* Posts by Roo

1676 publicly visible posts • joined 21 Sep 2010

Intel admits Skylakes can ... ... ... freeze in the middle of work

Roo
Windows

Re: BIOS?

"It seems that the CPU makers are jumping on the same ship the OS makers have been on for years: "We push out the crap, and the customers find the bugs for free.""

Loading microcode at boot up isn't a new thing, one of the steps of booting a VAX-11/78x was loading the microcode... The microcode was even documented so you could cook up your own - and some people did. Note: VAXen weren't the only big iron boxes that loaded ucode at boot time. :)

Boozing is unsafe at ‘any level’, thunders chief UK.gov quack

Roo
Windows

"Boozing definitely isn't safe if your pints are the colour shown in that photo"

Agreed, that's a terribly vulgar way to consume vast quantities of Absinthe.

ISPs: UK.gov should pay full costs of Snooper's Charter hardware

Roo
Windows

Re: Open Government... Ha!

"Final thought: even if The Committee were to rebut my allegation convincingly, it looks as if they're engaged in news management. To what democratic purpose?""

I doubt the rules are specific to that Committee, and I can think of a few cases where submissions may hold sensitive information that should be kept private (eg; if a committee were discussing ongoing criminal investigations).

Roo
Windows

Re: Only 2 billion?

"Given the amount of false positives such a snooping program would provide, I can see the cost of investigating each one costing the taxpayer much more than that."

As it turns out the investigation bit isn't really necessary and it's sometimes bungled/subverted anyway. These day (having passed a bunch of loosely written laws over the past decade) King Hameron and Queen Theresa can simply lock you up for an fixed period of time without trial, and that detention can be extended for as long as a Judge can be whipped into signing their name on a bit of paper.

If that's too much paperwork there's always the option of sending the pleb off to another country for a lifetime of incarceration, neglect and torture. I am not even speculating, that is exactly what has been going on before the legislation to make it "kosher" was passed in the first place. Anyone who is proven innocent will have to accept it their lives were destroyed by mistake and continue their lives without so much as an apology from the folks who conspired to lock them up in the first place...

Fans demand 'Lemmium' periodic table tribute

Roo
Alert

On one hand, Bravo !

Then on the other hand what next ?

Highest bidder ?

Failed Presidential Candidates ?

How about the guys who actually built the kit that created & detected the atoms ?

GCHQ mass spying will 'cost lives in Britain,' warns ex-NSA tech chief

Roo
Windows

Re: Gosh, a voice of reason speaking to our government!

"But what GCHQ and politicians are seeking to legitimise is probably something that they have most been quietly doing anyway, so the real proof of the idea will be in what they've managed to find already."

Yup...

"But they won't be able to tell anyone if they have."

So they say - but in practice there is absolutely nothing but their own hidden motives stopping them from telling folks what they're up to. Essentially the spooks & celebutard politicians are saying "We need mass surveillance, but we can't have any oversight or take any action on the data we gather because it'll tip people off to what we're up to.", which begs the question "If they can't use the data for their stated purposes, why are they collecting it in the first place ?".

Experience has taught me that when people are not presenting a rational case, they don't have a rational case. The reason why they don't have a rational case is that they are either stupid, or hiding something. In this particular case it's clear the intent is to hide their activity and their motives because quite clearly their actions aren't matching up with their stated intent at the moment.

Upset Microsoft stashes hard drive encryption keys in OneDrive cloud?

Roo
Windows

Re: A bit flippant....

"they have told Congress they don't "collect" all sorts of info that they definitely do, because they redefine "collect" so info is not "collected" until a query displays it on someone's screen."

It's a pity the spooks are not subject to the same copyright legislation that everyone else is, it would be a LOL riot watching them explain to a Judge how copying stuff then not looking at it in return for money doesn't constitute copyright infringement.

Roo
Windows

Re: Promises...

"It's hard to stop laughing..."

I started laughing at MS's promises when they announced "Cairo". :)

Roo
Windows

Re: Ignorance is bliss

"I eagerly await the first dismissal using the "nothing to hide" straw man."

In addition to the nothing to hide bollocks, there is a problem with the spooks & cops having back doors for everything and their usage without any kind of transparency is accepted (and lawful) practice. Essentially the press, a Judge, or a Jury are expected to trust such "covertly" obtained "evidence" without question, and the defendant is unable to challenge the evidence lawfully either so anyone can be locked up or libelled by some faceless apparatchik with zero opportunity for redress. It makes it far too easy to eliminate any challenges to a corrupt or unjust system. Systems that don't have any kind of negative feedback are almost always unstable and self-destructive, so It will end badly, it's just a matter of when not if.

BBC News website takes New Year's Eve break

Roo
Windows

Re: New World Hacking test?

"I wonder why they chose the BBC? It seems "mostly harmless" to me."

To quote a quote from a BBC article on the matter "Because we can", apparently they were just testing their 1337 scripts and had a bit of trouble stopping the spam torrent (presumably because the attack took out their own control channels).

I am guessing that they think that because just a "test" and the duration was an "accident" it is OK because they are "Anti ISIS"... I wonder if the plods will be kicking their doors down at 3AM.

It's amazing the UK Parliament agreed to track 22bn Brits' car trips. Oh right – it didn't

Roo
Windows

Re: AC Of course, now we *know* this

"You may want to consider that all three are offences, plus possibly liable to a charge of interfering with a Police investigation if you are stupid enough to post your intent on a website (oh, which you did....)."

Ah, thought crime. No harm done, impossible to *prove* that any harm would have resulted, and it just so happens to be first tool that a Pratt Tyrant reaches for when they wish to hurt & criminalize the innocent.

Roo
Windows

Re: Poo Just to annoy the tin-foil attired!

"Seeing as - yet again - you have failed to post any actual argument,"

I was hoping to encourage you to defend something that you feel so passionately about, posting an argument would have been superfluous.

Roo
Windows

Re: RTFR

"Oh dear, it seems he is not only very supportive of ANPR use but also of the database!"

Asserting it is so doesn't make it so. Is that why you used the word "seems" ?

"It also seems to have been effective in all the uses cases denied earlier in the thread."

It also seems to have been just as effective at triggering fatal accidents via false positives, and giving an unaccountable bunch of folks even greater advantage over the plebs without adequate oversight to go with it.

ANPR should not need a veil of secrecy. All it should be doing is collecting observations of vehicles in public spaces and presenting that information to a finite (but small) set of people entitled to query the data. This isn't cloak & dagger stuff, if the system is genuinely useful, well run, and beneficial to the public they would flourish under public scrutiny, so why are they skulking in the shadows ?

Roo

Re: Just to annoy the tin-foil attired!

"If I were called upon to mount a legal defence of the ANPR database against claims of "privacy invasion""

That would be best possible thing you could ever do with your time. You should do it immediately.

Roo
Windows

Re: Pothead

"So, despite the fact there are no other cameras in the area, destroying your cherished paranoid view that you are being spied on,"

The cameras are spying on people, that's the whole point of them you velcro gloved numpty.

Roo
Windows

Re: Britain is a scary place these days

"It feels like the English have just given up, and it makes me sad."

Nah, we haven't given up, it's just that the Government doesn't actually represent us or act on our behalf any more, and they go to great lengths to quash dissent that doesn't suit them. On the other hand you'll find that the Newpapers, Radio, and BBC are quite happy to dedicate a ton of airtime to causes that the government is in favour of, and you'll find plenty of loud mouths like our very own Sheeple Botherer only too parrot the party line.

Essentially the UK is run for the benefit of the the UK Government apparatchiks, the voters are window dressing at best, an irritation that can be ignored at worst. The UK has become a parody of the GDR in the 70s, but with central planning eschewed in favour of multinationals determining wealth distribution and the government lacking any kind of power to effect change.

Roo
Windows

Re: AC Morality

"That is three simple "good" cases, please do try and supply three "bad" cases that aren't just conspiracy theorist wetdreams."

I can supply three names relating to three cases where the surveillance personnel were the ones enjoying the wet dreams, Mark Kennedy, Jim Boyling and Bob Lambert. The authorities failed to properly supervise or discipline any of them, and went to great lengths to shield them from scrutiny, the only reason their nefarious and abusive activities came to light is that the victims unmasked them.

Making it easier for faceless apparatchiks to stalk, abuse and harass the public 24x7 will make such abuses easier to perpetrate, and the continued lack of transparency will ensure that those abuses will remain unpunished. More incentive, continued proven to be ineffective deterrent will ensure that these incidents become more frequent - and probably more severe too.

Deterring protest is suicidal over the long run - who is going to bear the bad tidings that need to be heard to avert disaster ?

Roo
Windows

Re: "There is no statutory authority for the creation of the national ANPR database...

"1984 got one thing wrong - It's not Big Brother watching you but Big Sister is watching everything you do."

I doubt it's Big Sis, I think Nanny is still large and in charge. Judging by her track record of failing to keep Hameron's privates private and Tony and his chums from using lies to start a war she does a pretty poor job of keeping her charges in line.

Here's your Linux-booting PS4, says fail0verflow

Roo
Windows

Re: Wrong security model

"People seem to have forgotten that the reason Sony pulled the plug on PS3 Linux was because someone posted a hack of the Linux build to gain control of the console that Sony couldn't work around - so, ultimately, I don't think one can blame Sony for it, but rather the hackers."

That was 100% Sony's fault from start to finish, from the poor engineering effort to pulling the plug on a legit feature that customers paid for and wanted (granted, not all customers !).

In essence Sony is punishing their customers for their poor engineering and business model.

Post-pub nosh neckfiller: Bacon and egg sushi

Roo
Windows

Re: Bacon?

"I take it you don't ride a Harley"

You'd be guessing right, that said I don't have anything against Harleys aside from the fact many owners/riders willfully derive their joy at the expense of wrecking other people's enjoyment of peace & quiet.

The bikes are fine in themselves. :)

Roo
Windows

Re: Bacon?

"I'm sorry, but that limp, greasy substance you laughingly called bacon is sickening. Real bacon is fried (even deep fried) or even microwaved until it is a dark reddish brown color, and cannot be bent without breaking."

Sounds ghastly.

"Only then is it worthy of the name bacon."

You should head to Kirkby Lonsdale in the UK and try a Bacon Butty from the outfit at Devils Bridge if you want to learn what real Bacon tastes like. The slimy water infested stuff turned into jerky that you're talking about doesn't qualify.

"British cuisine. Fagh."

Choking an your wood disguised as bacon ?

Trustworthy x86 laptops? There is a way, says system-level security ace

Roo

Re: This is why

"The tatties may be be compromised for one reason or another, but those delicious parsnips will bring it all home again."

Wise words. :)

Roo
Windows

"I am surprised the author views there being no other viable processors. What about POWER / MIPS?"

None of them are viable if you're trying to make a known-stateless bit of kit... Even the FPGA she's talking about could have bit of the die specially reserved for the use of the criminal/spook fraternity. Intel has now invested a substantial amount of cash in the FPGA business - so she can come back in a couple of years and tell us that all our Intel FPGAs are untrustworthy too.

She's raised a fair point though, but it's a moot one until she has a fab that she trusts to produce the logic & the storage. I can't help but hope that there are side-channel attacks that can reliably detect the untrustworthy bits, as I'm unlikely to be able to afford a fab I can trust. :P

Cache-astrophic: Why Valve's Steam store spewed players' private profiles to strangers

Roo

Re: Now I concede that Windows is the better system for gaming

"X-Windows bottleneck can be problematic on Linux & Unix (may be out of date here tbh)"

That statement hasn't been true since 1992 when SGI released OpenGL. Just to put that in perspective that's 3 years before Win 95.

Debian Linux founder Ian Murdock dead at 42

Roo
Windows

Re: RIP

"On another note does anyone even bother with Diebian (Outside of Ubuntu), anymore ?"

Poor taste.

Have a downvote for failing to correct bad-taste spelling.

Patch now! Flash-exploitin' PC-hijackin' attack spotted in the wild by Huawei bods

Roo
Windows

Re: Firefox is just as bad

"and the Linux kernel still manages to accumulate lots more documented holes than the Windows kernel."

Oooh look, an AC Shillingsworth having a pop at Linux again with zero citations to back themselves up. Have a downvote to go with your shilling.

North Korean operating system is a surveillance state's tour de force

Roo

Presumably Hameron, Theresa May & Hillary Clinton will be banning everything but Red Star OS in the near future.

Christmas comes early at US Patent office after massive IT outage

Roo
Windows

No need for them to shut the office down for an IT fail...

All they need in their day to day grind is a rubber stamp judging by the patents they grant.

Java 9 delayed until Thursday March 23rd, 2017, just after tea-time

Roo
Windows

Re: Friends don't let friends install Java.

"But there is nothing wrong with using Java as a normal programming language, like for server applications or even on desktop. In that role it is way safer than C or C++."

I do a lot of work with Java, and quite frankly it's just another case of "You can Write FORTRAN in any language". Resource leaks, excessive memory consumption, tragically heavyweight runtime, random .so deps through JNI/JNA, JVM pauses triggering timeouts etc...

For the record I am a Sun (RIP) fanboy and I pretty much detest MS and most of their products, but even I have to concede that C# and the CLR cause far less strife than Java & JVMs. Snoracle could have done the world a massive favour by shamelessly stealing features from C# and the CLR.

Multiple incompatible flavours of the JRE/JDK haven't helped either.

As usual YMMV.

Oracle ordered to admit on its website that it lost the plot on Java security

Roo
Windows

"Is it some "enterprise software" obsession with enforcing that only the certified, tested-upon, version of Java that the software shipped with be used, in order to facilitate vendor support?"

With the payware I deal with that is usually the case, but there have been cases where jars genuinely have not been forward compatible (deprecated features etc).

I think the root cause behind a lot of the JVM & Java gripes is the idea that Java code should be totally decoupled from the host OS, so you end up with Java app being a square peg being shoved into a round hole. It's the inevitable result of hiding the host OS from the Java devs. :(

Roo

Re: Little different from other business models

"Here, they give a new edition with tge beneficial features actually turned off, so where most needed most (to counteract low Ram etc on older kit) you getforced to upgrade hardware instead."

Tell me about it ... OpenBSD have binned some of the SMD disk support recently... Granted I haven't fired up the old Fujitsu Eagles for a decade now - but still...

Roo
Windows

Re: I am getting that..

"Printed on a t-shirt and wearing it whenever I get dragged into a meeting with out oracle sales reptiles."

I'd love to send some sales reps off for a lunch with Mr Creosote.

They get to stretch their expense account with feeding Mr Creosote in return for him ordering everything twice "mixed up in a bucket" which is pretty much what they aim for anyway. Everyone's happy, well at least until sales reps are covered in vomit.

Surface Pro 4: Will you go the F**K to SLEEP?

Roo
Windows

Re: All quiet on the western front

"I used to dual boot Windows/Linux too

Problem was, to get any work done I had to be in Windows."

Exact reverse for me

"To play any games I had to be in Windows."

That's still true, although I rarely get a chance to play a decent game these days, all I get to play these days are is find the registry key that's fucking up the system today game.

"If I wanted to waste an evening fiddling around with command prompts and text based config files I would boot into Linux"

Each to their own.. You wouldn't happen to be related to Eadon would you ?

As it happens I rarely need to boot up Linux because suspend & resume work properly unlike the pre-installed Win 8.1. I'd be the first to confess that plain text config files stashed in /etc aren't as challenging or as *exciting* to edit as the zillion line uncommented .ini files scattered around the Windows partition (or the regedit game). On the other hand I don't particularly like playing the regedit or hack the undocumented & uncommented .ini file games, so I'm quite happy to spend my Linux time working and doing fun & productive things instead.

YMMV.

Security industry too busy improving security to do security right

Roo
FAIL

Re: Typo ...

"It seems they''ve now backtracked on that, as support for TLS > 1.0 isn't quite as strong in the wild as it should be."

So essentially the standard(s) they produce are merely documenting what's out there rather than establishing best practice. Presumably the insurers will upping their premiums accordingly now that they can see that the industry standard is in fact bad practice. Smells like a Fail of the Epic variety.

Juniper 'fesses up to TWO attacks from 'unauthorised code'

Roo

"For someone like Juniper I'd have an army of independent penetration testers + bug / hack bounties. Seems likely that they have neither...."

I hate to sound flip, but as soon as testers are taking Juniper's money they would cease to be independent. Arthur Andersen failing to properly audit Enron is an example of how that can go wrong in practice.

The bounty scheme seems like a reasonable option for acquiring your army of independent penetration testers, but you are competing in an open market against other vendors to attract decent talent, you have zero (you said independent, right ?) control over which bits of code these folks work on so the coverage will be patchy for a non-trivial bit of code.

Roo
Windows

Re: What, if anything, is the open source equivalent?

I used OpenVPN a long time ago, no idea how it stacks up against Juniper's gear though. It worked well enough from the PoV of just using it (I didn't set it up). I try not to make a habit of courting the attentions of plods operating under the "nothing to hide, nothing to fear" principle, so I tend use (ad-hoc) SSH sessions on the rare occasion I feel the need to wrap stuff in a security blanket (pun intended).

Roo
Windows

Re: I Can Hardly Wait for Self Driving Cars

Have an upvote for making a better job of it than I did. :)

Roo
Windows

Re: I Can Hardly Wait for Self Driving Cars

"Best lesson I learnt from a sage university prof, "it is mathematically impossible to prove a program is correct"."

Some programs can't be proven to be correct, but in the general case Sage University Prof is wrong.

You can prove that *some* programs are "correct" with respect to a "correct" spec. There's been a fair bit of work in that area over the last 30 years, a sage prof with a good solid understanding of the topic and research done in the area, might have phrased their assertion more carefully. ;)

Hillary Clinton says for crypto 'maybe the back door is the wrong door'

Roo
Windows

Re: There is a way to do this... encourage bug doors

"Doing this is comparatively easy, encourage complexity increasing ideas like the Stroustrup-like OOP, discourage simple solutions to trival problems. Eventually you will raise a generation of "Poetterings""

That's old hat, the Java boys are leading the way with stuff like Spring & Dependency Injection. I've already seen backdoors injected that way by the hundred... ;)

Cue much head-scratching from the Devs who can't work out why their rigorously unit-tested code isn't behaving the at run time... Ironically they used DI to force themselves to write testable code which enabled the vulnerabilities that they couldn't unit test for...

Sanders presidential campaign accuses Democrats of dirty data tricks

Roo
Windows

Re: DNC Panic Perhaps

The Demented Donald Show is casting a long an unhelpful shadow the serious business of electing the next leader of the biggest and most probably the most active military power on earth. Just from a moral stand point it's pretty low to be giving someone who appears to be suffering from dementia maximum coverage for laughs.

Let's shut down the internet: Republicans vacate their mind bowels

Roo
Windows

Re: Encryption

"I'm surprised none of the candidates put it in black and white terms: "If you enable encryption, you enable terrorists to conspire to destroy the United States, so you're left with only two options: Big Brother or Big BOOM!""

That line of argument has been in circulation in the UK for my entire life in one form or another, it would be great if died quietly and was buried alongside the careers of self-serving liars who use it.

Roo
Windows

Fear and Loathing ...

It's weird watching this circus, it's Fear and Loathing on the Campaign Trail writ large. It really doesn't speak well for the future at large if these people can't be arsed to understand stuff they are raving about.

The best hope the world has is that they are all sock-puppets.

Windows' authentication 'flaw' exposed in detail

Roo
Windows

Re: Never say never

"When MS turned off default support for NTLM authentication, there was /outrage/ from the community of SAMBA users (I don't speak for the developers).. M$ had /deliberately/ broken compatibility with Open Source community!!! Windows was /incompatible/ with Open Source software!!!"

That wouldn't surprise me in the least, but I haven't seen any evidence that Microsoft left the option in to keep the Linux fanbois happy. OTOH I do recall MS using Samba interoperability as evidence that they were playing nice with the competition in anti-trust cases...

Roo
Windows

Re: Never say never

"Not hard to find an example:

http://zone-h.org/news/id/4737"

That example doesn't back up any of the OP's claims (or the claims made in your post), it's 5 years out of date, and many of the vulns it focusses on are nothing to do with the OS anyway.

"Anyway - this isn't exactly news - "

That's true, A.C.Shillingworths are two a penny and they pop up in el Reg's forums on a regular basis, so we do tend to see the same unsupported assertions over and over again. It's funny how so many A.C.s come up with the same opinion - it's almost as if it's actually originating from a single source - perhaps a malign marketing department with a track record of FUD...

"Windows has had fewer vulnerabilities than commercial Linux distributions like Redhat and SUSE (and OS-X) that were on average patched faster every year for the last decade."

You claim the evidence is "not hard to find", yet you provided no evidence to support any of the claims in the original post or the post I am replying to. If you had evidence, and were willing to stand by it, you wouldn't be posting as A.C.Shillingsworth.

By the way "OS-X" has nothing to do with Linux, that really is something you should be aware of if you are commenting on the relative merits of OSes with respect to their vulnerabilities.

Roo
Pint

Re: Never say never

"Latest versions of NTLM are more secure than the old ones - you may need to disable fallback features in some OS (or use passwords longer than 15 characters...), ensuring unsupported OS are not in use."

Fair comment LDS.

Roo
Windows

"Many of these "flaws" require the person to have certain access that most don't have."

There are plenty of privilege escalation exploits & vulns out there, social engineering still works too.

Roo
Windows

Re: Never say never

"Hacking / defacement stats of internet facing web servers indicate that Linux is the easiest - about 4 times more likely to be successfully attacked than a Windows Server box (that's allowing for relative market share)."

Being an AC and failing to post citations/evidence puts that in unsupportable tosh from the Windows community bucket, alongside NTLM, the decision to allow NTLM to survive beyond 1996 and by association pretty much every product that MS has released that makes use of it...

The good news is that Satya seems pretty happy to disrupt stuff so there's a better chance of NTLM being consigned to oblivion where it deserves to be. I'm hoping for that outcome. :)

New gear needed to capture net connection records, say ISPs

Roo
Windows

Re: Drown them...

"There's only one thing to do... drown them."

If flooding is deemed to be an effective way to thwart their surveillance the politicians will simply pass a law to make it a criminal offence (this is probably already covered by existing law as a form of DoS). The handy thing about such an offence is that pretty much any extraneous traffic could qualify, effectively criminalizing everyone.

Eton & PPE doesn't seem to have clued these folks up on the concept that they could end up on the receiving end of badly written law, but that may be because they fully expect to be above the law indefinitely.

Roo
Windows

Re: Cheap solution

"No you can't borrow our drive, it's in use."

- "Fine, we'll ask you for it so we can read your data or you can be imprisoned until you let us have it.. Oh and make sure you replace it with something we can read easily next time."

The latest legitimising mass surveillance proposals include "non data" as well. :(

Memory-resident modular malware menaces moneymen

Roo
Windows

Re: Malware Anti-virus

"I view "anti-virus" software as virus injection software...you've decided to infect your PC with a relatively benign strain of performance sucking rootkit, in hopes that it is so successful as a infectious agent that it can starve out other, nastier virii."

Pretty good description. :)