* Posts by Diginerd

26 posts • joined 10 Aug 2011

Big Music goes mad for chat bots and AI

Diginerd

Re: "Most chatbots aren’t really artificial intelligence"

Eliza is smarter than your average starlet...

2
0

Outlook outage outrage

Diginerd
FAIL

Azure... Aptly named

Blue sky & no cloud!

- Xposted from other thread

0
0
Diginerd
Coat

Re: Pigeons

^... SHOULD read RFC2549 ("IP over Avian Carriers with Quality of Service").

"Unintentional encapsulation in hawks has been known to occur, with decapsulation being messy and the packets mangled."

More pigeon carnage here: - https://tools.ietf.org/html/rfc2549

0
0

Microsoft still working to fix Outlook sync issues

Diginerd
FAIL

Azure... Aptly named

Blue sky & no cloud!

6
0

Surveillance camera compromised in 98 seconds

Diginerd

Re: Why is this still a problem?

...because the business risk to the vendors is currently near zero and margins are paper thin.

Until the Status Quo changes tune, it falls to those in a position to mitigate vendor shortsightedness to take action.

For a concrete example of how ISP port blocking can turn a potentially deadly vendor screwup into a non-issue see Chris Miller's Defcon presentation on Chrysler Jeep hacking. Scary stuff with jaw-dropping incompetence on Chrysler's part making the PoC possible.

The obvious downsides to a strategy where ISPs take proactive defensive measures are:

1) Collectively rewarding the incompetence of said Vendors.

2) Creating hoops for competent users to jump through.

Given the circumstances it feels this is an acceptable compromise when the damage that vendor negligence can, and does, cause.

1
1
Diginerd

Re: One for the ISPs...

I for one welcome our robot overlords (aka "auto-correct").

All jokes about draconian ISP policies aside, "Subjects" in post above should read "SUBNET"s.

Oops

3
0
Diginerd

One for the ISPs...

More than a few US ISPs catering to home users have T&Cs prohibiting them from "Hosting servers". They then filter traffic headed to their user subjects on mail, ftp and webserver ports along with outbound smtp traffic to off-net IPs.

If you buy "Business class" service from the same ISPs you get the same service as a home user with a 20-30% price hike plus the ability to host servers/send smtp mail anywhere. However, "business" users must request the port filters be removed and accept responsibility for server traffic.

Removing the filters takes about 5 minutes.

Practical upshot is this provides little impediment to responsible users and saves the rest of the world from millions of spam messages being sent by clueless users.

A decent step in the right direction would be for those ISPs to block telnet traffic by default too...

6
8

Security bods find Android phoning home. Home being China

Diginerd

Re: And here I was expecting 99 comments to be a detailed technical discussion

Please do! Likewise here if anything is seen.

Anyone else feeling like chipping in too would be appreciated.

Spirit of cooperation in a comment thread? Here's hoping.

0
0
Diginerd

Re: the discovery of the firmware is being taken very seriously by US government officials

It's not that hard... See above + a working knowledge of "Old News" about capability ;-)

0
1
Diginerd

Open tickets with your Cellphone provider...

Ask them about the firmware and ask them to block the domains and IPs involved.

As an individual you likely won't get far, but if you run an enterprise account (Pretty sure more than one El Reg Comments reader does!) you might get some traction if more than a couple of folks make noise.

While we're at it, put 127.0.0.1 entries for the bogus domains and null route the parent IP ranges at the edge of the corporate network.

Sure, the above is not going to be close to 100% effective, but worth the effort to reduce the attack surface here.

/playing whackamole

3
0

Forget razors and blades, APIs are the new gotcha

Diginerd
Coat

Speiling. You're doing it wrong if your API...

...doesn't sanitize inputs, isn't (somewhat) liberal in what is accepted and conservative in what is sent?!

1
0

Chirp! Let's hear it for data over audio

Diginerd

Re: Standards

Wow, how did I miss RFC1926? - it's a corker! Upvoted ;-)

Isn't it ironic (Don'tcha think?) - RFC1926 comes right after RFC1925...

For those reading this with a frown and a healthy dose of "WTF they talking about?"

RFC1925 is the first of the "Desert Island RFCs" ("DIR'). It SHOULD be manadory reading for everyone working in technology & failure to grok it is a common problem of startups...

Click bait (Fair warning - the rabbit hole is deep!) https://tools.ietf.org/html/rfc1925

Of course, the second DIR MUST be RFC1149 ;-)

Akin to Rule34, and verifying RFC1925, OP linked RFC1926. Nicely done sir!

Cheers!

WRB - IOOF

0
0

Cisco emits new branch box

Diginerd

Re: Sales pitch

Rack & connect the new gear? If you buy the premium support they'll even copy config if needs be...

Unusually cheaper to have next day coverage, build a design that can survive for 24 hours with a box failure and have a support contract with a local tech firm to handle remote hands.

0
0
Diginerd

Re: Sales pitch

That's the thing about the ISR G3s (The 42xx/43xx boxen), the licenses look really expensive until you realize they're only moderately spendy because the limits are for throughput WITH ALL FEATURES ACTIVE.

The cool thing about these is the integration with APIC-EM - No console cables required.

0
0

Firewalls snuffed by 'BlackNurse' Ping of Death attack

Diginerd

Read the Farkin' RFCs - This is "Normal"

Type 3 ICMP messages indicate a problem in the Forwarding Plane, and require a "Punt" up the stack to the device's processor to enable it to work out what to do as a result of the message.

RFC792 (From September 1981) covers ICMP in gory detail...

The challenge is when the RFC was written, NAT was barely a concept - much less a multi-billion dollar "Firewall Industry".

General blocking all ICMP frequently causes more problems than it solves. Not least, OSI networks (e.g. The Interwebz) rely on RFC conformance to operate "Correctly", so a more granular approach to risk is usually preferred.

The classic problem of path MTU was covered in the article, and crops up frequently when ICMP Type 3, Code 4 messages ("fragmentation needed and DF set") are dropped silently by an intermediate device. DON'T do this unless you REALLY know why you're doing it. Your users will thank you.

Networking is complex to do correctly, but it's essentially collection of interacting logic puzzles.

A cool sounding name doesn't make this sexy & don't expect huge vendor responses to something "Working as Intended". Mitigation here is a situation specific configuration issue.

3
1

Microsoft withdraws software silos from Germany in patent war

Diginerd
Thumb Up

Re: I wonder...

Arguably one of the most insightful software patent posts ever.

Thanks!

0
0

Blizzard ponders World of Warcraft for iPad

Diginerd
Thumb Up

Re: Class selection

+1

(The post is required, and must contain letters.)

0
0

Intel Xeon E5s pruned for single-socket workstations

Diginerd
Coat

$4k for 2 CPUs sounds pretty reasonable...

Although it certainly looks like an insane amount of money to someone used to bashing together a PC from a box of parts.

On the other hand if you're a Pro make a living out of your Tools it's a much better option than an $8K PCIe card with 1/10 the power.

Anyone want to take a bet that if Steve's favorite line of "one More thing" gets used today we'll finally see some new MacPros announced today?

If not they have to be soon, but will be A LOT more than $4k when fully specced.

1
0

Server virtualisation: How to pick the right model

Diginerd

XCP

One of the better kept open secrets of open source virtualization is XCP, and it's new sibling Project Chronos (a full port available for Debian/Ubuntu using apt get). Both are essentially FOSS versions of the $pendy Citrix Censerver (Talking Enterprise/Platinum editions, not the freebie base edition.)

One of the cooler new features is a hybrid Storage Model, enabling a pool of servers to access shared storage, but have each host automatically replicate the virtual disks to local storage as they are accessed. The net result is local disk performance after the initial read from the remote SR.

Doubly cool if the local storage is SSD. :)

0
0

FCC's net-neut rules now official

Diginerd
WTF?

@FFS

That patent's pointless...

Ignoring it being 5-15c to send a 163 byte "Packet" for many users ( may explain AT&T's mobile broadband pricing!)...

1) use UDP

2) use GRE to encapsulate "Traffic Contained Protocols"

3) use whatever error handling the "Traffic Contained Protocols" has built in to request retransmits and deal with the inevitable out of order packets that will be involved.

Profit.

2
0

EMC exec flames El Reg

Diginerd
FAIL

Fact - EMC are Bloody Expensive

Marketing spin dosen't constitute smackdown.

Truth is, despite the expense, CIO/CTOs love EMC because they know their jobs are safe buying storage from them. EMC gear breaks just like everyone else's, but the quality of their support and post install team is rivaled only by their sales team.

If you're building datacenters for Bulge bracket banks or the Government there's only 2 players in the game - and HP are struggling. At that level Nextenta are not even close for contention. It's not just about price, it's about knowing you've got a solid solution. Speaking of which I admire EMC's restraint for not lobbing the obvious brick back at Nextenta - so tell me about the impact of the Oracle aquistition on on the longevity of your core OS and plans to shift away deo

it.. Fugly!

At smaller sites the likes of Nextenta and my personal favorite QuantaStor (If you've never heard of them they're REALLY work a look) come into play.

Speaking of QuantaStor, they behave very much like a tiny EMC in terms of customer service and support. Their features are great an their pricing is good, and they know who their customers are and what they need.

Nextenta are using tennisballs to take in an armored division. Poor choice of strategy, even though they're using some sporty tennis balls!

1
0

How gizmo maker's hack outflanked copyright trolls

Diginerd
Thumb Up

There's a lot more to this than tweets

Something I've been doing for years, and now the triple play CableCOs here in the USA have started to do too is use video overlay like this to flash up caller ID when the phone rings.

Works great, no need to interrupt the movie and go get the phone if it's a Telemarketer. Works even better if you mute the ringer before you sit dow. Now all you have is a couple of seconds of a name & number at the bottom of the screen.

The bugger is you need to be watching content from the STB. If you're watching a BluRay you're screwed. This device opens the door around that.

My dodge is averything goes through my HTPC, so I can overlay anything I like on the TV (Monitor really) before it gets onto the HDMI cable. Chumby makes the same thing practical for "The Consumer".

The only people who may have a case against it are Intel as they are picky about getting licencing fees for HDMI. That doesn't sound insurmountable.

Finally the NY Hall of Science is down the road from me, think I might go to the "Maker's Fair" sounds fun. Particularly if I wear my "I void Warranties" T-Shirt...

0
0

Sid Meier's Civilization

Diginerd
Thumb Up

Loses it's charm abruptly...

This brings back memories, awaesom game and truly addictive.

Having played for hours every day over a couple of months (Uni Student + summer break + no commitments = bliss), I reached the point where I struggling to find a way to improve my best score.

Then it happened... Got into fight with the (soon-to-be-ex) girlfriend, and next game went on a global rampage that would have made the real Mr Khan giggle like a scoolgirl. When I'd wiped out the last competing nation the game ended and I had beaten my previous high score by a factor of 5, and the game only lasted 2-3 hours.

Once the penny dropped that the utopian dream Sid Meyer was pushing didn't jive with the rewards of being a brutal dictator I got bored pretty quickly.

Was fun until then!

0
0

Google dumps TV flop on UK

Diginerd

Google Quietly bought SageTV recently...

Which is "interesting" given what it's core is capable of.

At first glance it looks like yet another media center app, and a somewhat clunky ui.

Under the covers it's very nifty and flexible.

Think of it as all the best bits of XBMC (sage's default Ui is based on an xbmc theme, has the library functions, and very similar approach overall), MythTV (many front ends hanging from a backed), TiVO (intelligent recording / predictive recording if disk is free and nothing is explicitly scheduled), recording HDTV and streaming it to "clients" (1080i/720p), Place Shifting (thin clients on mobile devices to your own private system), and a whole bunch more.

sageTV is also very DVB friendly and multi lingual support is excellent thanks to a strong following outside us borders.

No idea wtf The Cf is planning on doing with it though as it's not very "Cloudy"

0
0

London rioters should 'loose all benefits'

Diginerd
FAIL

Better idea.. Anyone want to start a counter petition?

Vengeance may sound good but only makes matters worse. The core problems are a lack of employment and respect for how cushy life in the UK is. No matter how squalid and impoverished.  A more creative approach would be sentencing rioting looters to MANDATORY employment. Community service with a twist- a few months / years helping to rebuild <insert name of country> after a recent war and atrocities (or natural disaster) will provide material overseas aid, and teach the lesson that helping others in greater need than yourself is better than mindless violence fueled by materialistic greed. Maybe a few would apply those lessons when they come home and contribute to society. Finally, it would make one hell of a deterrent with a low number of reoffenders... Free suntan or not.

9
1

Forums