50 posts • joined 28 Jun 2011
re: where's the GCHQ version?
I got mine from the Guardian offers page at http://entertainment.guardianoffers.co.uk/i-aa-rm001699/g-c-h-q-always-listening-to-our-customers/. My wife bought me the NSA version for Christmas.
Unfortunately, the GCHQ version does actually not feature their logo - more a generic HMG "crown". As another poster has said though, GCHQ's site specifically states that the logo may not be used "inappropriately".
No sense of humour.
Journalistic licence. And in my view, not unreasonable. When I read the original article last night, my immediate conclusion was "wget".
But whatever the tool, the principle remains the same. An NSA insider, and a contractor to boot, was able to recursively scan and download a bucketload of highly classified documents, including documents from a Five Eyes partner, without any effective alarms going off.
That says an awful lot about the effectiveness of the NSA's security practices (for both technical and personnel security). No wonder they are pissed off.
Re: wget - The hackers friend
I have deleted all copies of wget from all my systems.
Re: It's a people problem
Plus 1 for that.
In the UK, the police call the "high vis jacket" the "cloak of invisibility". Wear one and no-one looks at you.
"Aside from the orchestration capability, it also removes the most troublesome parts of running a cloud - network engineers."
Great. I'm really looking forward to hosting a bunch of applications with a "cloud" provider which employs no network engineers. I feel safer already.
Re: Seen it before
Yep. Back in September 2002 OGC published "Open Source Software: Guidance on implementing UK Government Policy." I wrote it.
And if you look very carefully at the cover of that document you will notice that it includes a picture of a laptop running the (then) popular X11 game called "kill bill".
Nobody, but nobody, in the publication QA process spotted it.
Re: Volenteers != free
"Mind you, the picture at the foot of their home page makes it look like their test servers are in someone's garage!"
They probably are. I understand that TDR runs the build and test servers himself.
Re: "strict", "moderate" and "light".
"All I want for Christmas is a VPN connection outside of blighty."
Try openvpn. You can rent a really cheap VPS (less than 5.00 USD per month) in a variety of places other than dear old blighty. With your own VPN to that VPS (running on say, port 443) you are good to go.
Oh yes indeed. Because taking a tablet into the bog with you looks a little, shall we say, suspect.......
Despite the fairly obvious troll traits, I was going to comment on (and down vote) your original post. But a moderator quite sensibly removed it.
For some statistics on the relative usages of linux v BSD, take a look at http://w3techs.com/technologies/comparison/os-bsd,os-linux. BSD is not even in the running in an environment (servers) where it could be expected to be used. On the desktop it is not even a rounding error. I log statistics of OS/browser types hitting my website. I don't see any BSD anywhere.
And I note from your posting history that you have an apparently disturbing set of phobias. Seek help.
If you have to ask. then you wouldn't understand the answer.
Royal Palace security
"You will also need strong identification to get into a royal event such as a Buckingham Palace garden party – Palace police are quite strict on checking ID"
Several years ago I was doing some work with the Royal Palace on behalf of the UK Gov Dept I then worked for. Entry to the site was controlled by Police Officers who insisted on two pieces of identfiication. My official pass sufficed as one piece, but they needed another. On my first visit I gave them my ID pass and my passport. On a subsequent visit I forgot my passport so the officer on duty asked for an alternative to add to my ID pass. I furtled in my wallet, but all I could come up with (beyond the usual bank cards etc) was a fishing licence. He said, "OK, that'll do, it's an official document."
You can buy fishing licences at a post office.
Raiu said "“They are opening stolen documents on virtual machines without any internet connection to avoid exposing themselves that way,”
So how does he know that?
At least he didn't sing.
Re: Quoting Terry Pratchett???
Good grief. I agree with Eadon.
Relativity in lego
Very nice. But I think Andrew Lipson beats him. See http://www.andrewlipson.com/escher/relativity.html for example.
Re: a plea
Please dear Reg, use english in your reporting. The phrase "The Register reached out to Facebook" simply made me cringe. Yes, I am an old fart, yes I am being finnicky, yes I know what you think it means, but it is nonsense. It irritates me almost as much as "going forward" and other such twaddle.
There, I feel so much better now.
Re: The 'request filter' is signature driven
"random data generators, random traffic flows, leave your PC browsing on its own whilst you go to the park"
Interesting idea. Now how, exactly, would you get your PC to "randomly browse" in a way that would look anything other than stupidly robotic and predictable?
Nationwide Banking off-line
Seems to have been off-line for a while. I first tried about an hour ago, but of course it may have been down before that. Mobile banking and payments also down.
Back when I first installed FW/1, I was puzzled to find that they wanted the external IP address of the device before they would send the licence key (I assumed that the key would be hashed to that address in some way). No entirely happy with that, I stuck mine behind a NAT device so that the external address I gave them was drawn from RFC 1918,
Re: I'm reading that Mandiant report right now....
They are quite well embedded over here too. See http://www.cesg.gov.uk/News/Pages/Cyber-Incident-Response.aspx for example.
Re: Paper wins
Re: Who gives a donkeys...
Actually, no I would not. Not ever.
You clearly are not from Norfolk or you would know that a Norfolk "boy" is actually a good old "bor".
I, however, do live in Norfolk, and we are not all "bumpkins".
"Linux never supported the 286 or earlier."
Well, the linux kernel didn't appear until 1991 and Linus built it for a 386/486 target (he was playing with Minix 386 and was frustrated with its limitations).
However, somewhere in my loft I still have a copy of v2 of Xenix (an MS licensed version of Unix) dating from the mid 80s which ran on a 286. The earlier version ran on 8086 I believe.
Check that keyboard
Interesting that your pic of the "prototype keyboard" shows a rather, errm odd, layout. Looks as if someone has been prising off the chiclets and re-seating them.
I had one of these back in the late 80s when I was working in HMT's IT Unit (and shorty before I joined CCTA). It was a rather nice piece of kit. Light, good battery life, excellent screen for its time, and robust too. I used to carry mine around in my briefcase bungied onto the back of my motorcycle. It came loose one day and bounced down the Wandsworth road on the approach to Vauxhall. Brieface a bit battered, but the Liberator still worked perfectly.
I'm note sure the office Lisa would have coped as well.
Re: Consumer VPNs Exist?
Yes. If you a re a reasonably savvy consumer (and of course, as a Reg reader you are, right?) For the price of a cheap NAS running debian hanging off your home ADSL router you can set up openVPN and tunnel out through that from wherever you may be. Or you could spend a few more quid and set up the tunnel end point on a rented VPS somewhere. Just check the terms of serrvce first.
Re: Not Really
"Probably just paranoid (adjusts tinfoil hat), but I do know that about 85% of the intrusion attempts on my various networks originate from China."
No. You mean that "85%" (or whatever) attempts have source IP addresses in Chinese address space. You have no idea whether the /actual/ source is in some other place and is simply using chinese IP addresses as a cover. In the same way you have no idea of the /actual/ source of any DDOS attack - all you see are the multiple IP addresses of the compromised machines which form the 'bot.
"false flagging" is probably more common than most people believe.
Re: NUMBER of people!
Missed it. But I can never resist the temptation to correct poor grammar.
Re: NUMBER of people!
Errr. "fewer" people.
Well, someone had to say it.
No. He means PV. At least he does if he is talking about the old vetting system as seems likely .
PV = Positive Vetting.
DV = Developed Vetting.
Ross is an interesting guy and has some talented co-workers and students. But he is vehemently, and vociferously, anti-spook. So not surprising he is not on the list. Shame really. He might have been a useful counter to the possibility of group think.
Oh the irony
""Moving departmental websites onto GOV.UK will, in due course, realise significant savings for the taxpayer,"
Exactly the same argument was used about binning open.gov.uk (the first single portal into government) following the Gershon review which closed CCTA.
Guess who I used to work for, and what I used to do.
"this latest scheme puts the intelligence services directly in touch with the private sector for the first time,"
Rubbish (or CESG/GCHQ flummery). Both CPNI, and its predecessor organisation, NISCC, have long had direct contact with private sector organisations.
Re: From the article and comments, we can deduce 2 things;
"I would have thought Linkedin would have attracted users with some level of sense"
Now what on earth gave you that idea? It's a social network.
Re: How can anybody now justify using Google APIs?
I can lend you a disk drive. But you'll have to source whatever software and OS you used yourself. Now PCK tape would be a bit trickier.
no such thing
"In a closed session Homeland Security Secretary Janet Napolitano, FBI Director Robert Mueller, National Security Agency Director Keith Alexander and Principal Deputy Director of National Intelligence Stephanie O'Sullivan briefed the politicos on the current state of the cyberwar."
A plea to the Reg if I may. Whilst it might suit the americans (and some people in the UK) to talk about internet based "attacks" as constituting a war, there is no such war and the public is ill served by the media reporting in a manner which suggests there is.
Please stop it.
re: You know.....
One upvote from me on that. I wouldn't trust them any further than I can throw an elephant.
Eh? What does that mean in english?
I'm with Mike
Like Mike Cardwell, I too run my own mail server. And for some few months now I have seen exactly the symptoms he describes (my logs show "lost connection after STARTTLS from unknown[188.8.131.52]" for example). But the problem was intermittent and I never got around to sniffing the traffic as I had promised myself I would. The problem is compounded by the fact that I use my own X509 certificates for TLS (so the certs are not signed by a separate certificate authority) and the mail client I use on my phone (k9mail) seemed to have problems with that. So, I wasn't /exactly/ sure that t-mobile was at fault. Now I am. have banged off a complaint to T-mobile via the forum (and pointed out that my contract is shortly due for renewal).
I run my own mail server because I like being in control. If my network provider interferes with my traffic, then I am not in control. So I'll get some PAYG SIMs to try others.
I agree. Dead trees make more sense. http://baldric.net/2011/08/14/in-praise-of-dead-trees/
That'll be the same BCS that doesn't understand why you don't send security credentials in email then?
Xfce is the way to go
Like many others I have shifted to Mint. In my case, LMDE with Xfce. LMDE because it is Debian based rather than Ubuntu and Xfce because it matches the way I prefer to work rather than the way somebody else thinks I should work. And with luck the Xfce guys won't feel the need to fsck with the desktop in version 5.0
@it's not the money
Have to have a wife??? What, even the female staff?
@it's not the money
...have to have a wife????? What, even the female staff?
Methinks your neanderthal prejudices are showing. Whiche means you'd fail selection.
That photo reminds me of the classic Sunday Sport article of a few years back. When they first printed the picture (of a Lancaster iirc), it bore the headline "WWII Bomber found on moon." A week or so later, they published the same picture without the aircraft under the even better headline "WWII Bomber on moon disappears."
Pah, call that expensive
Back in 1980 or 81 I (OK, my Department) paid over £17,000 for 96 MB (in two boards, one of 64, the other of 32 MB) for a crappy DRS 6000. Oh, and the system board with a 40 MHz processor cost about 15 grand too.
Excellent value for money from ICL as always.
thank you, but I must correct this
As the "guy who managed all the websites" at CCTA in the mid to late 90s I am grateful that anyone remembers this. But this post could be taken to mean that I migrated from Widows to Linux. What I actually did was replace a bunch of aging Sun kit running Solariis 2.3, 2.4 and 2.5 with cheaper Dell kit running Redhat (4.2 IIRC).
So I moved from proprietary unix to linux.
But I heartily agree that there is /much/ more room for FLOSS in HMG systems.
- Bugger the jetpack, where's my 21st-century Psion?
- Windows 8.1 Update 1 spewed online a MONTH early – by Microsoft
- Something for the Weekend, Sir? Why can’t I walk past Maplin without buying stuff I don’t need?
- Review 'Mommy got me an UltraVibe Pleasure 2000 for Xmas!' South Park: Stick of Truth
- The land of Milk and Sammy: Free music app touted by Samsung