* Posts by streaky

680 posts • joined 5 Jul 2010

Page:

What are cellphone networks blabbing about you to the Feds? A US senator wants to know

streaky
Bronze badge

Re: Should be simple enough

It is simple, "all of it" is the answer.

1
0

UK data watchdog: Massive fines won't keep data safe

streaky
Bronze badge

Re: In other words...

Fines are never the answer

They're not the answer but if they're big enough and often enough they might be enough to prevent people cutting corners short term. What I'm saying is they're not going to suddenly secure every system in the country but they might help drive investment in competent persons and stem the security brain drain and outsourcing.

0
0

Backpage child sex trafficking lawsuit nixed thanks to 'internet freedoms'

streaky
Bronze badge

Re: Love that last paragraph

this is a perfect example of where an entity is liable for their negligence in allowing these ads by crims for illegal behavior to be posted

Comment so egregious I don't even know where to start. Prosecuting x for the behaviour of y is the beginning of the end, and what's more you know this.

12
0

Mobile spyware firm mSpy hacked, clients doxxed on dark web

streaky
Bronze badge

Re: Trey Ford of Metasploit maker, Rapid7 is like the pot calling the kettle...

In what way is it questionable to watch how your kids are abusing your computer?

Devil's advocate: probably because spyware isn't a good replacement for a babysitter. If your kids aren't able to deal with technology for age-related reasons they probably shouldn't be using that technology unsupervised.

As for employer/employee relationships, people need to get a grip and not work for companies that do that.

0
0

Airplane HACK PANIC! Hold on, it's surely a STORM in a TEACUP

streaky
Bronze badge

Re: Old news

I feel that Boeing and Airbus are doing everything they can to cover the situation without fixing the issue

I'd lean towards agreeing with you, there's something about this story that doesn't add up. Either safety critical systems can be compromised this way, or they can not. The end.

I believe that flight MH370 was compromised in this fashion and is a reason why the investigations are being hidden

And then off the deep end. You have to find an aircraft before you can investigate what caused it to crash. It wasn't aliens, it wasn't Bin Laden. Shit disappears, it's a big ocean, relax before you have a stroke.

7
0

IN YOUR FACE, Linux and Apple fans! Oculus is Windows-only for now

streaky
Bronze badge

Smug Rating 11/10

Windows users shouldn't get too smug, however. Binstock warned that a devoted rig was needed to run the Oculus at the kind of frame rates required to get a smooth experience, and that no current laptop can handle it. Instead, you'll need a high-end graphics card and a fast processor.

Given this is a gaming device first/foremost (and I understand it'll be used for other things) - that's going to be true regardless. Speaking as a 4K gamer this is no problem.

Think we're in a position to be smug here.

2
1

Get paid (airline) peanuts with United's new bug bounty program

streaky
Bronze badge

Re: Don't knock it

I'd take air miles, the problem is the requirement of having flown with them before...

Edit: apparently you can just sign up.. http://www.united.com/web/en-US/apps/account/enroll.aspx

0
0

So what would the economic effect of leaving the EU be?

streaky
Bronze badge

what's the impact if we ban/deport immigrants

Very few people are suggesting that immigration stops. The key here is rather than having to support low-hanging-fruit (and it does exist) we can import more stuff from the top of the tree. Immigration might be the same as it is now, but you'd hope to go out and attract more talent.

Not for nothing the idea that all sorts of generic movement/trade barriers would go up is absurd - at the same time we can do things like go for easier to negotiate free trade agreements with the US/China et al that are less comprehensive and not have the trade barriers to - for example - buying cheap solar panels from China instead of having to overpay for them from Germany.

6
3

HP lifts lid on Autonomy lawsuit claims, but Lynch cries BOLLOCKS

streaky
Bronze badge

Re: "the SFO gave up"

Are YOU serious?

To once again quote Mr Worstal, where there's Autonomy, there's a whiff. Nothing solid (yet), but having SFO staff investigate Autonomy business practices is a bit like having ex-policemen investigate complaints against the police. IE overall it's unlikely to be convincing, even if they come up with the right answer. Justice has to be *seen* to be done.

You still haven't explained where the conflict of interest is here. If the SFO is going to lean either way it's going to be towards HP's views given who is in control of the software in question.

It's easy to heckle and lob abuse from the AC cheap seats, you're just doing exactly what HP is doing, making accusations with nothing backing them up.

Also by the way - justice being seen to be done, are you seriously suggesting that Autonomy's former management should be prosecuted just because they're people in a position of profile and it'll make you feel better despite, ostensibly, doing nothing wrong?

Per the SFO, and I see zero issue with what they say:

The SFO uses an HP Autonomy product. Throughout the investigation we have kept the potential for conflict of interest under review. Such a conflict of interest does not exist, nor has it ever existed, and the matter played no part in any decision concerning this investigation.

It is, in fact, a HUGE leap to say the SFO will lean towards the people who are no longer involved with the business. It's just absurd - and even if it wasn't they're not the only people looking into the case regardless.

0
0
streaky
Bronze badge

Re: "the SFO gave up"

SFO were an Autonomy user; what was their relationship with Autonomy?

They use Autonomy so aren't in a position to investigate former autonomy management because why, HP will change their licensing terms? You srs?

They said they had insufficient evidence for some of the allegations

Operation lets try to disprove a negative. God exists and you can't prove he doesn't, so therefore you're wrong. Lalalalala I'm not listening.

A lot of AC's mouthing off about things they clearly don't understand. Also for the record: Enron is precisely why accounting rules are tougher these days: and in fact the problem with Enron's accounts was simply this - their accountants were heavily invested in the business, and none of the relevant regulators (or indeed Enron's other investors) (apparently) picked this up until after the fact.

0
0

iPhone case uses phone's OWN SIGNAL to charge it (forever, presumably)

streaky
Bronze badge

Uhhmmmm..

30%.

The phone's entire radio usage probably doesn't use 30% of its battery life, if you pile on inefficiencies and losses, I can't imagine how you get to 30% eating all the energy from radio emissions - and you need some of that energy to get out regardless, else your phone won't communicate with anything.

To get to 30% you have to be claiming you're getting energy from nothing, surely?

Edit - just been reading engadget's article that fawns all over this thing:

The harvesting antenna and DC power-converting rectifier circuit

It's those bomb detectors in Iraq all over again.

Dr. Lee's reputation as the former chair of Ohio State's Electrical and Computer Engineering gives this seemingly kooky outfit some much-needed credibility

What reputation exactly. I see no credibility anywhere.

22
1

Mozilla to whack HTTP sites with feature-ban stick

streaky
Bronze badge

Re: Action. Counteraction.

unless they come from Google

Faulty assertion made on the assumption that Google isn't going to change their certs. Protip: they are.

1
2
streaky
Bronze badge

Re: why, why, why... what is the point?

Simply: because your ebay searches being encrypted makes your bank transactions more secure.

Also not for nothing but what you read on BBC news, what (and that/where) you buy at Tesco and what cars you're looking at can build a geographical, psychological and (frankly) political profile of you - and also be used by criminals to figure out when you've buggered off out to do your shopping, or target whatever car you're buying for theft.

And last but not least there's not good reason not to encrypt all your data. You say why - I say why the hell not, it's a zero-cost solution to a pervasive problem. It doesn't have to be governments, but they can be part of the problem. Just accept crypto into your heart and get back on with your life.

5
4

Microsoft HoloLens or Hollow Lens? El Reg stares down cyber-specs' code

streaky
Bronze badge

Re: Clever engineering

I thought the discussion of FOV was a bit cheeky of 'reg actually - they know full well it's a dev product, and increasing the coverage is just a question (most likely) of fab which I'm sure they're thinking about. Can't see how they will let a product crash into a wall just for that.

Some people won't make the connection is why the article bothers me a bit. Truth be told I'm not even sure the reg hack concerned did given what was said.

3
4
streaky
Bronze badge

Re: linux, FOSS drivers, API

Missing a fundamental point here - it will be, at the end of the day, running windows internally. If you can write code targeting windows .net then I'd imagine the simple answer is "yes", and that includes developers working with Linux and OSX - the key is you're still building for a windows target, you're just using "some other other OS" to write code for it. Unless somebody fancies reverse engineering it, tying it to GPL and all the patents that will underlying it and not get the wrath of either Stallman or Microsoft's legal team.

4
0

SHA-1 crypto hash retirement fraught with problems

streaky
Bronze badge

Re: Fundamental Flaws..

So nothing to see here, move along.

Either way the point is server maintainers shouldn't find shits to give.

0
0
streaky
Bronze badge

Fundamental Flaws..

Firstly, Google could easily fix the Android problem. We should just get that out the way.

Second, the XP usage numbers are pure FUD, there's no hard data backing them up, they're based on things like UA analyses rather than doing some sort of census - UA can be manipulated (and extremely commonly they are) so the extent that it's true is wildly exaggerated.

Now - even if these two data points are valid there's a third problem at play. Should the general well-being be put at risk because some people don't fancy chucking their ~14 year old OS away? About a year ago before all this sha1 weakness stuff happened I stated in reg comments that the XP crypto stack is completely broken for reasons otherwise (and I got about a million downvotes despite being, y'know, right), compounded the state of it is putting other users of networks directly at risk by having to keep stuff around we know is broken.

There's only one solution to this: that we kill all this crappy old support. XP users might then start getting the message that their OS shouldn't be connected to the internet.

1
5

Apple Watch HATES tattoos: Inky pink sinks rinky-dink sensor

streaky
Bronze badge

Re: Hardly a bug, is it...

If people who get tattoos and buy Apple watches are plonkers squared, what are they if they are also men wearing said watch on right wrist? Plonkers cubed!

0
0

PICTURE-TASTIC: Microsoft woos devs to HoloLens virtuo-goggs

streaky
Bronze badge

Re: Oh Please! This is worse than 3D TV

not really 3D

Remind me how you perceive 3d objects in 4d space with your 2d vision again. Oh, that. What IS 3d? How do you define real, as Morpheus would say. It looks 3d, the rest is bullshit and people trying to look smarter than they actually are.

3
0

Quid-A-Day veteran fuelled by vastly improved nosh stash

streaky
Bronze badge

Living on..

I don't think many people doubt one can survive on a quid a day, the fundamental question is if a person (in the UK) can live on a quid a day as a functioning member of society. It's easy to do this nonsense for a week, but after month two you're going to be a the doctor's all bunged up and with rickets. Anybody looking at the amassed array of food should be able to figure this out.

1
1

Acer introduces a REVOLUTION in tablet tech: The PENCIL

streaky
Bronze badge

I'd just rather go active/capacitive on principle. If you need this you probably already have and this is likely to be the fatal error with this device - at least give it a proper stylus rather than suggesting people use pencils..

0
0

Millions of voters are missing: It’s another #GovtDigiShambles

streaky
Bronze badge

Re: The cynical part of me...

What a bizarre view of the world.

It's not a wildly unreasonable assertion. Who is going to come out worst from a system that relies on internet-based individual registration that requires some form of id, hint: they're not rich and living in Kensington and they're not very likely to vote Tory anyway. If there's a huge hole in support for non-Tory candidates where there shouldn't be one because people are being turned away at poll stations candidates in the final election tally there's a fair chance of the courts nullifying the outcome, and that's going to be extraordinarily expensive.

Personally speaking I make sure my credit report is correct and I have a recent passport so my registration went through very quickly but the holes in the thing are glaringly obvious.

1
0

Windows 10 Device Guard: Microsoft's effort to keep malware off PCs

streaky
Bronze badge

Re: As much as an MS fanboi that i am,

It does somewhat rely on the HV itself being secure, which they commonly aren't. I'd suspect all that's really happening is a raising of the competency barrier required to insert malicious code into the kernel - which might not actually be a bad thing, what's probably at question is the extent to which it's actually a good thing, or rather how competent it is.

2
0

The data centre design that lets you cool down – and save electrons

streaky
Bronze badge

you can't identify just the hot bits

Get about a million 1-wire temp probes (these cost next to nothing), some wire, and put one at the top of every single rack, or maybe even a bunch per rack, write some software to output csv, make a map.

Easy identification of the hot bits, maybe even write some code to control the output of your coolers. DS18B20's are about 5 quid for 5 on ebay right now, that's a zero cost operation for the money you could save in energy use and potentially shortening server life if they're your servers.

1
0

Transparency thrust sees Met police buying up to 30,000 bodycams

streaky
Bronze badge

Re: I've never known the police get uppity...

Police aren't the problem in my experience, it's usually private security who don't know what the fk they're talking about. I do a lot of photography around Canary Wharf and in London. Police show up you generally tell them to tell them to do one and they oblige.

And trust me I have plenty of photos of the police, for example the one on the header of my twitter profile. They've never asked me not to once nor used threatening behaviour.

0
0
streaky
Bronze badge

I've never known the police get uppity about being filmed/photographed. Sometimes about what they're near but not themselves.

It's all evidence regardless, always remember that if they ask you to delete things..

0
2
streaky
Bronze badge

Re: More Crimes, Just what "we" need!

Stored forever - in the case new offences are created

I'd just like to draw your attention to this.

6
0

Lack of secure protocol puts US whistleblowers at risk, says ACLU

streaky
Bronze badge

Re: startls

The problem I was told was that it if the TLS negotiation fails it can fall back to unencrypted silently so you think that your protected but aren't

Depends how clients/servers are configured. Indeed the STARTTLS RFC explicitly states that it shouldn't fail silently. Real world however..

0
0
streaky
Bronze badge

HTTPS-Only

There are a growing number of parties suggesting the complete deprecation of HTTP and transition to a web entirely based upon HTTPS

It's called HTTP/2. Before some smarty-pants corrects me I'd like to point out despite the spec there are reference browsers that will not support non-tls thereby HTTP/2 is de facto always-on HTTPS.

Job done.

0
2

What's Meg Whitman fussing over: The fate of HP ... or the font on a DISRUPTIVE new logo?

streaky
Bronze badge

Microsoft

Looks like one of their old uns.

0
0

Microsoft's top legal eagle: US cannot ignore foreign privacy laws

streaky
Bronze badge

Re: turn it round ...

The idea that Kelly was a target but other people weren't/aren't is pretty silly. I don't think I can underline this enough.

0
2
streaky
Bronze badge

Re: turn it round ...

Nice angry rant.

Political/legal case for invading Iraq wasn't based solely on one specific document. Either way Kelly had already spilled his guts as you are perfectly aware.

Using a lot of "don't know what you're talking about" for somebody making claims on the legality of something which hasn't even been challenged anywhere. If the govt is going to bump people off for leaking things even of minor value Snowden, Greenwald, Assange and many other people (earlier example from before Kelly so we can't pretend it's stopped now: David Shayler) would be dead. These people are extremely easy to get at. The stuff Kelly talked about isn't worth killing him over, anybody arguing it is.. well, they're remarkably naive. It wasn't even the government's entire case for the invasion of Iraq, but on the offchance (again, hypothetically) it was, it doesn't mean it's some sort of threat to government, in fact it didn't even cause Tony Blair personal embarrassment - he won a third term 2 years later.

As for making a case against Russia, the case makes itself. They put people they don't like in jail, often they kill them, the end. Don't ask me ask Amnesty.

Because you're personally angry doesn't actually make anything you say objectively true. I'm quite aware of who David Kelly was - I'm pointing out that he wasn't nor could be any sort of legal or existential threat to the government of the time. Nothing about what he said or could have known at the time has been that because much more than what he knew then has come out. Or put another way; killing him would be a huge waste of time. Everything he knew was his opinion of a) Iraq and b) The Dossier - and any 3 year old could frame it that way. Shit - I just did.

0
2
streaky
Bronze badge

Re: turn it round ...

The idea that Kelly was murdered is frankly pretty absurd. Here's a guy with very loose connections to the Iraq thing with no real voice (literally) - who didn't like being force-fed into the limelight. If the assumption is the government goes around arbitrarily killing people who simply criticise it and share not secrets about anything they have bigger fish to fry.

There's been an absurd waste of taxpayer funds over the whole affair; not for nothing but even on the chance it was true and not completely absurd - at least they're not using the assassination of one political adversary to frame more political adversaries and even if they were the questions are at least being asked - again, unlike in Russia.

0
2
streaky
Bronze badge

Re: turn it round ...

Says the great expert on those two countries.

They can't even frame people for assassinating Putin's political adversaries right. You don't need to be an expert to see Russia's entire legal system is top-to-bottom batshit. A lot of western countries have problems, some of them fairly serious - but nothing on that scale.

0
3
streaky
Bronze badge

Re: @x 7

Why are we pretending the Irish government would ever bill any US multinational either tax or fines - for the sake of those 500 people who work for them. Not that I'd ever suggest any of that was related to the reason the Irish economy collapsed. Noooo...

0
0
streaky
Bronze badge

Re: What an insult

So you're saying they should just hand over the data?

5
0
streaky
Bronze badge

Re: turn it round ...

You're not turning around properly. There's no rule of law in China or Russia, you have to suggest somewhere with a functioning legal system else it looks a bit batshit - Russian company would just hand over the data for fear of being Putin's next target, there'd be no discussion over it.

1
8

China weaponizes its Great Firewall into the GREAT FIRE CANNON, menaces entire globe

streaky
Bronze badge

Re: So, what now?

What next, do we need anti-malware in our web browsers now?

HTTP/2? Don't bitch about the always-on crypto and we'll be fine. Call your elected representation and try to get them to push BCP-38 or similar as a chunk of extraterritorial law (this is gonna work best if you're in the US).

We need to detect such traffic & send it back to the website of the ministry that runs the great firewall

a) Github figured it out pretty because they started injecting their own JS into pages as I recall.

b) I prefer redirecting people to meatspin (pls don't google that if you don't know what it is) who are up to shady stuff on my servers, more effective than taking down some Chinese propaganda BS.

Edit: derp, merge..

2
0
streaky
Bronze badge

Has there actually been any "formal declaration of war" since 1939?

Probably not, lost art of calligraphy and whatnot. How does one even define a declaration of war? Missiles shot out of SSBNs is the standard clue these days - why would you give your enemy a chance to set up defences, move forces, shred documents, hide in a cave and whatnot?

There's at least 3 wars going on between major/superpowers right now today, just because they haven't been declared doesn't mean there isn't war.

2
0

Snowden didn't scare many out of US clouds says Forrester

streaky
Bronze badge

Re: too much churn yet

The OS needs to access the data. The OS can't run encrypted operations through the CPU. If somebody is ordered to give say, hypothetically, the NSA (and this is what we're really talking about here) physical access to the HV or frankly, just any sort of access - there's zero things stopping them injecting processes directly into the memory of the VM and stripping data out.

Any security relationships between you, the VM and the keys are irrelevant in that case. And as I said that sort of level of "compromise" is what concerns people when you talk about handing data over to Microsoft. It won't stop it so it won't affect the thinking.

It might be useful purely for storage of data but it's useless when you're talking about doing things with data which is what most people are using cloudy server hosting for in the first place.

0
0
streaky
Bronze badge

Re: too much churn yet

I would hope quite a lot of security, auditing and alerting.

Not if the owner is allowing it based on a court order. Which is the point - that crypto is supposed to be there to stop you worrying about such things and tempt you to buy Azure CPU time, it's a chocolate teapot in reality.

However if they went to those sort of lengths then they might as well just hack your office PC as probably a much simpler way of getting at the data...

No because it's actually useful if you control the physical access to the system. You'd hardware crypt the HV and restrict access and it'd do things.. Though obviously if the thing itself is compromised remotely yes you're screwed, but it's not as easy. Physical access is king in tech security though.

Also it aint that difficult.

0
1
streaky
Bronze badge

Re: too much churn yet

Just encrypt your data and keep your keys out of US reach

What exactly is there to stop the hypervisor injecting a process into the VM's memory to make the VM copy data decrypted off the disk. Hint: it rhymes with hero.

Speaking of rhymes.. Thales rhymes with..

0
1
streaky
Bronze badge

Re: too much churn yet

8% is the final number of these and those - it's still a pretty significant figure. Doing it as a UK business isn't majorly useful though.

I imagine most people concerned by it realise that the spooks have their grubby mitts into everything so the question becomes "but where do you go?".

2
2

Google sticks anti-SQL injection vaccine into MySQL MariaDB fork

streaky
Bronze badge

????

Uhm, SQL injection is easy to avoid and should always be dealt with at source, namely the application. I'm lost, Google are lost, the world is messed up.

0
2

Bored with Blighty? Relocation lessons for the data centre jetset

streaky
Bronze badge

Uhm.. Nonsense

Power provision is archaic, too: spikes and drops are common, particularly during major events like the Olympics and the Golden Jubilee.

Really now? When, where, how long? Where's the data? The UK's power grid is generally considered world-beating. The whole nuclear replacement issue is a joke and the renewables future strike prices are utterly absurd - but generally speaking it's rock solid. I can tell you the stories of the guys I know who work in a New York data center who were hit by a huricane - basement was under water, gens were literally on fire and they couldn't get fuel in and the connectivity was sporadic. I have a photo from their Chicago office's whiteboard where they used Zots (the Sim City graphics) to explain the situation. This has never ever happened in London.

Transport is another issue, with data centre operator Interxion installing sleeping pods on the co-location floor during London 2012 to provide staff availability and ensure travel disruption didn't translate into service distruption for its customers.

Transport in London isn't any sort of issue. The Olympic thing never materialised, those of us who live in London will tell you there were way less people than normal and in any event there's generally multiple ways to get to things. Nobody actually builds DCs right in the centre of London and there's plenty of cheap land around and dark fibre and it's not too expensive to have your own cable runs put in.

The fact that London is a major DC hub is the clue that the argument is nonsense. London has it's issues but it's generally a safe place to be and even major events like riots and Olympics (which are one in 50 year events anyway) haven't managed to cause any major disruption. Even when London has been hit by terrorists things have got back to normal PDQ.

1
0

A MILLION Chrome users' data was sent to ONE dodgy IP address

streaky
Bronze badge

Discovered

This extension's don't give a shit attitude to privacy and malware has been known about for well over a year. Interesting they claimed they'd discovered it :p

2
0

Nuclear waste spill: How a pro-organic push sparked $240m blunder

streaky
Bronze badge

Re: Organic cat litter

that the desiccants in cat latter are bad for both your cat and you

That and it all contains silicon dioxide which as well as being carcinogenic (i.e. it causes cancer) it's generally pretty nasty for your lungs (silicosis). Might not be too bad for crazy cat lady but it's potentially pretty nasty for the people who have to work with it (occupationally, as in, make it), I did once have to work with it in it's pure form and you have to take a lot of precautions.

1
5

Page:

Forums