Posts by An0n C0w4rd

Re: and next week....

FTA:

The regulator explained that telcos would need to keep records of any consent given confirming a switch to another provider.

Yeah, I don't think "keeping records" will really mean much. People, especially in telesales or door-to-door begging, will try and con people into saying "yes" any way they can. IMHO the best way to improve the current situation is to make ISPs give you your MAC code online and cut out the "valuable customer retention department" crap at your current ISP. Not perfect (since we all know website security is sometimes lacking), but a hell of a lot better than just trusting peoples record keeping to keep companies from slamming people.

Re: U.S. NATIONAL DEBT

I doubt very VERY much that an Airbus / Boeing decision will be purely made on whether the NSA snoops on data hosted or in transit through the USA. Likewise a GE versus Rolls Royce decision for the engines on the plane are a lot more complex.

I see more serious repercussions in cloud hosting, as this article alludes to, and perhaps also security related software/hardware. I doubt there are backdoors in as many applications as rumours suggest, but non-USA based vendors will use this to their advantage on the International market.

Actually, the two preferred ciphers that the facebook servers send are TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384.

Yes, you're right about Forward Secrecy, but you're wrong about the cipher. And Forward Secrecy appears to require that you use a very few select ciphers using DHE or ECDHE, which are both slower than the ones they've left enabled. When you're dealing with the volume of traffic Farcebook does, they probably can't afford the hit.

Yes, they still have RC4 enabled (it's the 3rd most preferred cipher), but they need to because very few browsers support the TLS v1.2 ciphers that allow you to avoid RC4 and CBC (the only two usable ciphers in TLSv1.0 and SSLv3). You could avoid the RC4 problem by using CBC, except it's *more* broken than RC4.

So until browser manufacturers catch up and enable TLSv1.2 by default, web sites *have* to leave TLS v1.0 / SSL v3 ciphers enabled, and that means RC4.

(yes, I recently went through a bunch of ssl code at work to try and make sense of the patchwork mess that different browser implementations have forced on ssl servers)

Re: Anon 0 Government 1

The censorship won't work. China has spent *billions* on their censorship and it barely works. It just drives innovation amongst those what want freedom from oppression. The UK is too poor to waste money on crap like this. About the most the government has to do is mandate a minimum standard for parental control and then let the companies slug it out for best service.

The one big difference, I believe, is that a large part of the Great Firewall of China is state sponsored. This system is being forced on private enterprises and they will be footing the bill for implementing it (or rather, their customers will be in increased ISP bills)

I wonder if some of the smaller ISPs, who are likely less able to absorb the start up costs associated with this system, could appeal to the competition commission that the govt. hasn't undertaken a proper equality impact assessment.

Re: How to stop this happening again

@djack

I agree, partly. My caveat is around the "it's secret, therefore it must be secure" mindset some companies have. Mifare comes to mind as one example.

Publish the crypto algorithms and code for 3rd party scrutiny, or face the possibility of crippling jail and/or fines. Don't have to open source them for world+dog to use, but for $DIETYs sake get some people who know what they're doing to validate that you're not a complete muppet.

If your device or application is used often enough or in high value target, bad people will find out exactly how sh*t your security is, and possibly before the good people.

IMHO if you insist that your security is "good enough" and don't take steps to validate this, then you deserve everything you get.

Re: Eh, c'est la France !

@Grikath

I believe due to the NL media tax, you can't get prosecuted for downloading things from BitTorrent since you've already paid the tax on the storage.

I may be wrong, someone who lives there told me.

New jet engines (Which I think includes the APU in the tail) come covered in a protective oil for storage purposes. When you first fire them up, that smoke cloud happens. Go watch the video on airbus.com of the recent power-up of the Trent XWB engines for another example.

Re: I'm confused

Illegal porn, dodgy pills and dangerous goods don't have the RIAA and MPAA chasing them down with a large axe.

I suspect this is more about the links (real or otherwise) to TPB than about VPN providers, although other VPN providers may be on the chopping block next (e.g. some USENET news providers include a VPN in the price of their some of their products)

Re: "revamp tax rules to close the loopholes"

The governments who are lambasting the large firms for "exploiting loopholes" in tax law to their advantage don't want to change the law because the repercussions are difficult to foresee accurately. If they try and make the changes revenue neutral, or even favour the govt a little bit so some new tax money comes in, there could be a rebalancing in the market that actually makes the govt tax revenue position worse.

So rather than try and fix the problem (and remember, the govt created the problem in the first place by implementing the exceptions that are now being exploited), they try to shift the blame to the companies.

The sooner the electorate stop buying the male bovine offal shovelled out of the "Public Accounts Committee" or the US equivalent the sooner the problem can be fixed as the politicians suddenly realise their re-election may depend on it.

Re: Passport revoked

No, all it means is that they've revoked his right to international travel. Citizenship is a lot more than just a passport. E.g. most Americans don't even *have* a passport.

Re: Some people need a life

My irritation with Linux starts with the boot messages. In FreeBSD (and I think in all BSDs, but haven't checked) the initial probe messages come from the bus that the device lives on, so the probe messages are uniform

e.g.

xhci0: <Intel Panther Point USB 3.0 controller> mem 0xf3500000-0xf350ffff irq 16 at device 20.0 on pci0

ehci0: <Intel Panther Point USB 2.0 controller> mem 0xf3518000-0xf35183ff irq 16 at device 26.0 on pci0

hdac1: <Intel Panther Point HDA Controller> mem 0xf3510000-0xf3513fff irq 22 at device 27.0 on pci0

siis0: <SiI3132 SATA controller> port 0xd000-0xd07f mem 0xf3484000-0xf348407f,0xf3480000-0xf3483fff irq 16 at device 0.0 on pci4

This makes it very easy to look through the boot messages and see what is there and what isn't.

The Linux kernel probe messages are done in the individual driver, a number of them include copyright messages, and there is no apparent commonality between any of them. To me that makes the kernel boot messages less than helpful.

It may not sound like a huge deal, but when you're trying to figure out why something isn't working as expected, it makes a difference.

There are definitely things that work better in Linux, such as package updating (the old pkg system in FreeBSD wasn't the best at that), but FreeBSD makes a lot more sense to me. Linux shows it's heritage too much - it's a lot of different bits by different authors that are glued together to form "distributions".

@Dan 55

defaults write com.apple.desktopservices DSDontWriteNetworkStores true

allegedly stops that for the current user.

Re: Puzzled

I guess it also depends on where the alleged collusion happened. If it was between publishers themselves and didn't involve Apple then it is an entirely different situation to the one the DOJ is currently pursuing against Apple.

Re: Express incredulity

@Yes Me

Fibre splitters are hardly hacking, and unless you do it in the middle of nowhere they're bloody obvious. Even if you do it in the middle of nowhere you can often spot the loss of light

Re: Energy levels

Given that most of the run time at the LHC is devoted to proton-proton collisions, I'm unsure about your "light particles" comment. Heavy ion runs at LHC, typically Pb, only got 1-2 months per year

Re: I'd be interested to see the numbers

Lots of threads about the N40L talk about Windows Home Server on the boxes.

I don't personally see much point in buying a chassis that was 150 quid after a rebate and then paying several times that for a full Windows Server license. Stick some open source OS on there with samba (and netatalk if you have Macs) and you're laughing.

Re: Just one more thing...

If they're thinking of replacing the current 27" ThunderBolt display with a 4k version, they're really pricing themselves out of the market.... The 27" TB displays are bad enough as it is.

@ravenviz

Nope. Strictly speaking megabyte, gigabyte, terabyte, exabyte, petabyte, etc, are all powers of two. The only people who disagree are selling mass storage, either spinning rust or flash memory based.

Re: Load of bollocks

Did you miss the part where decisions need to be made today about some things but the system won't be available until next week?

Or how this is *after* exam results are out and therefore the *wrong* time to be doing maintenance? The time to take this kind of service down for weeks worth of maintenance is after term has started but before results are published.

I strongly suspect this isn't a scheduled or preventative maintenance issue, it's a "someone clucked up and corrupted the database and we're fixing it by hand" issue. Having run systems a decade ago that were handing upwards of 500k transactions an hour and had ~2 hours of scheduled maint. a month, it's not rocket science if you design the software and scale the hardware appropriately.

Re: It did.

@Louw

Still not comparing like-with-like. Compellent had 144 SSD disks vs 56 for the Isilon. And 2 years ago the IOPS on flash drives was lower than it is today AFAIR.

Which is the problem with a lot of these SPEC benchmarks. They tend not to be updated frequently as it takes significant resources to run them, and vendors often compare their latest generation product to one several years old.

Re: Someone should tell the Sun-Times

Oh, and yes, the tiny sensor will have a definite negative impact. The smaller sensors are nowhere near as sensitive as APS-C or 35mm sized sensors, so they tend to crank up amplifiers to handle low-light situations and hence introduce a lot more noise than a DSLR sensor would.

Re: Bah!

@Stevie,

Please tell that to the people who are US citizens and regularly get harassed when coming back into the country and have electronic devices seized and searched without due process. There is at least one security researcher who now either doesn't travel with electronic devices or travels with them wiped clean and he downloads the contents from the Internet once he's past the grubby mitts of the TSA