1374 posts • joined 14 Jun 2007
Re: That was ironic. Right?
Lol, NomNomNom, is the regular El Reg commentard teaser (I don't use the word 'troll' as Nomey is cleverer and more amusing, not simply being provocative)
@Vic: Re: so every new domain/user generates another server farm, eh?
Haha, you beat me to it. Don't use just love it when a poster takes on an obnoxious and condescending tone when 'correcting' someone with a reply that is full of bollocks?
I'm disappointed you didn't comment on this gem though: " generally through a MX record"
Re: Another possibility:
Ahhh, memories of the anguish when finally having to start quoting my domain backwards for email etc.
My uk.ac.lut uk.ac.ed and uk.ac.cf addresses actually meant something..
Eek. Just realised I've fallen into another concept no longer with us: short/long form domains.
I should have written the above as:
uk.ac.loughborough, uk.ac.edinburgh and uk.ac.cardiff
It was the threat of a sarcastic comment...
It's obvious that it was the threat of a sarcastic comment that got you to issue this apology and correction..
Them be fightin' words!
... depends upon how much you trust the TV makers (through either intentional maneuvering or buggy code)
If I had a home network I considered secure, I'd sandbox/firewall any foreign device that uses it. If it was just a consumer network, then meh - most potential abuses I see are going to be distributed attacks/spamming the internet not the local network. Besides, I use ssh and secure setup on my local lan too!
Re: Driving is not actually that difficult
.....And you try and tell the young people of today that ..... they won't believe you!
Re: "Linux is a hackjob" @MadMike
Great post, Mike.
I just say you're brave - prepare to be downvoted by the large number of linux-cultists on El Reg who will downvote any critisism of GPL/GNU/Linux however accurate and well reasoned it is
Re: That poll is biased and misses the point
He/she said second *option* !
Re: @AC 4 Hrs ago (He is giving a talk about maven)
" Two kids?
Not all that shy, then."
@asdf: Re: yay. Overtime.
" The money would be better spent being sent to the BSD folks to do LibreSSL right IMHO. Theo may come off as dick at times but the guy (and his posse) understands securing code."
I agree on all points
Re: What's the point of having access to the Microsoft 'source code'?
" The test is that the provided code must compile and be binary identical to the publicly available deployed files."
Doh. I'd have realised that if I had a brain...
What's the point of having access to the Microsoft 'source code'?
I mean, in the context of security auditing etc.
It's still MS that releases the binary only distributions that get used - how can a company/government etc. know if they have a sanitised copy?
.... never had a problem with talk talk - always get the full 18Mbs with good latency and no peak traffic jams.
Re: Nice one Lads!
As I understand it, they are to stop sniffing data (which they claim was never their intention anyway) but they do still record MACs
That made me chuckle on a gloomy Wednesday morning...
Re: How does it work for bacon-haters?
The problem with a lot of veggie food, is that some is good, and some just doesn't cut it. And you can't go by brands alone, either.
Linda McCartney pies are perfect. Not so the sausages.
Quorn sausages USED to be perfect, but they've changed.. (Quorn, if as Joe says, you are reading, take note!)
All 'bacon' I've tried has been awful - though I've not tried the Quorn brand.
Best thing in the world? Quorn Cheese and Brocoli Escalopes. I could live off them!
Burgers? Meh, again Quorn used to be good but not so much now. I've just had one of the Quorn quarter pounder burgers, and they are an improvement.
Quorn 'chicken burgers' and 'chicken dippers' are good.
Tescos Kievs aren't too bad either.
Re: How does it work for bacon-haters?
"It's a weird experience, Jamie, but I've been there too."
Thanks! I'm glad I'm not the only weird one :-)
Re: it just smells to me like burning flesh
"Jamie, you wrote that as if it were a bad thing."
I was tempted to reply: "Well, since the explosion at work, I get haunted by the memories. Still, I can't complain - at least I was one of the few to survive."
... But even I'm not that evil! :-)
Re: How does it work for bacon-haters?
I know I'll get downvoted, but..
Before I went veggie, I loved the smell of bacon, and I thought that's what I'd miss most...
However, the smell of it now makes me gag - it just smells to me like burning flesh.
Re: Jamie Jones Oh bugger!
Yeah. replace 'mainly' with 'wildly'. My vocabulary was out of sync with what I meant.
Cheers, Matt ;-)
Re: Jamie Jones Oh bugger!
".....Why the downvote?....." Because you want to pretend Truecrypt and other tools are not also used by terrorists, criminals and the like. And all the stories you hear about Truecrypt are not about innocent businessmen protecting industry secrets or Joe Average using Truecrypt and being victimised by The Man, they are always about criminals using Truecrypt in an attempt to avoid prosecution."
Not at all. I fully agree that they are probably mainly used for dodgy and illegal purposes.
My issue was that *you* keep implying that that is their *only* use.
The problem is, do you ban/break something because terrorists can use them?
Do we ban social gatherings, because terrorists can use them to recruit? Do we track and store the movements of every vehicle because criminals use cars as getaway vehicles? Do we stop selling fertilizer because it can be used to make bombs? etc.
".... It's true you never call..you never text..." Stop it, you'll make Boring Green jealous. He is my flock-designated, rabid, stalker sheep, doncha know."
Sorry, not sure who that is, but I don't want to upset your designated stalker! I'll suffer in silence from now on instead!
P.s. For what it's worth, I didn't downvote you
Re: Jamie Jones Oh bugger!
Hmmmm. weren't they pleased about the audit then?
I'd assumed they'd welcome someone independent validating their work.... Unless they did have something to hide.....
As for my more personal theories, I haven't really given it much thought - I don't use encryption for much, other than ssh sessions, and that's mainly to protect the passwords, not my drivel.
It's funny - I agree with you that most people are overly paranoid that somone wants to read their personal emails. Where we disagree, though, is that I think it's somones right NOT to be spied on without proper due process. I also resent the constant bollocks from governments using the terrorost excuse for this overreach.
Remember the Bush administration? If you disagreed with them on just about any topic, you were a terrorist!
P.s; Why the downvote? It's true you never call..you never text...
Re: Jamie Jones Oh bugger!
"Apologies if you were waiting for me to reply, I was too busy laughing at the sheeple getting in a state over this."
I was getting anxious.... You never phone, you never text.... :-(
But, apology accepted - I'm glad you're in a good mood!
"If you seriously think the NSA did this then you really are beyond delusional, I suggest you consider a few more likely options:"
I hope you are adressing the commentards generally - I don't think that at all, and I though it pretty obvious that Sir Spoon didn't either - even before he posted his clarification followup.
As for your 3 points, you may be surprised (and dissapointed?) to know that I basically agree with you... (Though of course, you had to make the aggreived person a pædo rather than someone who was the victim of corporate espionage, or fraud, or someone who just wants to keep his/her personal life.....errr...personal... You were doing so well up until then [I even overlooked your use of 'sheeple'] - do you write for the Daily Mail per-chance?)
"/Pointing and laughing and ROFLMAO."
I told them at the time that this would happen - but they went ahead and gave you that full length mirror anyway *rimshot*
Still, I'm glad you're having a good time! :-)
Re: Rebuild from source code
cd /usr/ports/security/truecrypt && make install clean
Re: Am I safe?
"Downloaded 7 Apr 2014
fciv "TrueCrypt Setup 7.1a.exe" -sha1
// File Checksum Integrity Verifier version 2.05.
7689d038c76bd1df695d295c026961e50e4a62ea truecrypt setup 7.1a.exe"
No (You are using SHA1!)
*Source validated 10th February 2012 is available*
As per this page ( http://svnweb.freebsd.org/ports/head/security/truecrypt/distinfo?revision=290882&view=markup ) , checked into the FreeBSD ports tree on 10th February 2012:
Revision 290882 - (show annotations) (download)
Fri Feb 10 22:09:24 2012 UTC (2 years, 3 months ago) by zi
File size: 623 byte(s)
SHA256 (TrueCrypt_7.1a_Source.tar.gz) = e6214e911d0bbededba274a2f8f8d7b3f6f6951e20f1c3a598fc7a23af81c8dc
SIZE (TrueCrypt_7.1a_Source.tar.gz) = 1949303
You can easily get a version that passes both the above criteria by googling 'TrueCrypt_7.1a_Source.tar.gz'
Re: Oh bugger!
Sir Spoon, you pinko commie terrorist loving liberal socislist unpatriotic pædo!
"Before the serial NSA apologist gets in to swing, "
*snigger* You know he will be!
I have to agree with Charlie here. The OpenBSD folk are likely to now be the defacto guardians of this codebase, as they are with SSH.
I'm too puzzled by the motives of the Linux folk not getting behind a group with a proven security track record.
In additon to that (dunno why you were voted down, BTW), libreSSL is intended to be an API compatible (even when it pains them to do so) drop in replacement for OpenSSL.
Re: Shock collars?
Well said, anon.
It's the inept who are used to bluffing their way through life that naturally turn to spin and bullshit.
Those who actually have a clue are quite open to admit when there's been a cockup, as their reputation isn't based on smoke and mirrors.
Re: Shock collars? @Bryan
I was going to post this as a new message, but seeing you've posted here, I'll reply instead.
I found your candidness in your reponse, your openess, and your proposal for moving forward very refreshing.
If I was a customer, I'd have found it most reassuring.
Other companies (and politicians!) should note that bullshit and spin and skirting around the issue impresses no-one.
Re: Get in Early
Oh bugger, I've just notice I've slipped into a topic that's 2 weeks old...
How did that happen?
Re: Get in Early
Strangely, *all* drivers must be able to drive, hold a valid license, insurance, and have a safe and roadworthy vehicle.
If not, they are breaking the law, so there is already regulation to deal with that.
It seems that the taxi PR firms pulled a blinder when people keep assuming the opposite to a licensed taxi driver is automatically a mad psychotic maniac driving a death trap.
I regularly take my mum out shopping, and my young nieces and nephews out in the car, but... shock horror! I'm not a licensed cabbie! Oh, the (in)humanity!
Re: Get in Early
Cabby perks.... Who says cabbies don't have power...
In most cities, a large proportion of traffic lanes are only allowed to be used by buses....... and taxis.
We were told to use buses to save the environment, and avoid congestion on our roads. Bus lanes were said to be to promote this way of thinking.
A taxi ride from A to B, and back again uses more fuel than a car journey would. They are *worse* for congestion and polutions than cars, so why do they get to own such a large part of the roads that WE pay for?
-- Yes, I know buses are generally private companies, but there's the 'green' factor, and the fact bus cokpanies have to cover non-profitable routes.
-- Yes, taxi drivers pay tax too, but not enough to warrant their own roads!
Re: smoke and mirrors
"Using TrueCrypt requires you to take a leap of faith that you can trust those anonymous individuals to be creating a quality product. "
Do you know personally the life history of everyone who has written software you use?
Can you name even one person who contributed to the browser you are using now?
I'm not going to be one of these who says "it must be safe, the souce code is available", but the fact is you *can* get it professionally audited if you want - it make no difference if you know the authors name or not.
Besides, don't you think that if it was some goverment project they could have created personas with fake personal cover stories?
I'd sooner trust VISIBLE source from someone anonymous than a binary from someone called 'Frank' - you keep banging on about this issue without anything to substantiate your worries
Re: That says more about increasing OS software bloat than anything else.
"Except that W7 is leaner than Vista (OK that doesn't take much) and W8 is leaner than W7."
.... hence backing up your point earlier! :-)
My point wasn't aimed at anything specifically - just responding to the previous poster by pointing out that if even if basic requirements can't be met on a current baseline system due to 'OS overheads' (his words) then there is still too much bloat.
Fair enough for you to point out that windows is getting leaner, seeing as I wrote 'increasing OS software bloat', but my original intent was to agree with you . Baseline systems these days have more than enough power these days to deal with the basic duties, and if the previous poster finds this isn't true due to OS overheads, then it's the fault of the OS more than the hardware spec.
Sorry I wasn't too clear. Have an upvote !
Re: There is NO tablet ... that can come close to competing with my high-end laptop
"Even for "secretary terminal" work, there is a noticeable difference between using cheap underpowered hardware and decent kit. The fact that many people have meager requirements still doesn't negate the overhead of the OS or the problem of parts that are just crappy (like Intel GPUs)."
That says more about increasing OS software bloat than anything else.
Re: Maybe I'm thick, but
The idea was originally to protect against offline dictionary attacks - in cases where a hacker manages to get hold of the encrypted/hashed password database (just like the recent eBay case), but you are largely correct in that this fact is now largely overlooked by people who seem to think you can throw a few million password attempts at an online system a) without being noticed and b) in a manageable timeframe.
Though bare in mind that any over-zealous incorrect password account suspending setup can itself be a problem, as a malicious person could use it to lock a legitimate user out
Many years ago, I was working for a company that decided we were to run password crackers/scanners on all the 60,000 or so users.(All that effort when the systems generally, and operating procedures were full of more holes than *Insert name of something here that is known to have lots of holes*)
Cue the mountain of support calls this generated, but there was one that really stood out.
It turned out that the guy had moved to another job in another city (but same company). His old account had been set to redirect all email to his new account, and his old account (which had a crackable password) was still live a year later (due to slack support procedures).
I received an email which read:
"How can you tell me my password, '6inches', is easily guessable? Havee you or any of your staff ever slept with me?"
No surprise here..
When I was doing third-line support, a user couldn't believe that I could work on the problem with his account unless he gave me his password.
As for audits and security, I know of someone who once pinched the payroll database by taking the old backup tape that was due to be recycled for the latest backup, and replacing it with a new tape.
Re: Jamie Jones Mark 85 Just the beginning
Matty boy, it's all been said here, by me, and others, and you always choose to ignore it.
As I've said before, I actually agree that a lot of people are overly paranoid that anyone gives a rats arse about their stuff.
However, that's missing the point. If I told you I was going go monitor all your communications to protect everyone from terrorists, then you'd probably be pissed off. So why do you trust 'some random civil servant' over 'some random internet user'?
As you probably expect, I couldn't give a rats arse over your personal shit either, so it's fine for me to rifle through it?
As for 'childish insults', I'll continue on this theme: "You started it". You called me all sorts of things once when I just asked an honest question you assumed to be stupid.
But then, I tend not to troll the innocent, and hide behide a fake name, 'Matt'.
Nope, it's been obvious for quite some time that you are either a troll or a shill. Neither deserves (or can deal with) a constructive response, and when you do get one, you throw personal insults, and act all high and mighty when on the receiving end.
Classic troll/shill/shithead response. You decide.
So, you're right. Just as with religious fundamentalists and people with extreme political views, I've long since given up bothering to have a rational debate with you. It's just pointless.
I'll just continue to ignore your rantings mostly, and throw in the odd 'childish insult' now and then when I see your obsessive use of the unclever non-word 'sheeple' and your failure to grasp the concept of paragraphs.
It's just my way of coping with someone with as much hate as you, who can rarely make a single post without insulting someone, and then plays the poor picked-upon princess when the shoe is on the other foot.
Have a nice day, for a change, 'Matt'. Your bitterness ultimately hurts no-one but you.
Re: Mark 85 Just the beginning
It's ironic how Matt 'terrorists under the bed' Bryant bleats about others being 'paranoid sheeple' when he's the most paranoid here, but so far to the other direction that he's an NSA/GCHQ operatives wet dream
Wouldn't a less drastic solution be to just switch the thing off, or even just uplug its net connection until a full audit can take place?
Additionally, shouldn't they have offline backups of the data?
I'm probably a bit more sympathetic to the situation than Fred is, but he makes a good point, and I don't understand his downvotes..
Re: NSA seal-of-approval
The fallacy with DRM is that the user needs to have the keys to decode the content to view it!
It's irrelevant how secure your crypto is - the goal of DRM is not to protect data in transit, but to deny user-controlled access to the data, which it ultimately can't do.
Re: Don't forget the design
>>"The point is that the way unix (and unix like) systems are designed means that bugs are generally more contained, and therefore typically less destructive.
Windows 'all or nothing' design means that a whole system can be rooted by a malformed PDF, JPG or MP3 etc."
Everyone else has pointed out to you that you can run Windows without a GUI since 2008, so I'll cover the error about thinking GNU/Linux is more secure by design. Like your ignorance about GUIs on Windows, it appears your knowledge here also dates from pre-vista.
Yes, I admit I didn't know that, but as has been pointed out already, that option produces a reduced interface, it doesn't remove the whole GUI system. Also, how do you do remote administration in that environment? Do you still have to remote desktop/vnc etc. ?
Windows vs. UNIX permissions
Windows ACLs are substantially more powerful than standard GNU/Linux permissions. They're also more capable than the ACLs that you can install on GNU/Linux but which no-one does. If your immediate reaction is to disagree, please read the link above to a previous discussion.
Firstly, coming from a VMS background, I agree that standard Unix permissions are not all that powerful. But do you want to compare that to win3.1? Just as relevant.
Secondly, I don't use Linux. I haven't used Linux in over 15 years (apart from the Android tablets), but saying their ACL's are too complicated is as stupid as people saying that all Windows users do everything as Administrator, because the alternative is too complicated.
Thirdly, the article was about bugs in things that already run with full privileges, so banging on about ACLs and file permissions is only vaguely related to the discussion in hand.
But, whatever, the ACLs and capabilities sandbox, along with process 'jailing', on the systems I use are more than adequate.
>>"An extension to that is that I run my servers with everything that is unused stripped from the kernel. I'll never need to use the USB ports, raid controllers, and there is no bluetooth or wi-fi etc."
Yeah, I used to do the same on my home computers. Please do not tell me you are running a professional service on custom-hacked around installs and are out of the distros official packages and updates. What if you leave and your replacement hooks up a SCSI drive or sticks in a USB device and you've removed the modules? What if some kernel update comes down and you don't have the time to start recompiling everything (or do you compile on another machine and copy over binaries?) This cannot be a production machine - please! If I found one of my sysadmins had been manually fiddling around with the kernel of one of our CentOS boxes, I would roast them alive.
I'm pleased you know your limits. Too many people go out of their depth in these matters, and cause more problems.
Of course I run all the production servers on tuned kernels - all competent people do. Attempting to demonise it by calling it 'custom-hacked' is either an attempt to make it look a bad thing, or you really aren't all that knowledgeable on kernel design.
Having only a few hundred thousand users a day, these machines are obviously far less used than Facebook/Google etc., but do you really think they run their systems on generic kernels? Or do you think only these big companies employ people capable of kernel tuning?
As I say, I'm glad you know your limits, and whilst I currently have no responsibility for hiring/firing, I'd be less than pleased if one of my staff had similar shortcomings.
I know not every one has the time organisational luxury to do it, but yes, most of the time I compile from source. There are no binary installed blobs here. And whilst I don't do full compiles on production boxes, it is quite possible to do it at nice +20 without any significant performance impact on live services.
As for new hardware etc., as you've already mentioned yourself (but conveniently seem to forget)...... KERNEL MODULES.
<troll>Typical Microsoft attitude - overcome efficiency shortcomings by throwing more CPU/RAM at the problem</troll>
>>"Can you do that on Windows? Other than maybe remove a few .SYS files, you are basically stuck."
Well you can uninstall any drivers you don't need if you really want to. It's not going to save you any memory or processor load because they're dynamically loaded as needed just the same as kernel modules on Linux. In neither case are they going to be a security vulnerability if they're not being executed so if you're doing this for security reasons on GNU/Linux, then not only do you not understand how Windows works, you don't fully understand how Linux works, either. A security vulnerability in a SCSI module is not going to be an issue if that module is never loaded. And your server isn't going to load that without a reason. The only gain of removing it is reducing the size of your kernel by about forty bytes. (basically you're removing an if clause that contains a call to load module that will never be triggered).
Again, I apologise about windows kernel modules. I really though that there was still a hell of a lot that to remain within the kernel directly, but if you're saying otherwise, I'm not in a position to argue.
And again, not a Linux user. However, the systems I use tend to have a lot of stuff contained within the main kernel at default - it's more efficient that way, and less of a security risk if kernel module loading is disabled, or restricted to console control etc.
There is also no point having something as a kernel module if it always needs to be loaded. You can strip your core kernel of stuff you'll never use, and add stuff you will always use.
Still, this is all largely tangential to the original point that windows machines have been rooted by malicious media files. This wouldn't happen on any sane system.
Do current windows versions still have explorer embedded in the kernel?
I was largely intentionally trolling in my original post (I can't always help it when it comes to windows/linux;apple - they are all easily flammable targets), but it seems my ignorance of Windows systems was my downfall. Still, thanks for replying with so many fallacies and inaccuracies that I don't now feel quite as much of a moron.
Have a nice day!
Re: Don't forget the design
Since Windows 2008 you can run a server without the GUI. It looks your Windows knowledge dates back to 1995."
Oh, they've finally caught up!
Ok, my mistake, and you are right, I fortunately haven't had to deal with windows servers since before 2008, so I take that one back if it's true, though I bet it's more of a 'reduced GUI' than true non-GUI.
The GUI was far too entwined when I last used windows
"I run my servers with everything that is unused stripped ... raid controllers..."
Strange kind of server. with no fault tolerance. Is the one you're running in your bedroom?"
A veiled insult! Nice one!
But no, not at all. Well, actually, yes, to the servers in my house, but I'm referring to the proper commercial servers.
I'd love for you to explain how keeping code for various different different raid controllers that I don't use helps with fault tolerance. I *did* say *unused* stuff, didn't I?
"Can you do that on Windows?"
Sure. You just have to learn how to do that. BTW: drivers are kernel modules in Windows. It looks you have no clue about how Windows is designed and works.
Well, I did mention .SYS files briefly, but yer, I screwed up there too.
Thanks for the reply.This posts icon is directed at me
"And even if Netflix someday works in Firefox, it will NEVER work in any browser running on Linux. I know for a fact that in Linux, audio streamed in a browser running from a website can easily be intercepted, allowing the user a choice about what to do with that audio stream next. You don't even need any special plugin. I'm reasonably sure this is also true for video content. And I'm sure the Netflix folks are well aware of that..."
What you so authoritatively "know for a fact" is obvious and fundamental to anyone who knows anything about OS design. The same goes for any other types of stream or - more generally - all I/O
The concept just seems to be lost on a generation brought up on Windows, and its restrictive obfuscation.
Basically, DRM is a sham - as long as people have control of their computers, they can do what they want, as ultimately, your computer is provided with the tools to unlock the data (otherwise you wouldn't be able to view it!)
Sure, they may try to hide the method, but they are basically saying to your computer: "Here is the encrypted data. Here are the keys to decode it, but don't give them to the human who has 100% control you"
lt's a bit like your neighbour installing the most sophisticated security/alarm/lock system on his house, and telling you you'll never manage to get in, but then handing you the keys so you can feed his cat when he's out of town.
And you can bet your life Netflix and co. know this too - all that matters is that the DRM companies can convince the media companies to buy their snake-oil.
For more detailed analysis and commentary, see this rant by Luke Leighton, in response to the controversy regarding the 'rtmpdump' utility : http://lkcl.net/rtmp/
Re: @ Don Jefe -- Tipping Point
To be fair, they haven't always been so blatently corrupt, and batshit crazy.
Look at some of their old policies and you'll see they used to be far more 'socialist' than the current Democrats!
- Asteroid's SHOCK DINO KILLING SPREE just bad luck - boffins
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
- Stick a 4K in them: Super high-res TVs are DONE
- Review You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad