* Posts by Jamie Jones

1725 posts • joined 14 Jun 2007

Sysadmins, patch now: HTTP 'pings of death' are spewing across web to kill Windows servers

Jamie Jones
Silver badge
Thumb Up

@80's_coder

Brilliant post. Agree entirely.

There is a HUGE difference betwen UNIX veterans of the 1970s and 1980s, and today's Linux newbies who just go around 'trying out different distributions', virtually all of which are now dumbed down so much that they have become the Windows 3.1 of their day.

I'm reminded of a quote (but don't remember the author): "BSD is for people that like Unix. Linux is for people that hate Microsoft"

3
0

The Internet of things is great until it blows up your house

Jamie Jones
Silver badge

Re: Last night's episode of Forever

There was an episode of 'Diagnosis Murder' where someone setup a 'smart home' to kill the owner.

Um.. Or so a friend told me *cough*

0
0
Jamie Jones
Silver badge

Re: @ Ian Michael Gumby (was: I have a smart bed....)

When I was a lad, we were lucky if the floor we slept on was dry....

Seriously, though, Ian MG, your post reminded me of something.. This isn't directed at you, but more generally, someone may buy something with only limited internet capability, but in my mind (and knowing the general lack of security in these things) simply the connection raises a red flag.

If a hacker can get in, they may be able to get the bed to do things that it shouldn't normally be able to. OK, without the hardware/physical connection it can't affect that stuff, but, without properly checking, how do you know your voice controlled bed isn't sending your audio to a potential blackmailer, or trying to spam viagra on the world?

1
0
Jamie Jones
Silver badge
Facepalm

Re: No Codes for You

" . Design an iron equipped with Bluetooth LE, linked to a smartphone, running an app that uses its camera to scan a QR code printed on a fabric care tags.

Or simply remove the heat if iron feels like it's sticking, or starts to smell, or - shock horror - use common sense in the first place?

As Ian Michael Gumby says above, a solution looking for a problem.

3
0

DTS announces DTS:X – sparks object-based audio war with Dolby

Jamie Jones
Silver badge
Alert

{{Advert|article}}

"This article contains content that is written like an advertisement. Please help improve it by removing promotional content and inappropriate external links, and by adding encyclopedic content written from a neutral point of view."

0
0

FCC hit with SEVENTH net neutrality lawsuit

Jamie Jones
Silver badge
Unhappy

This just feels wrong...

... that companies can gather together and sue the government. Surely the government is meant to be 'for the people' / 'by the people'.

It should be sod all to do with companies (who are NOT people) and exploiting legal loopholes.

By launching these attacks, they aren't even pretending that a corrupt corporation-friendly (at the expense of the population) political system is the status quo.

9
1
Jamie Jones
Silver badge

I have no idea what problems CL might have with network neutrality rules though, they'd have to turn off the "falsely send DNS not found to a 'search page'" thing -- which I work around with alternate DNS servers -- but I would have thought that's about it, they really don't mess with traffic or ports as far as I know.

...yet?

3
0

What's Meg Whitman fussing over: The fate of HP ... or the font on a DISRUPTIVE new logo?

Jamie Jones
Silver badge
Happy

Re: thanks for that link

Thanks for the upvotes and replies, guys and guyesses!

I like to think that I write well thought out comments, touching on issues ranging from the social to the political, to the technological, and the philosophical.

I involve myself in serious debate threads - fully listening to my opponent, and strategically planning my response.

Yet, in all these years, the most upvotes I've received are on a post about bollocks, linking to more bollocks! That's what I love about El Reg! :-)

As for the link, the site I linked to was just an old archive of an ascii-only mailing list, hence the sparseness.

Here are 2 link to similar CGI generated random card creator. Fun for all the office!

http://www.bullshitbingo.net/cards/bullshit/

http://www.bullshitbingo.net/cards/buzzword/

Googling 'buzzword bingo' brings up more!

0
0
Jamie Jones
Silver badge
Facepalm

ARRRRRGH!

Look carefully at the name "Hewlett" in the first line. See how the crossbars on the two lowercase T's are stuck together? According to Whitman, this is the first time in HP history that this has been the case.

Um... Ok.. So?

"That connection is symbolic of the partnership we will forge with our customers, partners, and our employees – what we will do together to help drive your business forward,"

O...M...G... Check your Bingo cards!

42
0

Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe

Jamie Jones
Silver badge

Re: Thawte et al, hand-rubbing

Interestingly, if you belive the spooks have their paws inside the certificate chain, a self-signed certificate is more secure - assuming you can establish the certificate is valid in the first place.

E.g. if you run your own external server that only a known handful of people use (dept. Webmail etc.)

2
0

Chrome version 42 will pour your Java coffee down the drain: Plugin blocked by default

Jamie Jones
Silver badge
Coat

Re: Not the end of the world

"so you're caught between Scylla and Charybdis. "

Syphilis?

1
0

Google research bods hope to LICK BATTERY life limits – report

Jamie Jones
Silver badge

Re: Arrrrghh

I don't want to see a closeup of someone's gob when I'm eating - only when I'm snogging them.

Anyway, how exactly does it contribute to the story? I though irrelevant pictures were being dropped. And don't use the tenuous 'lick battery life' title as a relevance. It was obviously only phrased that way to fit the picture!

5
0
Jamie Jones
Silver badge
Flame

Arrrrghh

Get rid of that awful article pic

8
1

El Reg offers you the chance to become a Master Investor – for free

Jamie Jones
Silver badge
Happy

Re: I would love to attend

^^^^^^^^^^^^^^^^^^^^'amanfrommars1''s long lost American cousin!

3
0

Woeful groans over Game of Thrones' spill on piracy sites

Jamie Jones
Silver badge
Facepalm

Re: Not on PB yet

" Try kickass.to it is better than PB."

Try reading the comments you are replying too, Mr/Miss/Mrs/Ms Coward!

4
0

Facebook preps for class action lawsuit as angry EU mob lawyer up

Jamie Jones
Silver badge

Re: Then expect to pay for Facebook

I don't disagree with any of that, apart from the bit about all services being forced to charge EU residents.

Sure, they may not be able to make as much profit, but advertising worked before the sorts of harvesting we're talking about here, and I'm sure these services will find a way to still turn a profit without charging, which would be a commercially destructive decision.

Still, I agree with your general point, but meh. I think it's still worth it - if people want to explicitly sign away this info for discounts, then let them, but as it stands, I'm sure most people don't realise how much aggregated info on them is out there, and if privacy laws are being violated, then the perpetrators need to be called to task.

From what I understand, consumer protection with regards to buying retail products is stronger here than in America, but the consequence of this is that goods are usually more expensive here as a result. Again, meh, I don't know which I prefer, but I do realise the consequence of these laws.

cheers!

0
0
Jamie Jones
Silver badge

Re: Then expect to pay for Facebook

I don't know enough about this case to comment specifically.

However, as already mentioned by previous commentators, existing law takes priority over EULAs, so we are far more protected by default by European consumer laws than you are in corporate-run America.

3
0

A MILLION Chrome users' data was sent to ONE dodgy IP address

Jamie Jones
Silver badge
Happy

Re: What amazes me...

Roger, ..........seriously?

Glad you left tech support - nothing more infuriating than calling when a server is down, and being told the solution is to reboot my computer, but it sounds like you'd have been at home in that environment!

2
0
Jamie Jones
Silver badge
Facepalm

Re: What amazes me...

Roger! You've already been advised to stop digging any further, yet full steam ahead, you continue regardless!

Reread the comments you are replying too. They explain it clearly (Hint: off screen)

"Really? At the risk of feeding the trolls, you're dead wrong. On every windoze machine I've used, hitting print screen captures what's on the screen as a bitmap rendering to the clipboard. Using, for example, paint shop pro, in the past I have successfully produced a new image (ctrl+v) showing that very rendering. All I had to do then was crop the resulting bitmap image to my satisfaction, and presto, one screencap. I encourage you to try it for yourself."

This thing grabs the webpage, not the screen. This doesn't just save cropping - it means that if a webpage is so big as to require scrolling, you don't need to take screenshot, scroll down, take next screenshot, scroll down, take next screenshot etc.etc. and then finally crop and merge the whole collection of images.

"Your slice of humble pie is on the shelf by the door."

*cough*

3
0

Microsoft drops Do Not Track default from Internet Explorer

Jamie Jones
Silver badge
Thumb Up

Re: No

"I'd trust any server-side DNT as much as I would a Welshman at a sheepfarm

Says a Mr Jones. Care to share something with us?"

Yep, Welsh born and bred with a passionate hatred of restraining orders! :)

0
0
Jamie Jones
Silver badge

A company can advertise and receive revenue from impressions and clickthroughs without tracking a user across multiple sites.

DO NOT TRACK != DO NOT ADVERTISE

4
0
Jamie Jones
Silver badge

Re: No

Ouch! A bit(!) harsh on poor Doug who actually made a good point - without legislation, no company is going to honour a DNT setting if it defaults to on. - it's going to be hard enough as it is when it defaults to unset!

I'm all for privacy, hate tracking, and I'm sure Doug does too - that doesn't mean he's incorrect.

As an aside, I'd trust any server-side DNT as much as I would a Welshman at a sheepfarm - legalized or not.. The worst offenders will be those dodgy ones with no care for the law...

2
2

Dot-com intimidation forces Indiana to undo hated anti-gay law

Jamie Jones
Silver badge

Re: It's called freedom, folks

"Christian family who have the right to their own brand of religious beliefs. Anyone crying about discrimination is being an ass."

No.

Religion is what these dumb morons use as an excuse for their biggoted discrimination.

What if someone said their religion meant they disapproved of anyone without blonde hair and blue eyes? Or what if it meant they disapproved of blacks?

Or when you talk about freedom to hold religious beliefs, I assume we need to add "as long as they are Christian"?

Yes, religion is an excuse for biggots. Did you see that flourist interviewed on CNN who said she would not serve gays because of her Christian beliefs? Yet when pressed, she would serve adulterers (even though that is one of the 10 commandments, whilst homophobia isn't) explaining it away as a "different kind of sin"

So.... Biblical scholar able to prove her gods written words are incorrect, or arrogant person who is even more all-knowing than her god, or cherry-picking homophobic closeminded dumb arse?

CNN video link: Why one Georgia florist won't serve gay couples: https://youtu.be/ZJTtENk2dMk

1
0

Are you sure there are servers in this cold, dark basement?

Jamie Jones
Silver badge
Headmaster

"So your not bitter? get over it"

His not bitter what?

10
0

Chelsea Manning sets up low-tech Twitter account from prison

Jamie Jones
Silver badge
Facepalm

Re: health care costs

"Easy, @skeptical i, you're missing the point, and your anti-Americanism isn't doing your mental health any favors."

Did you even read his/her post? He/she *is* American, and never wrote anything that could be considered anti-American.

Anyway, both of you transphobics are missing the point. How about putting the blame on the endless billions spent on your war machine in the first place? Or the corrupt health system that overcharges for everything, and the corrupt insurance companies, and the practice of companies buying politicians.

There are far more deserved cases to critiscise for reducing your social welfare funds.

26
2

Silicon Valley gets its first 1Gbps home bro– oh, there's a big catch

Jamie Jones
Silver badge
WTF?

Cupertino is the real name?

I always thought it was an El-Reg pun

0
0

Bye bye, booth babes. IT security catwalk RSA nixes sexy outfits

Jamie Jones
Silver badge

Re: Topics like these...

" By all means have attractive women AND men at such events (it's sales after all) but I too agree that woman shouldn't have to dress like strippers/sci-fi hookers/Anime peado fantasy schoolgirls, just to sell tech products."

I think it's depressingly sad that 'Booth Babes' can improve the sales of security tech, and despair at the caveman comments you sometimes hear.

But banning? That's not fixing the problem, just burying it under the carpet.

Wouldn't it be nice to see a successful "babeless" stall where they emphasise their product is so good, it doesn't need marketing gimmicks?

And the people who choose to do these jobs are not forced to - it's ironic how many posters here playing the sexism card are assuming these women are brainless bimbos...

3
0
Jamie Jones
Silver badge
Happy

Re: Context, context....

" I've met men who wear shorts all year round (and no, they don't live in sun drenched climates)"

I live on the sun drenched coast of errr. South Wales, and the last time I didn't wear shorts was to a funeral 5 years ago.

Mind you, this is a place where in winter, you see queues outside ice-cream shops rather than coffee shops (Joes Icecream FTW! )

You always get some comments in winter, whilst someone wearing an above-knee skirt doesn't.

As for when it's cold (especially windy) , I can be colder on my chest, wearing t-shirt and jumper than my legs.

2
0

BT Home Hub SIP backdoor blunder blamed for VoIP fraud

Jamie Jones
Silver badge

Re: Whats the point of home SIP anyway?

"

"Which is pretty lame on ElReg, I think you will agree.""

No, I wouldn't actually. Do you buy a car from a garage or build one from a kit each time you get one? Right. Same thing. Different people have different interests. Deal."

His point was that ElReg is a techie site. The analogy regarding a car would apply if the comment was written on a kit-car enthusiasts website, thus showing it's actually not as stupid as you make out.

2
1
Jamie Jones
Silver badge
Devil

Re: SBC?

"The fact that article indicated that they were running on a telephone system called FreePBX isin't a giveaway that they wanted to do the job on the cheap?"

Those who have ever used FreeBSD would strongly disagree.

2
0

AT&T, Verizon and telco pals file lawsuit to KILL net neutrality FOREVER

Jamie Jones
Silver badge

Re: In the words of Chris Rock from Lethal Weapon 4

Um... He's dead.

0
0
Jamie Jones
Silver badge
Unhappy

Re: The GOP has started already

"Matt Wood, policy director at advocacy warrior group Free Press told the Washington Post: "These companies have threatened all along to sue over the FCC's decision, even though that decision is supported by millions of people and absolutely essential for our economy. Apparently some of them couldn't wait to make good on that threat."

A statement like that only make sense in a country where the government is for the corporations, and not for the people.

0
0

Apple Safari update BORKED private browsing

Jamie Jones
Silver badge

Re: surprised?

I've got off my arse and done something about it.

Updates for those who are interested are here: http://forums.theregister.co.uk/forum/containing/2471257

0
0
Jamie Jones
Silver badge

Re: surprised?

I purposely didn't list them because I haven't reported them yet...

However, whilst I suspect it's an unlucky coincidence, those 2 were the only 2 I've checked, leading me to conclude that 'private browsing' mode isn't really taken seriously as an option, so didn't consider it all that important.

Based on this article, it seems I was wrong...

0
1
Jamie Jones
Silver badge
Mushroom

surprised?

At least 2 current and popular Android browsers do the same thing.

Never rely on 'private browsing mode'!

If you really need to do something less traceable, use something from a trusted group that specialises in this area, not some browser afterthought written by Johnny 9-5 employee.

0
1

Browsers which leak data in incognito mode.

Jamie Jones
Silver badge

Browsers which leak data in incognito mode.

In the comment section of article http://www.theregister.co.uk/2015/03/18/apple_safari_update_borked_private_browsing/, I mentioned that the Android browsers I've checked store all sorts of stuff whilst in "private/incognito browsing mode", but wouldn't name them, as I hadn't reported it (http://forums.theregister.co.uk/forum/containing/2467909)

Being downvoted, presumably for not reporting it, or for suspected bull pooh, has prompted me to get off my arse and do it. I'll post updates in this thread.

In the meantime, hss anyone else noticed anything similar? I never saw private browsing mode as more than a gimmick that doesn't do much more than update your viewable history, but apparently it's taken seriously...

0
0

Dear departed Internet Explorer, how I will miss you ... NOT

Jamie Jones
Silver badge

Re: We at least we had just one MS standard browser

" We at least we had just one MS standard browser"

Hmmmm. MSIE 6, MSIE 8,9, 10 ...

0
0
Jamie Jones
Silver badge
Happy

Re: surely there was a reason that IE became so popular?

" Wow, didn't mean to start a shit storm. I wasn't looking to offend anyone."

By using the "word" 'sheeple' you instantly made everyone reading your post think of commentard Matt Bryant.

It could only go downhill from there...

9
0

Man hauled before beak for using drone to film Premiership matches

Jamie Jones
Silver badge
Joke

Re: Not dangerous, Actually need *less* restriction and less paranoia

" My small 250 machine will happily hit around 50 mph and my fat bird is a bit slower (but much heavier)"

Don't let her hear you calling her that!

0
0
Jamie Jones
Silver badge
Boffin

Re: Not dangerous, Actually need *less* restriction and less paranoia

" I have flown a typical consumer drone into myself at speed to demonstrate how safe they are. The scratches were not any worse than falling into a thorny bush."

You, of course,, repeated this scientific experiment with your 3 year old child / arthritic grandmother / heavily pregnant wife as test subjects?

1
0
Jamie Jones
Silver badge

Re: cool music - can anyone identify it ??

I don't know, but if you like this sort of stuff, check out the earlier stuff from Mortiis

1
0

Zombie SCO shuffles back into court seeking IBM Linux cash

Jamie Jones
Silver badge
Dead Vulture

"It's a shame El Reg took away the grave stone icon."

You mean this one? ----------------------------->

*grin*

1
0

We need copyright reform so Belgians can watch cricket, says MEP

Jamie Jones
Silver badge
Happy

Re: Do not

" do not watch any sport on TV, sport is for doing, not watching)"

"Sport is not a spectator Sport" - Jamie Landeg-Jones, 2007.

0
0

Is the DNS' security protocol a waste of everyone's time and money?

Jamie Jones
Silver badge
Thumb Up

Re: DNS Sec isn't the problem

" I am not an expert in networking, however as I understand it, unless I set my recursive DNS server to generate my own cache of queries by using the primary authoritative sources for every request, then at some point I have to trust the information coming to me via intermediaries is legitimate."

That's correct, and that's what I meant - priming your server from the root servers rather than forwarding to other recursive nameservers.

You don't then have to care what state your ISPs servers are in.

Also, caching works at all levels of the lookup, so it's not as if you're constantly traversing from root.

(e.g. after the first lookup of blah.co.uk, your local server will remember where to go next time it wants to resolve a .co.uk address.)

[ If you are really anal, you could slave/download the root zone locally anyway! ]

Speedwise? If your ISPs nameserver doesn't already have a cached entry, it has to do the same thing your server would do directly.

Even if it is cached, a few extra milliseconds *once* per site won't be noticeable, and even that assumes your ISPs server isn't slightly delayed by all the other people using it.

"After all, the major peering networks need to have this information, and they have lots of people employed to ensure that it is correct. At the end of the day the situation always comes down to the cost/benefits of who should you trust."

I doubt ANY peering uses DNS!

But anyway, for a techie who knows what they are doing (I.e. I wouldn't expect this of grandma), doing this saves time, as you are reducing the number of points of failure, and ensuring your results haven't been altered (of course, this is assuming we are just talking about server operators altering results rather than hacking)

"What I object to in my example above is the unadvertised corruption of the DNS information being passed on to me by sources that are marketed as "trustworthy". My ISP diverting traffic to its own services is one thing - that is expected, and I can bypass it by specifying an external DNS source. Google DNS or OpenDNS diverting my traffic back to my ISP instead of to the public internet or to their own services is quite another. Especially since OpenDNS markets

itself as a trusted independent supplier of DNS information, yet has clearly entered into commercial agreements with ISPs to support their traffic management."

I agree with you in principle, but I fear you may have things a bit confused:

Firstly, 'ISP diverting to it's own service' .... NOOOO! Why would that be OK? Not unless ordered to by a court.

Secondly, 'Google or OpenDNS diverting...' should also be a no-no, but..... :

Basically the resolver shouldn't alter the result at all, but return the same you would get if resolving directly.

However, are you sure this is happening? What you describe is how CDN systems work - if the site concerned has a caching proxy within your ISP, then it's DNS itself will return the address of your local ISPs server - this has nothing to do with third-party manipulation.

(Apologies if I'm not too clear.... It's hard to concentrate as I've finally got fed up of my constantly noisy neighbour, and decided to drown out her shit with very loud bass-heavy happy hardcore.... Passive-agressive? moi?)

3
0
Jamie Jones
Silver badge

www != internet

" There are better DNS security proposals circulating already," he argued. "They tend to start at the browser and work their way back to the roots. Support those proposals, and keep DNSSEC code off your servers.""

DNS is used for more than web sites.

Also, whilst he makes some valid points (root chain-of-trust and out-of-date crypto), DNSSEC is not fundamentally broken.

The legitimate people who have problems with it are generally trying to do something 'sneaky' that DNSSEC is designed to stop (as it's similar to what the bad player do.) However, people like Google have proved these problems can be resolved.

I don't know.... Calls to 'abandon DNSSEC' remind me of the calls by those that don't understand IPv6 to abandon that too.

And in an age where technological implementations are dictated by bean-counters, and not the techies, speed/success of deployment means bugger-all.... How many times have long resolved security issues raised their ugly head just because 'management' wouldn't budget the fixes?

7
1
Jamie Jones
Silver badge

Re: DNS Sec isn't the problem

Why not cut out the middleman completely and use your own recursive resolver?

3
1

Google adds evil-code scanning to Play Store

Jamie Jones
Silver badge
Joke

Re: billions?

I was one of the many who spent a billion last year...

0
0

Well.That.Sucks: New rude dot-word sparks outrage

Jamie Jones
Silver badge

Re: No-one here is surprised...

No. This isn't about pseudo top level domains, but the way hostnames can be represented dotless within their local domain.

Using the "domain" or "search" commands within /etc/resolv.conf to add the domain name automatically to dotless host names is a well established mechanism, and has been the default on UNIX systems since forever.

From resolv.conf(5):

domain

  • Local domain name. Most queries for names within this domain can use short names relative to the local domain. If no domain entry is present, the domain is determined from the local host name returned by gethostname(3); the domain part is taken to be everything after the first ‘.’. Finally, if the host name does not contain a domain part, the root domain is assumed.

search

  • Search list for host-name lookup. The search list is normally determined from the local domain name; by default, it contains only the local domain name. This may be changed by listing the desired domain search path following the search keyword with spaces or tabs separating the names. Most resolver queries will be attempted using each component of the search path in turn until a match is found. Note that this process may be slow and will generate a lot of network traffic if the servers for the listed domains are not local, and that queries will time out if no server is available for one of the domains.

The issue isn't so much the new domains as such, more the practice of allowing dotless domains (I.e. the top level) resolve A/AAAA/MX records.

A study was done, and it was determined that this shouldn't happen. However, ICANN rejected that proposal.

Paul Vixie on the subject: http://www.circleid.com/posts/20110620_domain_names_without_dots/

And here is the SSAC recommendation

Also see: http://www.ipmirror.com/news/updates/icann-new-gtlds-status

0
0

Forums