanfromMars? Is that you?"

No: awomanfromvenus is foaming at the mouth today 8)

3
0

'Feature-complete' Windows Server 2016 preview 5 lands

This post has been deleted by a moderator

The Internet of Things edges toward a practical reality

gerdesj
Silver badge

Samsung

*sigh* Samsung: I love you *sigh* and so do all el Reg commentards.

Anyway, time for something insightful or something. I'm scared of my Sammy telly. The bloody thing has a mic and I know it listens. It is on it's own VLAN and I must get around to cracking it: I know it port scans the local area (I have the logs) and if I were to be a little uncharitable I might suggest that it is a bit of a trojan horse (for ad revenue).

4
0

America edges closer to get-a-proper-warrant-to-read-my-email law

gerdesj
Silver badge
Childcatcher

el Reg child hunter icon is iconic

"Under ECPA the police could examine any email that had been read"

How do they determine "read"? This is apparently under the old regs.

"... including a requirement that the government inform people when it forces companies to turn over their information ..."

Now that is the important bit. I don't know about the US but we have some nasty regulations (laws) in the UK eg RIPA. For example I am an IT consultant. If I am "required" to spy on someone under RIPA then I would be criminalized were I to make that fact known to anyone else at all (possibly including myself).

Not nice.

Still, Ms May (and many other Home Secretaries in the past) seems to think we should go further in some way. I'm not too sure how many more civil liberties are left.

Sorry I spent too much time editing, this is what I meant to write

9
0
gerdesj
Silver badge

"Under ECPA the police could examine any email that had been read"

How do they determine "read"? This is apparently under the old regs.

3
0

Is VMware the power it once was?

gerdesj
Silver badge

"... and whilst it still suffers greatly ... in terms of management ..." - You put your finger on the major snag - right there.

"the favourable licensing" - for whom? Not everyone runs Windows for everything.

"and less steep learning curve" - really? For example, I defy you to get iSCSI working quickly on a HyperV cluster compared to VMware. The MS initiator is horrendous in use. Sorry: the MS GUI for the iSCSI initiator is horrific. I could go on and on.

VMware is by no means perfect (recent CBT snags buggering up backups spring to mind) but it does get out of the way more often and let you crack on with the job in hand.

3
1

Blighty's SMB tech ranks bitterly divided on Brexit

gerdesj
Silver badge
Childcatcher

Statistics

"found 60 per cent of SME owners would vote to stay in the EU with less than one-in-five (17 per cent) supporting Brexit"

Why is it so hard to accurately deploy statistics?

Sample size was n out of a population of m. Those in favour of remain was w, those in favour of (Br)exit was x, undecided was y and those unable to answer properly was z. By all means use percentages, provided that the sample size is given.

Do that and you will be a man my son.

8
0

Amazon attempts rule fudge to take exclusive control of new dot-words

gerdesj
Silver badge
Megaphone

bugger.off

.

This is the second time I've had to put some text in where a single dot would have sufficed to enhance the quality of the comment stream so far 8)

2
0

How innocent people 'of no security interest' are mere keystrokes away in UK's spy databases

gerdesj
Silver badge

"Ah, but how do we know you are not of interest, James 51? What is it that you are hiding from us??"

Quite right AC or should I say: Number Six. We know what you are hiding.

1
0

Ubuntu 16.04 LTS arrives today complete with forbidden ZFS

gerdesj
Silver badge

Re: memory requirements?

"I thought the big problem with ZFS was its vast memory requirement? 1MB of cache for every GB of disk or something.."

1GB of RAM per TB of disc is the rule of thumb you were thinking. However, see http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guide which simply states that 1GB or more is recommended.

The idea of having a decent sized RAM cache is not unique to ZFS but recommended for *all* file systems.

11
0

All-Python malware nasty bites Windows victims in Poland

gerdesj
Silver badge

Track-tastic

When I click on the link to PA's website, Privacy Badger and uBlock Origin go berserk. The page continuously reloads. Not the best.

3
0

MIT boffins build AI bot that spots '85 per cent' of hacker invasions

gerdesj
Silver badge
Childcatcher

Right, I've skimmed the pdf. It is the real deal, sort of. They do not use the same data in the testing phase as they use for training. They do use a multi layer neural network thingie (it's been years since I messed around with perceptrons etc and it's been shuffled out of my head).

They only consider web server logs and only three threats (see 8.1).

AI? My arse! However I think it is a good start in the field. I suspect that once trained and running these things will be quite low cost, computationally speaking and they can learn from the human feedback whilst operating on operational data.

Remember kids, in this field there is no magic appliance which will simply make NIDS easy and hands off. It's fecking hard.

6
0
gerdesj
Silver badge

I'm not sure that testing on training data is too bad depending what is underlying the thing. However, ideally the test data is another set, rather than the original.

However: "it alerted a human analyst, who identified whether the software got it right or wrong"

I spend a fair amount of quality time with log files and HIDS/NIDS and it can be bloody hard to spot the signal in the noise. So this probably means that the logs have been marked up already and are a bit artificial or there is the possibility that the human gets it wrong as well. In the latter case the 85% hit rate had better grow some error bars. +/- 10% would be a good start, I think.

Ho hum, time to actually read the links. I'm a commentard: comment first before getting clued up

0
0

Academic network Janet clobbered with DDoS attacks – again

gerdesj
Silver badge

Re: Is janet still an actual thing?!

cowsay doesn't work very well in a proportional font and leading spaces removed.

3
0

How much faster is a quantum computer than your laptop?

gerdesj
Silver badge

"OK, I promise not to get out over my skis. I wouldn't know how."

Me too. I've been a skier for over three decades now (not all the time) and can't quite work out what that means. From the context I think: "Let's not get ahead of ourselves" - a far more logical and understandable phrase!

2
0

UK web host 123-Reg goes TITSUP, customer servers evaporate

gerdesj
Silver badge

"An error on the script showed 'zero-records' response from the database for some live VPS. For those customers,"

This appears to explain that their monitoring system is a bit more macho than the ones I'm used to.

5
0

Australia's Dick finally drops off

gerdesj
Silver badge

Re: Next on the list

"... you need something NOW ..."

Absolutely. I have often needed something right now and Maplin has often had it available. The staff in my local one are pretty clued up and I am very grateful for the suggestion of a better soldering iron to replace the shit el cheapo jobbie I picked without asking advice on a previous trip. They didn't simply point me at the most expensive one in stock but "this one is a bargain at the moment" and then explained exactly why.

5
0
gerdesj
Silver badge

Re: Venture capitalists

"I read that as vulture ..."

Me too, that was a dreadful waste of an opportunity and now spoiled for the rest of us 8)

2
0

Daft Punk: Snowden goes electronica

gerdesj
Silver badge

Re: Snowden is not a hero..

You have a moniker that appears to imply you like to get bestial with chickens. Nothing particularly wrong in having such a moniker unless it actually implies your predilection for such things.

However, in the kind of world that the likes of Mr Snowden is valiantly attempting to avoid, you will not be able to call yourself Ch1ck3nSh4ggr. Actually, you wouldn't even know about people like Mr Snowden. You would blissfully carry on worrying about your first world "problems".

I'll go out on a limb and suggest that you subscribe to the "I've got nothing to hide, so ..." mantra as well.

3
2

New strain of data thieving malware Qbot unleashed

gerdesj
Silver badge

The write up by BAe is worth a read

Anyone only relying on AV should read the section entitled "Server-based polymorphism", think about it, go and change their trousers and start thinking about NIDs, egress rules on their firewall, and the whole panoply of stuff you really need to defend against the current swathe of baddies. Oh and sort out your backups while you are at it.

0
0

Microsoft account-hijacking hole closed 48 hours after bug report

gerdesj
Silver badge

"Really ???"

My thoughts entirely. Mind you, this isn't a real bug until it has a silly name, logo and website.

4
0

Android gets larger-than-usual patch bundle as researchers get to work

gerdesj
Silver badge
Gimp

Android gets larger-than-usual patch bundle

Yet I don't see my bloody phone doing a patch Tuesday. To be honest I'd be glad for a patch Qn. Obviously I am talking about an ancient unsupported mobe - Sammy G S6!

11
0

Egypt unfriended Facebook for Free Basics snoop snub

gerdesj
Silver badge
Childcatcher

Re: gives Facebook a captive audience

"As free as first sample from a drug pusher."

It's not for nothing that IT suppliers and drug pushers both describe their income as coming from "users". Now if only those suppliers always gave their wares away, all the time, instead of just the initial hit.

1
0

JAXA confirms ASTRO-H breakup

gerdesj
Silver badge

Re: Orwell would be happy

@AC Didn't know whether to UV or DV you.

"Cover up" has multiple meanings depending on scale and context. "cover up" meaning attempting to deflect attention from their lack of understanding due to lack of information does not amount to a concerted "cover up".

There is a difference.

2
1

Tay talks back: What made you think you beat me?

gerdesj
Silver badge

Tay

The bloke you misquote at the end, Ozym ... Osmo ..... whatever, anyway he had great calves. You don't.

You probably won't be able to parse the previous sentences, let alone understand them.

0
0

Intel invokes the ghost of Andy Grove to standardize cloud market

gerdesj
Silver badge

"In the future we'll look back and say that cloud had a bigger impact than the invention of the PC. It will extend around the digital world and make service massively accessible to all."

Bollocks

7
0

China wants a 'Go' at Google's DeepMind

gerdesj
Silver badge

Re: Ultimate thinking

"A "magic 8 ball" can do that. It's not the excuse, it's the delivery that counts."

Great line, delivered flawlessly but I'll raise you "fork 'andles" (today only).

6
0

That one phone the FBI wanted unlocked? Here are 63 more, says ACLU

gerdesj
Silver badge

Re: Involuntary servitude

"What you totally missed was section 1 which is the basis of their defense "

Admittedly I paraphrased Section 1 "It seems to be granting rights to everyone who is born or naturalized in the US" (my words)

I still don't get it and that smarter person unfortunately hasn't turned up.

0
0
gerdesj
Silver badge

Re: Involuntary servitude

"Maybe, you should have referenced the correct amendment in the first place, you know the Fourth Amendment that covers "Unreasonable search and seizure"? That's the applicable text."

Read the bloody article. Apple raised a defence based on the Fourteenth. I was simply asking how does it apply.

1
0
gerdesj
Silver badge

Re: Involuntary servitude

"FYI, it's 'Native American', not Indian, you silly Brit wogs..."

I quoted the original

2
0
gerdesj
Silver badge
Boffin

Re: Involuntary servitude

"Apple's 14th amendment defence really doesn't seem so silly now."

I'm not a US citizen what with being British and am a little hard of hearing wrt US Constitution Amendments.

So, I thought I'd read it here (always good to get to the source): https://memory.loc.gov/cgi-bin/ampage?collId=llsl&fileName=014/llsl014.db&recNum=389 . It seems to be granting rights to everyone who is born or naturalized in the US (who isn't a untaxed Indian.) IOW it seems to ensure that anyone who is a US citizen or born in the territory of the US (apart from untaxed Indians) is to be treated as citizen and should enjoy the same rights.

Article XIV also ensures that the States or any State shall be liable for any costs due to the loss or emancipation of any slave. So that's all right then: you don't want to have to pay for freeing slaves.

Am I off track here somewhere? What does this have to do with cracking (i)Phones?

I really don't know what I'm on about here but I got to the above link via https://www.loc.gov/rr/program/bib/ourdocs/14thamendment.html which seems authoritative

5
1

Got a Toshiba laptop? Get it off your lap, then read this recall notice

gerdesj
Silver badge
Flame

Didn't bother with the app

I some how doubt that the "convenient" app would run on a Gentoo Linux install and I can't be arsed to compile up Wine to see if it would. Had to take quite a few piccies of instructions and serial and product numbers and I am now reassured that mine is OK.

Mind you, would I be able to tell the difference between the heat from the usual compilathon and the battery going up in flames? Libre Office compiles seem to come close to melting my trousers.

1
0

Teen tricks leaky Valve into publishing hot new Steam game: Watching Paint Dry

gerdesj
Silver badge

Re: The original was better

"Hover Bovver" - thanks a lot. I now have a SID chip bleeping out the music in my ear and a spritely dog whizzing around my mind.

1
0

X-ray scanners, CCTV cams, hefty machinery ... let's play: VNC Roulette!

gerdesj
Silver badge
Childcatcher

Holy shit

There's an awful lot of SCADA systems left open to world + dog. I've just seen what looks like a building climate control system on VNC Roulette.

... and I've just seen a Spanish banking system ...

3
0

Confused by crypto? Here's what that password hashing stuff means in English

gerdesj
Silver badge

Re: Chrome's "Pinning" doesn't appear to work

Not sure what version of Chrome you use but for me (Chrome 49+) Google "breaks" at one customer site because they MitM via a "transparent" proxy. These SSL deal breakers are arguably valid in a school for the kids only but legally suspect in a business IMNSHO.

I once pointed out to someone in a NHS hospital that their WiFi had a MitM proxy and that hence they would be advised not to use it for online banking. Strangely enough a proper(ish) warning appears now when you connect.

I use an OpenVPN through the proxy back to base. Their logs must look hilarious and the content checkers must have fun looking at gibberish. A funky L7 filter could block my VPN but it will hard fail safely unless the server cert checks out properly. I'll just use my mobile instead via tethering.

2
0

Met plod commissioner: Fraud victims should not be refunded by banks

gerdesj
Silver badge

Re: Tar everyone with the same brush

"And did I say you should get out more :-)"

You might have mentioned it at one point. Still, it's the day job and I generally test stuff out at home before letting it loose at work. Wife Acceptance Factor >= corporate change control if you see what I mean.

I was hammered by a Chinese IP address a couple of days ago for an hour and a half using the Jsky scanner.

I had a similar experience which prompted me to fix up log rotation, log dropping and monitoring in general *sigh*

0
0
gerdesj
Silver badge
Childcatcher

Tar everyone with the same brush

"Personally, on my system I’ve got a propriety security software and I got an update a few months ago and it sat there for months, I didn’t quite get round to it."

So he's a knob end who can't be arsed to update his (Apple/MS?) software, and has an anecdote to prove his thesis.

Me: I run Linux/BSD end to end at home with multiple VLANs and a firewall policy that is way stricter than most "enterprise" systems I look after. It's also monitored. Properly. I'm an IT consultant by trade. I patch my home systems as often as is wife acceptable, and I clothe myself in tin foil. I'm under no illusions that despite the fact that my home IT security is pretty much as good as is reasonably possible, mistakes can and will inevitably happen. Yes, I have done a risk assessment. Yes, I am a bit obsessed. Yes, I probably should get out more.

So given *my* anecdote, do I get to be upset when I do something stupid and click on a link in an email and lose money? Where does my responsibility stop and his start? At what point does my bank take responsibility for stupidity? Should I really take up their offer of free AV software to provide complete protection online.

I don't know and I want to know: Who is responsible for what in a world where nearly anyone in that world can virtually knock on my metaphorical front door with a massive cyber door-twatter?

21
0

Govt: Citizens, we know you want 10Mbps. This is the last broadband scheme for that

gerdesj
Silver badge

Pity BT

How on earth is a very densely populated, small, and very rich country supposed to achieve the dizzy heights of 2Mbs-1 intertubes?

1
0

Researchers find hole in SIP, Apple’s newest protection feature

gerdesj
Silver badge

Where's the logo?

As pointed out above "SIP" is a VoIP protocol.

Now where is the silly logo, daft name and website?

0
0

Clear April 12: Windows, Samba to splat curious 'crucial' Badlock bug

gerdesj
Silver badge
Childcatcher

"Solaris 11 has its own implementation as well.

And don't forget all the storage array and appliance manufacturers that use Samba in their products. It's probably going to take a while to get upgrades for them and then get those applied!"

Many of the older home grade NAS devices will probably never have patches released.

5
0

Michigan shooter says 'mind controlling' Uber app told him to kill

gerdesj
Silver badge

Re: Typical narrative in the US

White guy on shooting rampage: he's got mental health issues

Black guy on shooting rampage: he's a criminal involved in gangs and drugs

Brown guy on shooting rampage: he's a terrorist

Not saying this guy isn't crazy, but similar statements by a black man would never be reported, instead we'd hear about an arrest for pot when he was 19 and the implication would be that he's involved in drugs or gangs. Or if he was Muslim, we'd read about a Facebook or Twitter post where he criticized the US government.

You could always ditch guns as a way of life as we right pondians have...

Following Islam or any other religion is a fundamental human right and as a confirmed Christian (but ill advised) I will fight tooth and nail to that effect.

1
0

Oracle made slightly less money last quarter, and America is to blame

gerdesj
Silver badge

Re: Constant currency this, constant currency that

"Anonymous and bitter for obvious reasons."

Not all companies work that way. Sure, a big firm generally gets you into big customers and systems (and potentially big salaries) but funnily enough some smaller companies can also do the same. There are some smaller firms that punch way above their weight. All you have to do is find them.

1
0

Posh frockers Lord & Taylor spanked after Instagram fillies shocker

gerdesj
Silver badge

"For $4k, what the hell I'll wear a frock for a photo.

Will borrow some lipstick even...

After that well it's just a jump to the left and a step to the right ?"

Dr Scott, Jad, Branett. You have no right to make me giggle uncontrollably and misspell people's names. You'll need the mind bleach if I reminisce any further here.

3
0

You say I mustn’t write down my password? Let me make a note of that

gerdesj
Silver badge

Re: Who can blame them?

"Problem is, some of these types are ABOVE you."

My job title is "Managing Director" - your's?

0
0
gerdesj
Silver badge

Re: It's simple really

>"I simply login as root on a terminal..."

>@gerdesj: does that not simply move up one step to the security of your root password? Root can (presumably) access your home drive.

>The Tramp: I'm just a clueless end user

You are absolutely correct, which was the point of my silly comment. It's hard to pitch a pretty nerdy "joke" at all levels. No need for the tramp or the self flagellation (you must be a Brit - me too!)

Mind you, my password scheme is a pretty good one, if there was a safe way of generating the hash and easily and securely getting it to the password prompt. In effect a hash of a hash of a string of characters. If you can make the transmission channel secure then the initial password could be pretty simple because a cracker would have to face the first hash as the password they have to crack and not the actual generating password. For example:

$ echo a | sha1sum

3f786850e387550fdab836ed7e6dc881de23001b

$ echo 3f786850e387550fdab836ed7e6dc881de23001b | md5sum

27f5765ef14682472b0bc02251a47381

Now it doesn't exactly trip off the tongue but a password of "a" has generated a stupidly hard to guess "password". You could use any hashing function and you could cut the result at n characters in the first step and get a completely different result in the second. Those features are in effect your password and possibly easier to remember than batteryhorsemanagedtoavoidbecomingglueatbechersbrookbolted.

0
0

Millions menaced as ransomware-smuggling ads pollute top websites

gerdesj
Silver badge

Re: Anybody have...

"Except I use 0.0.0.0 instead of 127.0.0.1"

Judging by at least one response to your post the sarcasm/Fe (y) detectors are down in some parts of the world.

For best effect though, stop messing with a text file and use your firewall properly. Remember the kids could start using IP addresses directly thus bypassing your hosts file. A rule along the lines of (translate as required for your OS) src:0.0.0.0 dst:0.0.0.0 iface: all proto:all policy:reject should do the trick. Don't forget IPv6 as well. The policy:reject will avoid any nasty lockups and smooth the user experience.

1
0
gerdesj
Silver badge

Re: Not only that...

+1 for Privacy Badger. It is an eye opener. I have to say I don't generally frequent the sort of sites that get your high score of 200 but some sites are horrendous.

3
1

Page:

Forums