* Posts by streaky

659 posts • joined 5 Jul 2010

Page:

Millions of voters are missing: It’s another #GovtDigiShambles

streaky
Bronze badge

Re: The cynical part of me...

What a bizarre view of the world.

It's not a wildly unreasonable assertion. Who is going to come out worst from a system that relies on internet-based individual registration that requires some form of id, hint: they're not rich and living in Kensington and they're not very likely to vote Tory anyway. If there's a huge hole in support for non-Tory candidates where there shouldn't be one because people are being turned away at poll stations candidates in the final election tally there's a fair chance of the courts nullifying the outcome, and that's going to be extraordinarily expensive.

Personally speaking I make sure my credit report is correct and I have a recent passport so my registration went through very quickly but the holes in the thing are glaringly obvious.

1
0

Windows 10 Device Guard: Microsoft's effort to keep malware off PCs

streaky
Bronze badge

Re: As much as an MS fanboi that i am,

It does somewhat rely on the HV itself being secure, which they commonly aren't. I'd suspect all that's really happening is a raising of the competency barrier required to insert malicious code into the kernel - which might not actually be a bad thing, what's probably at question is the extent to which it's actually a good thing, or rather how competent it is.

2
0

The data centre design that lets you cool down – and save electrons

streaky
Bronze badge

you can't identify just the hot bits

Get about a million 1-wire temp probes (these cost next to nothing), some wire, and put one at the top of every single rack, or maybe even a bunch per rack, write some software to output csv, make a map.

Easy identification of the hot bits, maybe even write some code to control the output of your coolers. DS18B20's are about 5 quid for 5 on ebay right now, that's a zero cost operation for the money you could save in energy use and potentially shortening server life if they're your servers.

1
0

Transparency thrust sees Met police buying up to 30,000 bodycams

streaky
Bronze badge

Re: I've never known the police get uppity...

Police aren't the problem in my experience, it's usually private security who don't know what the fk they're talking about. I do a lot of photography around Canary Wharf and in London. Police show up you generally tell them to tell them to do one and they oblige.

And trust me I have plenty of photos of the police, for example the one on the header of my twitter profile. They've never asked me not to once nor used threatening behaviour.

0
0
streaky
Bronze badge

I've never known the police get uppity about being filmed/photographed. Sometimes about what they're near but not themselves.

It's all evidence regardless, always remember that if they ask you to delete things..

0
2
streaky
Bronze badge

Re: More Crimes, Just what "we" need!

Stored forever - in the case new offences are created

I'd just like to draw your attention to this.

6
0

Lack of secure protocol puts US whistleblowers at risk, says ACLU

streaky
Bronze badge

Re: startls

The problem I was told was that it if the TLS negotiation fails it can fall back to unencrypted silently so you think that your protected but aren't

Depends how clients/servers are configured. Indeed the STARTTLS RFC explicitly states that it shouldn't fail silently. Real world however..

0
0
streaky
Bronze badge

HTTPS-Only

There are a growing number of parties suggesting the complete deprecation of HTTP and transition to a web entirely based upon HTTPS

It's called HTTP/2. Before some smarty-pants corrects me I'd like to point out despite the spec there are reference browsers that will not support non-tls thereby HTTP/2 is de facto always-on HTTPS.

Job done.

0
2

What's Meg Whitman fussing over: The fate of HP ... or the font on a DISRUPTIVE new logo?

streaky
Bronze badge

Microsoft

Looks like one of their old uns.

0
0

Microsoft's top legal eagle: US cannot ignore foreign privacy laws

streaky
Bronze badge

Re: turn it round ...

The idea that Kelly was a target but other people weren't/aren't is pretty silly. I don't think I can underline this enough.

0
2
streaky
Bronze badge

Re: turn it round ...

Nice angry rant.

Political/legal case for invading Iraq wasn't based solely on one specific document. Either way Kelly had already spilled his guts as you are perfectly aware.

Using a lot of "don't know what you're talking about" for somebody making claims on the legality of something which hasn't even been challenged anywhere. If the govt is going to bump people off for leaking things even of minor value Snowden, Greenwald, Assange and many other people (earlier example from before Kelly so we can't pretend it's stopped now: David Shayler) would be dead. These people are extremely easy to get at. The stuff Kelly talked about isn't worth killing him over, anybody arguing it is.. well, they're remarkably naive. It wasn't even the government's entire case for the invasion of Iraq, but on the offchance (again, hypothetically) it was, it doesn't mean it's some sort of threat to government, in fact it didn't even cause Tony Blair personal embarrassment - he won a third term 2 years later.

As for making a case against Russia, the case makes itself. They put people they don't like in jail, often they kill them, the end. Don't ask me ask Amnesty.

Because you're personally angry doesn't actually make anything you say objectively true. I'm quite aware of who David Kelly was - I'm pointing out that he wasn't nor could be any sort of legal or existential threat to the government of the time. Nothing about what he said or could have known at the time has been that because much more than what he knew then has come out. Or put another way; killing him would be a huge waste of time. Everything he knew was his opinion of a) Iraq and b) The Dossier - and any 3 year old could frame it that way. Shit - I just did.

0
2
streaky
Bronze badge

Re: turn it round ...

The idea that Kelly was murdered is frankly pretty absurd. Here's a guy with very loose connections to the Iraq thing with no real voice (literally) - who didn't like being force-fed into the limelight. If the assumption is the government goes around arbitrarily killing people who simply criticise it and share not secrets about anything they have bigger fish to fry.

There's been an absurd waste of taxpayer funds over the whole affair; not for nothing but even on the chance it was true and not completely absurd - at least they're not using the assassination of one political adversary to frame more political adversaries and even if they were the questions are at least being asked - again, unlike in Russia.

0
2
streaky
Bronze badge

Re: turn it round ...

Says the great expert on those two countries.

They can't even frame people for assassinating Putin's political adversaries right. You don't need to be an expert to see Russia's entire legal system is top-to-bottom batshit. A lot of western countries have problems, some of them fairly serious - but nothing on that scale.

0
3
streaky
Bronze badge

Re: @x 7

Why are we pretending the Irish government would ever bill any US multinational either tax or fines - for the sake of those 500 people who work for them. Not that I'd ever suggest any of that was related to the reason the Irish economy collapsed. Noooo...

0
0
streaky
Bronze badge

Re: What an insult

So you're saying they should just hand over the data?

5
0
streaky
Bronze badge

Re: turn it round ...

You're not turning around properly. There's no rule of law in China or Russia, you have to suggest somewhere with a functioning legal system else it looks a bit batshit - Russian company would just hand over the data for fear of being Putin's next target, there'd be no discussion over it.

1
8

China weaponizes its Great Firewall into the GREAT FIRE CANNON, menaces entire globe

streaky
Bronze badge

Re: So, what now?

What next, do we need anti-malware in our web browsers now?

HTTP/2? Don't bitch about the always-on crypto and we'll be fine. Call your elected representation and try to get them to push BCP-38 or similar as a chunk of extraterritorial law (this is gonna work best if you're in the US).

We need to detect such traffic & send it back to the website of the ministry that runs the great firewall

a) Github figured it out pretty because they started injecting their own JS into pages as I recall.

b) I prefer redirecting people to meatspin (pls don't google that if you don't know what it is) who are up to shady stuff on my servers, more effective than taking down some Chinese propaganda BS.

Edit: derp, merge..

2
0
streaky
Bronze badge

Has there actually been any "formal declaration of war" since 1939?

Probably not, lost art of calligraphy and whatnot. How does one even define a declaration of war? Missiles shot out of SSBNs is the standard clue these days - why would you give your enemy a chance to set up defences, move forces, shred documents, hide in a cave and whatnot?

There's at least 3 wars going on between major/superpowers right now today, just because they haven't been declared doesn't mean there isn't war.

2
0

Snowden didn't scare many out of US clouds says Forrester

streaky
Bronze badge

Re: too much churn yet

The OS needs to access the data. The OS can't run encrypted operations through the CPU. If somebody is ordered to give say, hypothetically, the NSA (and this is what we're really talking about here) physical access to the HV or frankly, just any sort of access - there's zero things stopping them injecting processes directly into the memory of the VM and stripping data out.

Any security relationships between you, the VM and the keys are irrelevant in that case. And as I said that sort of level of "compromise" is what concerns people when you talk about handing data over to Microsoft. It won't stop it so it won't affect the thinking.

It might be useful purely for storage of data but it's useless when you're talking about doing things with data which is what most people are using cloudy server hosting for in the first place.

0
0
streaky
Bronze badge

Re: too much churn yet

I would hope quite a lot of security, auditing and alerting.

Not if the owner is allowing it based on a court order. Which is the point - that crypto is supposed to be there to stop you worrying about such things and tempt you to buy Azure CPU time, it's a chocolate teapot in reality.

However if they went to those sort of lengths then they might as well just hack your office PC as probably a much simpler way of getting at the data...

No because it's actually useful if you control the physical access to the system. You'd hardware crypt the HV and restrict access and it'd do things.. Though obviously if the thing itself is compromised remotely yes you're screwed, but it's not as easy. Physical access is king in tech security though.

Also it aint that difficult.

0
1
streaky
Bronze badge

Re: too much churn yet

Just encrypt your data and keep your keys out of US reach

What exactly is there to stop the hypervisor injecting a process into the VM's memory to make the VM copy data decrypted off the disk. Hint: it rhymes with hero.

Speaking of rhymes.. Thales rhymes with..

0
1
streaky
Bronze badge

Re: too much churn yet

8% is the final number of these and those - it's still a pretty significant figure. Doing it as a UK business isn't majorly useful though.

I imagine most people concerned by it realise that the spooks have their grubby mitts into everything so the question becomes "but where do you go?".

2
2

Google sticks anti-SQL injection vaccine into MySQL MariaDB fork

streaky
Bronze badge

????

Uhm, SQL injection is easy to avoid and should always be dealt with at source, namely the application. I'm lost, Google are lost, the world is messed up.

0
2

Bored with Blighty? Relocation lessons for the data centre jetset

streaky
Bronze badge

Uhm.. Nonsense

Power provision is archaic, too: spikes and drops are common, particularly during major events like the Olympics and the Golden Jubilee.

Really now? When, where, how long? Where's the data? The UK's power grid is generally considered world-beating. The whole nuclear replacement issue is a joke and the renewables future strike prices are utterly absurd - but generally speaking it's rock solid. I can tell you the stories of the guys I know who work in a New York data center who were hit by a huricane - basement was under water, gens were literally on fire and they couldn't get fuel in and the connectivity was sporadic. I have a photo from their Chicago office's whiteboard where they used Zots (the Sim City graphics) to explain the situation. This has never ever happened in London.

Transport is another issue, with data centre operator Interxion installing sleeping pods on the co-location floor during London 2012 to provide staff availability and ensure travel disruption didn't translate into service distruption for its customers.

Transport in London isn't any sort of issue. The Olympic thing never materialised, those of us who live in London will tell you there were way less people than normal and in any event there's generally multiple ways to get to things. Nobody actually builds DCs right in the centre of London and there's plenty of cheap land around and dark fibre and it's not too expensive to have your own cable runs put in.

The fact that London is a major DC hub is the clue that the argument is nonsense. London has it's issues but it's generally a safe place to be and even major events like riots and Olympics (which are one in 50 year events anyway) haven't managed to cause any major disruption. Even when London has been hit by terrorists things have got back to normal PDQ.

1
0

A MILLION Chrome users' data was sent to ONE dodgy IP address

streaky
Bronze badge

Discovered

This extension's don't give a shit attitude to privacy and malware has been known about for well over a year. Interesting they claimed they'd discovered it :p

2
0

Nuclear waste spill: How a pro-organic push sparked $240m blunder

streaky
Bronze badge

Re: Organic cat litter

that the desiccants in cat latter are bad for both your cat and you

That and it all contains silicon dioxide which as well as being carcinogenic (i.e. it causes cancer) it's generally pretty nasty for your lungs (silicosis). Might not be too bad for crazy cat lady but it's potentially pretty nasty for the people who have to work with it (occupationally, as in, make it), I did once have to work with it in it's pure form and you have to take a lot of precautions.

1
5
streaky
Bronze badge

Re: Fast Integral Reactor.

Moon/Sun. Never sure if people are seriously when they suggest stuff like this but on the offchance I always like to point out what happens when rockets go bang in the atmosphere. Doubt many Floridians would like highly reactive waste raining doing on their houses and half the Atlantic coast.

Also deep borehole disposal is the only way forwards.

3
0

Halifax's '24/7' online banking service is down YET AGAIN

streaky
Bronze badge

Might have something...

.. to do with their idiotic SSL/TLS config. Just guessing.

1
0

A Quid A Day for NOSH? Luxury!

streaky
Bronze badge

PPP

A lot of the argument seems to depend on an unspecified measure of it and without the caveat that it's generally the worst way to measure things. Except for all the other ways.

1
0

Ford: Our latest car gizmo will CHOKE OFF your FUEL if you're speeding

streaky
Bronze badge

Just Dangerous...

No way to safely overtake, accidents caused, the end. Good job you can turn it off because nobody who doesn't want to die overtaking some tard in his caravan doing 52 in a 60 on a single lane road causing a mile-long tailback will want this. Surprised the IAM/RAC/AA et al have nothing to say about this. Also it's well known car speedos are clocked to make you think you're going faster than you really are, as proven by anybody with GPS.

0
1

Woman caught on CCTV performing drunken BJ blew right to privacy

streaky
Bronze badge

Does sound remarkably like an OU/LZ show, I learned OOP that way when I was like 14 years old 300 years ago waking up before school..

0
0
streaky
Bronze badge

Right to privacy..

Whilst there's technically no right to privacy in a public space, using the video for commercial gain without permission from the "subject" of the video brings up all sorts of sideways legal issues probably not covered by OFCOM that could end up in civil court. Complaining to OFCOM isn't really going to get you anywhere in this case.

Also don't suck people off in front of CCTV, don't get that drunk..

4
0

Massive DDoS racks up $30,000-a-day Amazon bill for China activists

streaky
Bronze badge

Re: Chinese puzzle

as there's no obvious reason for it

Did you not read what the site does? It's fairly obvious what the reason is.

Also any DDoS that can be mitigated by "firewall tweaks" isn't really a proper DDoS.

0
2
streaky
Bronze badge

Here's Some Advice..

Smith is asking DDoS boffins to offer advice on mitigating the attacks

.. Don't rattle China's cage if you don't know what you're doing because if you did you wouldn't rattle their cage (it's all circular).

0
7

Leaked Windows 10 build hints at peer-to-peer patching

streaky
Bronze badge

Re: Update Security

Random chinese kid who downloads dodgy apps not knowing that they are actually targeting his peer to peer protocol won't be secure on any real set of measure to a multi billion dollar enterprise like M$

In the occasion that you are pushing viruses, all other users will get a piece or pieces of junk that doesn't fit with the rest of the update. The protocol itself will discard those pieces because they're nonsense, ignoring signing and overall file hashing.

I don't think Microsoft is planning on letting users push their own files to other users for other users to update with. Somebody trying to mess with the process is irrelevant as long as Microsoft isn't losing private keys they use to sign updates and also that they're still in control of the list of updates. Three things have to go very wrong all at the same time for it to be a security hazard and they're no easier than the things that have to go wrong with getting updates directly from MS.

Thinking about this a bit more - if somebody installs a root cert and screws with your dns it's actually easier to mess with than if you're getting updates from "foreign" sources because there's nothing in HTTP to defeat this, whereas in torrent-alike protocols there is; pieces are individually hashed - nonsense data won't passively migrate through a swarm.

2
0
streaky
Bronze badge

Update Security

What is it makes you think Microsoft's (or Apple's, Debian's or BSD's) update servers can't be compromised? This is why we have package signing in all it's guises.

Updating from some random Chinese user's PC shouldn't - in theory - be more dangerous than getting them from Microsoft directly.

There's ethical issues but that's the start and finish of it. Can we find grip?

11
0

The voters hate Google. Heeeeyyyy... how about a 'Google Tax'?

streaky
Bronze badge

EU Tax Law

"Quite apart from anything else, we're governed, within the EU, by EU tax law"

Whist this is technically true states can in fact create their own taxes and set their own rates.

Actually as it happens if you start from the position of it's workable and it'll be enforced (and I realise that's a huge ask with the HMRC) it actually makes a fair bit of sense.

2
2

Ban Minecraft? That's jive, Turkey!

streaky
Bronze badge

Re: YHBT

I hope this is a joke.

3
0

Bulk comms spying is not mission creep, insists UK foreign sec

streaky
Bronze badge

Re: How long ?

+1 people don't generally tend to give a toss, I can't figure out why beyond they believe the claim that we're somehow being protected - which is plainly nonsense.

2
0
streaky
Bronze badge

Is...

Trying to bring down a completely lawful public company from an allied state mission creep (last I checked we signed the Maastricht Treaty - by any basic EU legal standard we're actually attacking ourselves; and our own economic well-being in this particular case). Is stalking - and one imagines compromising the security of - employees of completely legal businesses mission creep?

Yes, no?

4
0

VMware sued, accused of ripping off Linux kernel source code

streaky
Bronze badge

Re: Case..

Actually I've changed my mind about this case - it's pretty clear there are many silly myths around the GPL that require a blow-out to fix, I may even donate so it goes ahead.

0
0
streaky
Bronze badge

Re: Case..

I appreciate the need for semantic accuracy on this topic, but my use of "entire codebase" here was intended to mean "the entire codebase (of everything that is linked to the GPL code)"

Is that the sound of all GNU/Linux's corporate benefactors/sponsors/commiters running away screaming that I can hear? Yep, that's what that'll be.

You use some GPL code that *links* non-statically to some GPLv2 code thereby all that code must be also GPLv2, and not only that - you must share it. That one must have them rolling in the aisles at OSS-Lawyer Con.

0
2
streaky
Bronze badge

Re: Case..

if you include GPL source code in your work then your entire codebase becomes subject to the GPL

No, it really doesn't.

Loving the downvotes, you're all confusing Stallman's "spirit" of the document with legal reality. If you want to donate feel free to go nuts, if they win it'll change the legal status quo. The entire GPLv3 exists is because v2 doesn't do what you think it does, and the entire reason not many projects (including the Linux kernel) don't use v3 is because nobody who is for all OSS, all the time, likes it - because it makes it extremely difficult for business to use OSS code and that doesn't help anybody.

0
1
streaky
Bronze badge

Re: Case..

He's trolling. If he had something real to say, he would say it instead of just making vague,meaningless allusions

GPL is a source code license, VMWare (by the entire case's main objective) isn't redistributing source, they're distributing binaries - things like copyright come into play in those cases - not source code licenses. As somebody who regularly licenses stuff under BSD and GPLv2 from my perspective it's fairly nonsense. If VMWare can prove some sort of linkage to the original (kernel) source the entire case goes out the window - which is precisely why they're pan-handling rather than trying to get fast injunctive relief.

I said good luck the case doesn't pass the laugh test based both on reality and that I'm going to assume VMWare's lawyers are smarter than all of us.

It's been tested in court and proven valid in the past. Just ask Cisco.

In a US court - and they were sued over API copyright. The EU and the ECJ have been repeatedly clear that API copyrights block innovation and are not enforceable, even though it doesn't apply in this case.

1
28
streaky
Bronze badge

Case..

.. Is patently (no pun intended) absurd. Open Source has real issues, legal and otherwise, be nice if ambulance chasers did something useful.

Anybody who knows anything about source code licenses could tell them the problem here.

1
61

FREAKing hell: ALL Windows versions vulnerable to SSL snoop

streaky
Bronze badge

Re: >BTW, why is Firefox the only major browser not affected?

This makes FF unsuitable for a small number of specialised web sites

There's no *reasonably* modern crypto stack (written within like the last 15 years) that requires that these cipher suites are used. Servers don't need to support them, the end. No ifs, no buts as DC would say.

4
0

Storm in a K-Cup: My SHAME over the eco-monster I created, says coffee pod inventor

streaky
Bronze badge

Re: Bah ... philistines

Saying only espresso is 'proper' coffee is like saying only Earl Grey is 'proper' tea - idiotic and snobbish.

If that's at me I didn't say espresso was proper coffee, what I said was it doesn't ruin coffee like a french press.

0
0

Page:

Forums