* Posts by Bronek Kozicki

1223 posts • joined 6 Sep 2007

Page:

FREAK show: Apple and Android SSL WIDE OPEN to snoopers

Bronek Kozicki
Bronze badge

Re: There is one use for EXPORT in OpenSSL though

hah good point - cannot check whether "hack my users, please" is disabled, without a tool to actually request this protocol.

1
0
Bronek Kozicki
Bronze badge
Mushroom

keyword: either

One thing that hit me was this "... and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204"

Basically, one of the decisions taken by OpenSSL developers was (and still is) "do not remove compatibility features", thus we can still see bits of code specifically for platforms such as VMS or Win16 - even though OpenSSL has not been tested on those for a very, very long time. It also implements full support for weak encryption such as RSA_EXPORT. Hilariously OpenSSL even implements certificate check to fail the connection if stronger encryption than 512bit was employed on RSA_EXPORT session (look for SSL_alert_type_string).

Why do I point it out? Because vulnerability to degrade connection to insecure RSA_EXPORT would not happen, if OpenSSL did not keep such insecure implementation in the first place. But of course, it would go against philosophy of key developers. Which is why alternative libraries such as LibreSSL are so important.

4
2

How does a global corporation switch to IP Voice?

Bronek Kozicki
Bronze badge

idea for another article

... how (and why) migrate home number from PSTN to SIP. Although honestly, that would be just setup instruction of base station or phone, and perhaps SIP server. However, positives (and negatives) for home user of such a move might be worth discussion.

1
0

CONFIRMED: Tiny Windows Server is on the way

Bronek Kozicki
Bronze badge

Re: Did no one else notice the trend

"install time utility to allow Intel binary to run on ARM"

why the heck would Microsoft want to do that? Microsoft provides compilers to build native ARM binaries, there is no need to run x86 binaries on ARM.

Given that Windows Server already runs on Intel Atom, next logical step could be making Windows Server (*small business and home office edition) available under ARM based NAS devices. Will they actually do that? No bloody idea, but it appears (to me) to have business sense.

3
0

Apple Pay a haven for 'rampant' credit card fraud, say experts

Bronek Kozicki
Bronze badge

Re: Yawn...

And how exactly that would protect you?

0
1

Pebble Time Steel ready in May. Plus: Now you can strap on sensors, GPS ... Geiger counter

Bronek Kozicki
Bronze badge

Re: "We apologize, but it looks like something's gone wrong"

Just placed my order pledge, Kickstarted is back to its snappy self now.

0
0
Bronek Kozicki
Bronze badge

Re: "We apologize, but it looks like something's gone wrong"

exactly the same problem; can only conclude that kickstarted has been slashdotted ;)

0
0

Nokia boss smashes net neutrality activists

Bronek Kozicki
Bronze badge
Unhappy

I'm very tempted ...

... to comment along the lines "sigh, another clueless moron"

However, not knowing what is it that FCC eventually voted, it's rather difficult to argue that technical reasons for packet prioritisation such as QoS remain lawful. Unless someone can back this up for me?

4
1

BlackBerry gets flirty with QWERTY IP, launches $275 Leap

Bronek Kozicki
Bronze badge
WTF?

Classic is marred by the slow speed of the old processor

Wait, what? I never noticed that. Perhaps I run too few Android apps.

6
0

Have it all: BlackBerry to port crown jewels to iPhone, Android

Bronek Kozicki
Bronze badge

Re: What about...

All modern BB10 devices run Android apps natively ...

0
0
Bronek Kozicki
Bronze badge

Re: About Time!!!

I love my BB classic both because of its physical keyboard (can't stand touch ones) and because it's software works very well for what I'm using it (messaging mostly, plus few less intrusive apps)

0
0

Microsoft opens kimono on Windows 10 Universal App Platform

Bronek Kozicki
Bronze badge

I like the direction

Legacy Win32 GUI APIs are pain to use, even when "nicely" packed in MFC. Furthermore they lock the application to Win32 desktop only, which does not work in Microsoft favour. It is good to see Microsoft working hard to free itself of this legacy. I hope they will also improve API capabilities of WinRT to make a better alternative to Win32, than it was in Windows 8.

Of course there will be lots of bitching from developers. Let them complain, Win32 and WPF are not going away and "Windows 8" development platform based on XAML and WinRT was in serious need of improvement.

3
2

Tulsa woman bludgeons man mercilessly with laptop

Bronek Kozicki
Bronze badge
Trollface

Re: He is still alive

"dangerous weapon"

Must have been a Lenovo Yoga

2
0

Acer enters Windows Phone fray with cheap Liquid M220 mobe

Bronek Kozicki
Bronze badge
Coat

Re: Entry level indeed

Some configurations will support a Micro SD card, and others dual SIM

2
0

Syneto: Behold, blockheads – an all-flash array... based on ZFS

Bronek Kozicki
Bronze badge

@iOS6 user

thanks I wasn't aware that kvm has been ported to illumos . Does it also support vfio (i.e. device passthrough)?

0
0
Bronek Kozicki
Bronze badge

Perhaps they stuffed it with one or two TB of RAM. That would allow for a pretty large number of VM guests alongside with ZFS deduplication

In reality what I suspect is going on, they give client a switch to turn deduplication on, with a large warning on it "use only if you have this-and-this much ECC RAM installed"

Also this is very unlikely to be OpenSolaris derived work and much more likely is ZFS on Linux, because you cannot run "KVM hypervisor" they seem to advertise outside of Linux kernel

0
2
Bronek Kozicki
Bronze badge

err, what?

"hosted VMware VMs" which are apparently being run on "KVM hypervisor"? So which hypervisor is it?

0
0

EFF fears crims are getting smart to Superfish SSL flaws

Bronek Kozicki
Bronze badge

Re: Who's laws would they be breaking?

@An0n

I'm pretty sure I wrote "require consent of all parties". Whatever the owner of Lenovo laptop agreed to, the other side (e.g. bank, journal or a blog) did not, since T&C were meant for laptop owner only and other party was were never presented with it.

0
0
Bronek Kozicki
Bronze badge
Windows

Re: Who's laws would they be breaking?

Some think that they broke wiretapping laws, at least in some states in the US. E.g. in California, wiretapping laws require consent of all parties, and there is no way a website (either journal, blog or banking) would agree to what Superfish was doing. It is arguable (likely, before the jury) whether wiretapping laws which were created for phone conversations, should also apply to HTTPS connections, but still. Certain laws might have been broken, and we are likely to hear more about it in the future.

And there is also question of consumer protection and privacy laws, while weak in US they are actually much stronger in Europe where Lenovo has been doing exactly same thing.

A picture chosen to represent Lenovo's view of its consumers customers.

3
0

And the buggiest OS provider award goes to ... APPLE?

Bronek Kozicki
Bronze badge
Coat

OSX and Linux

more buggy than Windows? that will ruffle some feathers.

2
0

BT fixes home hub drop-out glitch ONE YEAR after denying flaw existed

Bronek Kozicki
Bronze badge

Re: Wow BT is getting faster at responding to user problems

"regular" FTTC is capped by BT at 40Mbps, you might want to fork for "premium" to fully utilize the bandwidth. No idea what's the market-speak at BT for this option.

However, instead I suggest that you simply switch to an ISP who is honest about this 40Mbs cap, see here http://www.aa.net.uk/broadband-premium.html. Yes, you still need to pay extra to have the cap removed, since it applies to BT wholesale.

0
0

SSL-busting adware: US cyber-plod open fire on Comodo's PrivDog

Bronek Kozicki
Bronze badge

Re: Irrespective of any MITM issues

money, money, money ... makes the world go round.

Software companies sell your security and privacy for few bucks more from the advertisers.

4
0

Wake up! BlackBerry QUIETLY updates BB10

Bronek Kozicki
Bronze badge

Re: The Blackberry Classic...

Ditto.

My wife has Sony Z3 Compact - hardware close to perfection, very light and amazing battery live. However every time I do something on my BB Classic she mentions "it's so simple on your phone, I wish I could do that".

1
0

I'm the wire starter: ARM, IBM tout plug 'n' play Internet of Stuff kit

Bronek Kozicki
Bronze badge
Linux

embed OS is not exclusively tied to Big Blue's cloud

I take this means I could run my own cloud, i.e. server side at home, by installing and configuring some open source package on my Linux machine? Asking because that is the only way I would use such a thing

2
0

Debian on track to prove binaries' origins

Bronek Kozicki
Bronze badge

Re: I don't think this is what it is all about

My thinking exactly. If you need to have exactly reproducible setup, build from sources yourself (in case of Debian, IIUC that involves dpkg-dev ) and maintain your own repository, otherwise such guarantees are rather pointless

0
0

Man the HARPOONS: YOU can EASILY SLAY ad-scumware Superfish

Bronek Kozicki
Bronze badge
Coat

Optional

Wow, this guy is truly clueless. Or malicious liar. Or both.

8
0

So long, Lenovo, and no thanks for all the super-creepy Superfish

Bronek Kozicki
Bronze badge

Re: @Iain Thomson

I have 10yo Toshiba Portege, a very nice machine running Mint and new SSD with PATA interface. Agreed, it's a very nice way to revitalize an old machine, if only the screen was better.

2
0

Lenovo shipped lappies with man-in-the-middle ad/mal/bloatware

Bronek Kozicki
Bronze badge

Re: First Direct

Do not forget to also uninstall their root certificate.

5
0
Bronek Kozicki
Bronze badge

a different look

I wonder, perhaps Bank Of America will be willing to sue pants off "Superfish Inc" for violation of its trademark.

4
0
Bronek Kozicki
Bronze badge

Re: Kill the root certificate

Technically, there is nothing "malicious" about any root certificate no matter what's inside. Root certificate silently enables trust relationship between location where certificate is installed and a party with private key to the certificate in question. It is how this trust relationship can be (ab)used which can be malicious, and not only because the certificate is issued by a corrupted party but also possibly because it's been compromised. So yeah, the more root certificates you have the more exposed you are :(

1
1
Bronek Kozicki
Bronze badge

Re: Very effective program

I was reading the very same review yesterday and even checked lenovo prices of the kit ... it was tempting, very.

It would be good to see criminal investigation into hacking of customers computers but I have doubts that this will happen :(

6
0

Thecus N4310 4-bay: A NAS-ty beast for the budget-conscious

Bronek Kozicki
Bronze badge

Re: This or HP MicroServer

FreeNAS makes no sense (or worse, will corrupt your data, due to way ZFS cache works) without fair amount of ECC memory. Few old desktops support this.

EDIT: Looking at HP website I do not see MicroServer supporting ECC memory either HP MicroServer seems to support ECC memory, from

The server supports dual-rank, PC3-10600E/PC3-12800E (DDR3 ECC) DIMMs operating at 1333 MHz or 1600 MHz speed.

.. now very tempted to build a FreeNAS myself :)

0
1

Interstellar sci-fi WORMS its way into spinning black hole science FACT

Bronek Kozicki
Bronze badge

Re: Can't be right

Yes but that would only happen if blackhole was actually surrounded by matter to devour. It is indeed expected that some blackholes are in the center of galaxies (or other dense objects) where there is matter in proximity which would create messy ring around the blackhole (accretion disk caused by drag from the rotation of blackhole), but it is also expected that there will be some blackholes with very little matter left around to be sucked. These will look just as pictured.

0
0

DDN purrs, rubs itself around Big Blue's legs, snuggles up to POWER

Bronek Kozicki
Bronze badge

it will be good to see

.... POWER8 getting some traction. It's a very nice architecture and it does seem like a good competition to top-shelf Xeons.

2
0
Bronek Kozicki
Bronze badge

fastest growth areas ...

"... financial services, oil and gas"

Someone missed the news from last few months - oil and gas are not a growth area at this moment, in fact there are redundancies in the whole sector, and consolidation is widely expected.

0
0

Gullible Apple users targeted by bogus order cancellation scam

Bronek Kozicki
Bronze badge
Thumb Down

Dear El Reg

If you are going to make news on every type of scam, I will be happy to forward to you every such email I receive. I assure, some of them are pretty imaginative.

Trouble is, if you focus on this kind of "news", you might not have space for actual news. So, next time please do feel free to ignore "press release" from Sophos etc.

2
3

Europe just flew titchy reusable SPACEPLANE IXV around the planet

Bronek Kozicki
Bronze badge
Coat

Re: Interesting definition of rudders

With enough speed, even a bathtub would have good lift, and that thing was very fast indeed.

Just saying.

0
0

Linux kernel set to get live patching in release 3.20

Bronek Kozicki
Bronze badge

Re: @Ragequit

Hey @jake, are you watching over Linus's shoulder, as he's typing alleged "... and won't be anytime soon"? Because no reply to Jiri's message is seen on LKML list, at this moment.

2
1

ARM grabs Dutch 'SSL of Things' biz Offspark

Bronek Kozicki
Bronze badge

Re: Not too happy about this :/

There is no need to implement cryptography inside the chip; hardware acceleration for cryptographic primitives will be sufficient.

0
0
Bronek Kozicki
Bronze badge

Smart

without some security, IoT is not viable. They know and are not going to leave it to accident.

0
0

Robot vacuum cleaner EATS WOMAN

Bronek Kozicki
Bronze badge

There's no indication ...

... the vacuum was doing anything other than obeying its programming, so let's not see this as the start of a robot uprising

that's what they want you to believe.

2
0

Microsoft: Your Linux Docker containers are now OURS to command

Bronek Kozicki
Bronze badge

err ... whut?

"ASP.Net 5 for Linux, the forthcoming version of its open source web app dev platform"

did I read this right?

0
0

SoShabby GoDaddy flings patch at domain hijack hole

Bronek Kozicki
Bronze badge

This sums it up

"the company said there was no timeline for a fix."

Yup, heard that before

3
0

Go Canada: Now ILLEGAL to auto-update software without 'consent'

Bronek Kozicki
Bronze badge
Pint

Re: Not bad

Yay! Does that mean that Canadian ISPs are now explicitly permitted to install antivirus/antispam/other security measures on computers of their customers without consent when they happen to damage their network (I mean zombie PCs, of course) ?!

I will drink to that!

1
1

Professor's BEAGLE lost for 10 years FOUND ON MARS

Bronek Kozicki
Bronze badge
Coat

about 2m 15s into https://www.youtube.com/watch?v=AWen9WZhztU

Clouds on Mars? Ridiculous

0
0

What do UK and Iran have in common? Both want to outlaw encrypted apps

Bronek Kozicki
Bronze badge
Coat

I know nobody will read after 3rd page of comments ...

.... but the statistic on the number of comments matter as well.

Anyway here goes - this is so bloody stupid that words fail me.

2
0

Microsoft thinks of the children with VS2013 Git release

Bronek Kozicki
Bronze badge

Nice

Was just looking for something to replace my old and dusted VS 2010 . Which was dusted because I jumped to programming under gcc on Linux long time ago . And plan to stay there, but one of the points of portable software is that it also builds on Windows ...

0
0

QWERTY-tastic BlackBerry Classic actually a classic

Bronek Kozicki
Bronze badge

I have one

Pre-ordered directly from Blackberry by end of November, delivered just on time for Christmas. It's a very nice device, good upgrade from my battered 9900. Battery very good, if one bothers to:

- configure location services off when in bedside mode (by default they are always on, which is silly)

- switch bedside mode when going to, well, bed.

I had over 30% battery left by the end of second day - I suppose it would also last 3rd. Also it works well with plain Exchange server without the need for extra Blackberry server software. I bought an Exchange account from an ISP and it feels like using a company's blackberry - except that I own the services here :)

Apart from that, I side-loaded Snap right on the first day and am using few of my favourite Android apps which I bought/downloaded earlier for a tablet and which are not currently available on Amazon AppStore. They work well - nicest thing is using all these apps (native and Android ones) with the same keyboard I got used to with 9900 :)

2
0

Sucker for punishment? Join Sony's security team

Bronek Kozicki
Bronze badge

that's what I call

... challenging work conditions.

2
0

Boffins cure BONING PROBLEMS in 'virtual lab'

Bronek Kozicki
Bronze badge
Joke

"scientists used the power of two supercomputers"

but WHICH power of two? there is huge difference between 2^1 and 2^10 supercomputers!

17
0

Page:

Forums