* Posts by Ben Tasker

1557 posts • joined 23 Oct 2007

Time to ditch the front door key? Nest's new wireless smart lock is surprisingly convenient

Ben Tasker
Silver badge

Re: "It's going to take a pro to get past it"

> I'm going to laugh when in a few years people start having their house robbed due to a security issue with a no longer supported smart lock, and insurance companies deny those claims because they failed to properly secure their house.

Not to mention that there may potentially be a lawsuit against Google pointing out that the information the intruder needed was the top result in a Google Search, and that Google therefore helped the intruder defeat Google's security product.

2
0
Ben Tasker
Silver badge

In previous houses where we've had a Yale, I've found that even that level of effort hasn't been necessary when I locked myself out.

Find long stick and push it through the letter box, getting your arm as far through as possible, then manouevre to find and operate the release on the inside. Obviously much easier if you've got glass in or near the door so you can see, but perfectly possible without too.

Much prefer a good multi-point system, though you do have to break into the habit of remembering to actually lock it. That said, a family member has one where locking is simply a case of pulling the handle up. Seems like the worst of both worlds to me, as you can trivially lock yourself out without a key, or in fact, lock yourself in without a key. Some might view having to put a key in the lock and turn it as an inconvenience, personally I see it as a good sanity check to make sure you've actually got the means to re-enter when leaving

2
0
Ben Tasker
Silver badge

> You can either press the Yale button at the top, or leave it to lock itself. If, for whatever reason, it doesn't lock, it lets you know immediately with big yellow warnings on your phone and an LED on the lock.

That LED, I hope, is on the inside right? Otherwise, your lock is sat there telling anyone passing that it failed to lock after you drove off because you were running late.

> If you are a paranoid or security-conscious person you will have already decided that the idea of a smart lock is a horrible, terrible thing.

I'm not convinced it's a sign of paranoia to point out the flaws with these things. The write-up focuses primarily on usability, and it's seldom the usability that draws the criticism.

> The Nest+Yale lock uses Google's Thread IoT protocol to communicate with its Connect bridge – or its Secure home station if you have that. This is a smart move as it puts a buffer between the lock and the internet. It's going to make hacking the door to open a much harder affair.

Or, potentially, has just increased your attack surface.

Not having it talk directly to the internet is a good move (and one I wish more would follow), but it alone doesn't automatically mean you're now much safer. The bridge/home station is now part of your attack surface, and it might still be possible (somehow) to convince the lock to communicate with the wider world. You could actually be worse off, especially in the wider market where certain manufacturers may well think "it's never going to talk directly to the internet, so don't put any effort/expense into fixing that bug"

It's good the lock works for the author, but they're definitely not for me and likely never will be. There are just too many issues that need to be addressed in the wider world of IoT. One of those issues - manufacturers actually supporting their kit for prolonged periods - is addressable, but is just the very first stage.

Even without that, I'd much rather a multi-point lock.

9
0

Machines learned to assemble IKEA’s semi-disposable furniture

Ben Tasker
Silver badge

Re: I have to say....

Yeah it tends to be the Ikea-wannabe's that I've had issues with.

But that's often not so much the assembly procedure as general product quality. Turning up with missing hinges, or the holes drilled in the wrong place (despite the marks in the correct place still being visible).

IKEA stuff I've never had any issue with

4
0

Europe wants cloud giants to cough up data from anywhere in 6hrs

Ben Tasker
Silver badge

Re: I wonder what happens when they come up against that old chestnut...

> You can see the dress rehearsal for that in Telegram vs Roskomnadzor. 2 years until we have this play centre stage on our scene.

Hopefully, though, our lot will learn the fruitlessness of it from Russia's embarassing act yesterday. Blocking all of AWS' ranges, taking down Roskomnadzor's own site in the process and yet Telegram continue working.

Oh, and for double-bubble points, in the process, they accidentally unblocked all the sites they'd previously blocked.

Ultimately, they made themselves look incapable of enforcing their demands, and all for what was presumably meant to be a show of power.

No way our politicians would see that and repeat it.... never mind, I just realised who we've got in power and who's waiting in the wings. They totally would, wouldn't they

3
0
Ben Tasker
Silver badge

Re: The onward march to the underground!

> yet another "undemocratic action of the Putin authoritarian regime". Every time they have done something - we copy it.

It's a two way street though too.

They tried (and failed miserably) to block Telegram in Russia in the last couple of days, because the wouldn't/couldn't give them access to messages. The UK, the US and the EU were specifically mentioned as examples of countries "normalising" access to this data to make it sound like they weren't being that unreasonable.

There's an echo chamber with some very severe ramifications.

1
0

Whois is dead as Europe hands DNS overlord ICANN its arse

Ben Tasker
Silver badge

Re: I think its fine to not have details public

> You're probably not old enough to remember something called a "phone directory". These were very handy back in the day, you could look up a person's address and phone number in them.

You still can, if they've chosen to have their details published in there. Just like WHOIS will be.

0
0
Ben Tasker
Silver badge

Re: Stating the obvious.....

> Which is why WHOIS exists, which is why organizations can set contact information which is valid for their particular logistical model.

Which they'll still be able to do post GDPR, it just won't be mandatory for individuals to do so.

> The problem is MOST PEOPLE don't know how the fuck the internet works and they don't understand this stuff is critically important. Disabling a system like WHOIS is similar to knocking out the support columns of a large bridge and hoping it doesn't collapse.

Be wary of telling people they know fuck all when you clearly know so little about the subject you're discussing. If WHOIS was turned off tomorrow, everything would keep working.

It's more like publishing the name, address and telephone number of the bloke who built the bridge on a sign under the bridge. Take that sign away and the bridge won't collapse. If there are issues with the bridge, the council (or DFT) still have that blokes details so he can be contacted, just not by every tom, dick and harry that wants to sell print cartridges to him for specious reasons.

4
0
Ben Tasker
Silver badge

Re: Stating the obvious.....

A simple abuse@ address is more than sufficient for contact. Those who'd ignore it are going to ignore your other contact methods too.

Registrars will still hold the details so in serious cases the old bill can get the contact data.

Publicly publishing that information does little to nothing to protect customers.

13
2
Ben Tasker
Silver badge

Re: "willing to make a special exception for ICANN"

> decided everything in its own time and manner, procedures and laws

To be clear it's not just national laws they ignore, it's also their own smegging byelaws and procedures.

I agree, refuse the exemption, point out just how long ago this was flagged (similar requests pre-date GDPR btw) and fine the fuckers so hard they regress back into the reasonable, almost competent entity that they once were.

It's been a long time since ICANN could be described as even near fit for purpose. They've wholly brought this mess on themselves

15
1

Schrems' Facebook case edges closer to ruling over EU-US data flows

Ben Tasker
Silver badge

> Is this even possible now that the US has passed legislation that allows a simple internal US-issued warrant served on a company in the US to force that company to turn over data stored in foreign jurisdictions?

Yes, sort of.

You'd need to make sure that the US arm/parent/whatever did not have the ability (in any way) to access that data for itself. Access to the data would need to be totally reliant on the EU entities co-operation.

The EU entity would refuse (as it'd break EU law) and the US entity would be unable to comply.

But, it'd mean you'd need to be willing to accept whatever penalty the US entity then gets hit with for non-compliance. From what I've seen though, that's still significantly less than the fine you could get under GDPR, so from a pure financial sense it makes more sense to tell the US to fuck off.

> According to the US government, they no longer need to issue an international warrant under their various treaties and get the co-operation of the government of the nation where the data is located.

Yeah that's what they say. It's unlikely to work well for them in most countries though. It's not that different to the Kremlin passing legislation stating that they are now cleared for unescorted access around the Pentagon and that interfering with their passage within the building is a capital offence.

You can pass whatever law you want in your own country, you can even say you're not going to use diplomatic channels. The other side, though, doesn't have to accept it. Where the other side has the ability to punish your middle-man for compliance, it'd be foolhardy to push it too far.

2
0
Ben Tasker
Silver badge

Re: I'm prepared for a whimper

> The recent US law makes it very clear that as long as Facebook US keeps control over the place where the data is stored, they have to cough it up to Uncle Sam whenever he asks.

That's a completely separate issue though.

In the Microsoft case (where the CLOUD act is relevant) I suspect the EU have already started the paperwork to start punitive action should MS Ireland comply with the US's orders.

The US can pass whatever law they like, but no company is going to enjoy the consequences complying once GDPR comes into force.

I'm not sure what the ultimate outcome is going to be, but privacy is one of the areas where the EU tends not to back down. And Europeans in general aren't going to quietly accept having our privacy levels dragged down to match the level afforded in the US market. On the flip-side, the US aren't going to back down and rescind CLOUD either, so my guess would be that there'll be a stand-off for a while where the US demands something and the EU fines the company for complying.

Somewhere in amongst that mess, of course, will be US politicians crying foul when other countries pass similar laws and start demanding data from companies operating in the US.

2
0

Data exfiltrators send info over PCs' power supply cables

Ben Tasker
Silver badge

Re: Meh

I've been in more than a few buildings where the server rooms are heavily secured, but the plant is not (it's just machinery etc, etc....). So access to the plant is undoubtedly a lot easier a good %age of the time.

You do need to get the malware onto your target computer somehow, but that can potentially be done remotely via social engineering or chaining exploits to get RCE.

When you're talking about this level of sophistication, it's not unreasonable to think that your victim's network might already have various systems in place trying to detect (and block/report) the more traditional methods of exfiltration. It might be an inconvenient approach (with plenty of issues), but it is potentially a way around those.

I've certainly worked in places where this research will have been noted and they'll be watching for any developments and discussing whether there are any *easy* mitigations they can put in place (like better securing the plant rooms). Most of those tend to have strong physical security around the site, but the assumption is always that that could be overcome and so should be treated (to some extent) as not being there

5
0
Ben Tasker
Silver badge

Re: Seeing the light

> Totally irrelevant theatre-style security, u prats.

See, I prefer to look at this another way.

There will always be those (whether it's management, customers or someone else) who will insist that it's possible to be 100% secure, and that you absolutely must be. That normally results in a near-unusable service/product because of all the crud that's been added to it to cover edge-cases. Worse, sometimes you find out a customer has been sold an SLA based on the idea you're 100% secure against all vectors.

This and other research like it is just another example you can give for why that could never be possible, and more importantly (from a business standpoint) should never be claimed nor promised.

A few people above have suggested possible solutions for this issue, so what you'd then do (having confirmed they should work) is go and work out the price of implementing - almost certainly so high that those demanding 100% security will refuse to pay the cost.

It doesn't apply to every bit of research done, but it's still useful to have. Plus, obscure things like this (once disclosed) sometimes provide inspiration for someone to find a related approach that's much more practical in the real world. Plus, frankly, some of it is really fucking interesting to work on and tinker with even if there's no direct tangible real-world application to the vector.

8
0

No password? No worries! Two new standards aim to make logins an API experience

Ben Tasker
Silver badge

Re: OpenSSL

> Why can't we have this instead? You could even automate the certificate creation part and there would be no need for any centralized user tracking center.

That's basically what this is, just wrapped up in some sort of hardware token.

In fact, that's basically what your Yubikey or FIDO key is too

2
0
Ben Tasker
Silver badge

Re: So if I understand this correctly?

> So does this mean that if someone mimics the behaviour of the local API and protocol used to communicate with the server, they could fraudulently send bogus authentication messages to the server?

AIUI The server holds a public key for your auth device. The auth device then signs a server-provided nonce with the private key to prove it has control.

That private key might in some way be derived from your gesture or fingerprint, but is more likely to simply be unlocked with it.

So to do what you suggest, the attacker would need to have gained a copy of the private key on your authentication device. If someone lays hands on your private key then it's game over anyway.

I suspect where this will probably fall down in practice though (aside from uptake) is there will inevitably be some crap authenticators hit the market (for example who's fingerprint reader can easily be fooled)

2
0

Twitter API overhaul threatens to seriously shaft apps... again

Ben Tasker
Silver badge

Re: Web?

> If you need an app to duplicate phone access for a website, then the website is developed badly.

I think in Twitter's case you're dead on the mark there - it's developed badly.

One of the things you commonly see people saying "use App x" for lately is a result of a change Twitter have made. If you follow someone and they "Like" something, then it'll likely show up for you marked as "so and so liked".

The person you're following clearly didn't give enough of a fuck about it to re-tweet it, so not quite sure what the logic is that it should appear.

A number of the 3rd party apps allow you to roll that functionality back, where Twitter itself doesn't (at least not without turning off some other, potentially beneficial functionality).

1
0

Sysadmin shut down the wrong server, and with it all European operations

Ben Tasker
Silver badge

> Soldiers take things very literally. Never EVER label anything as "BOOT"

Yeah, to be fair to him he was just having a bad day. He knew more than enough about the systems to have not made that mistake, just wasn't really with it that morning.

Not that that made it any easier to explain up the chain, of course.

13
0
Ben Tasker
Silver badge

I've known more than a few people to do this.

I once told a soldier the portable version of a server was ready to be shut-down and packed up for deployment, he dutifully walked into the server room up to a (very) non-portable 42u rack and shutdown the servers in that. Cue calls to my phone from across Blighty asking why systems were down. Thankfully, they didn't take too long to bring back up, but I did have to explain what had happened to some much higher levels.

That was before the days of mollyguard, but I now make sure it's on everything to help avoid accidents (not sure it'd have helped in that case though)

27
0

Microsoft: Yes, we agree that Irish email dispute is moot... now what's this new warrant about?

Ben Tasker
Silver badge

Re: US legal position

> 3. Is there a limit to what they could be fined? Basically, on a pure buiness costs basis, what makes more sense, breaking GDPR or braking CLOUD?

I would guess, breaking CLOUD makes more sense. If they breach GDPR then there's obviously the whopping fine, but there's another element to it. If they show that they simply cannot abide by GDPR (due to US domestic laws) there's also the loss of business to factor in.

No European business could use theire services for anything which might fall under GDPR without putting themselves at risk. Taken to the extreme, it'd essentially push them out of the European market completely.

19
0
Ben Tasker
Silver badge

Plus, if MS take a while to evaluate the warrant, and then object to some or all of it, it drags the timeline out.

Meaning, GDPR would likely be in force when they complied with the warrant. The only way they could avoid that, would be to comply swiftly and fully, but they've then set a precedent for themselves with any future warrants.

Rock and a hard place I'd say

20
0

Donald Trump jumps on anti-tech bandwagon, gets everything wrong

Ben Tasker
Silver badge

Re: El Reg gets it wrong again

> Amazon is definitely responsible for "putting many thousands of retailers out of business." Ever hear of Toys-R-Us?

Interesting choice of example, since its looking increasingly like the reason Toys-R-Us went under was because of "investors" using it to leverage debt it could never pay for short-term gain. I.e. doing stuff that falls under the cries "let the market regulate itself" whenever any dem... sorry, commie, tries to introduce regulation to try and protect people's livelihood.

Did they have a problem with competition from Amazon? Almost certainly. But I'm gonna go out on a limb here, and say that having your "owners" generate you debt to fund their other investments isn't a good survival tactic for a business.

7
0

Brit cloud slinger iomart goes TITSUP, knackers Virgin Trains, Parentpay

Ben Tasker
Silver badge

Re: customer 1st

They just need to plug in a BTHomeHub, obviously....

6
0

Are you able to read this headline? Then you're not Julian Assange. His broadband is unplugged

Ben Tasker
Silver badge

Re: Simple solution.

Someone replied to Kim Dotcom's original tweet and said that he'd configured his phone as a hotspot. Apparently Julian should look for an SSID of "cupboard boy" and a password of "hahahaha"

Made me laugh, anyway

65
1

How a QR code can fool iOS 11's Camera app into opening evil.com rather than nice.co.uk

Ben Tasker
Silver badge

Or they could do what Android does and display the full URL rather than trying to be a smart-ass and show just the domain.

Course, that's probably considered less user-friendly, but does help to avoid shit like this

21
0

Mozilla's opt-out Firefox DNS privacy test sparks, er, privacy outcry

Ben Tasker
Silver badge

Re: Interesting

> So what happens when the Chromecasts are updated to use DoH, meaning direct requests to Google can't be intercepted without a secure proxy setup

At that point, you're probably left with three choices:

* Accept it and go on with your life

* Get rid of the Chromecast (though over time, the trashpile will grow as more stuff supports it)

* Implement HTTPS interception and find a way to load your CA onto all manner of things

Actually, no. There may be a fourth option.

The DoH implementations I've seen so far use a hostname instead of an IP address for the resolver. That's obviously going to need to be looked up using traditional DNS.

So if the chromecast is using dns.google.com, blackhole that in your DNS and *hopefully* the thing will just fall back to using ordinary DNS as before.

No guarantee it'd work (I haven't tested), but it would certainly be the simplest solution

0
0
Ben Tasker
Silver badge

> As ever the devil is in the detail, but if Mozilla would care to outline how they are implementing this and if this looks like a combination of DNSCrypt / DNSSEC all rolled into one then I personally will be using it,

The answer is in the article.

It's DNS over HTTPS - https://tools.ietf.org/html/draft-hoffman-dns-over-https-01

So you've got on-the-wire encryption (courtesy of HTTPS) to your resolver. The far end, could at it's simplest, be a translation proxy to a traditional DNS server. Read the HTTPS request and send a UDP DNS query.

As far as DNSSEC within DoH goes, AFAIK that's down to the recursor you use. They can validate DNSSEC and include a flag to note that it validated correctly, or they can just not bother. I may be wrong, but I don't think the browser itself currently supports verifying DNSSEC on the returned records

> kudos to Mozilla for leading the way and I would expect Google will follow shortly and do the same with Chrome too.

It doesn't appear to be in Chrome yet, but Google are ahead in the sense that they offer DNSSEC validating recursors over DoH already: https://developers.google.com/speed/public-dns/docs/dns-over-https

0
0
Ben Tasker
Silver badge

Re: Off the top of my head

> I'll recommend using 9.9.9.9 ie Quad9 for DNS instead. They will not respond with a default address on fail which is what should happen and easier to work with.

Whilst this is true, the also (deliberately) do not support the EDNS Client Subnet extension, so if you're planning on making a request to a CDN, you will likely be routed to a node that close to the resolver, rather than one that's close to you. So video streaming may end up sucking (depending on where you're located in relation to the resolver).

They see it as a feature, I see it as a glaring omission. The theory being there are privacy implications in them telling the authoritative that you're part of a given /24 (the last bits are masked in ECS). Which, arguably there is, but when you connect out to that service they'll have your /32 anyway (inserting other prefixes is an exercise left to any readers who actually have IPv6).

1
0
Ben Tasker
Silver badge

Re: Interesting

> I explicitly drop GoogleDNS at my network boundary. Those devices inevitably fall back to my DNS to continue working.

Me too, though with a slight difference (which is why I bothered to comment).

Rather than just dropping them (as you've then got to wait for the client to decide it's timed out before trying the correct DNS), I re-route them via my DNS server which intercepts them and replies on Google's behalf.

That way you don't get the performance penalty of waiting for the client to decide the thing's not responding.

4
1

Brexit in spaaaace! At T-1 year and counting: UK politicos ponder impact

Ben Tasker
Silver badge
Ben Tasker
Silver badge

Mawson later made the point, while waving his phone, that “the right drivers and the right mindset, and the right people in the right room” was the key to “very small things becoming quite big things”.

Lord Mawson sounds like an utter twat to me.

The right minds in the right room could come up with a bright idea, but spacey things tend to cost quite a lot of money. Is our Gov gonna fund development of that idea along with all the other post-Brexit expenditure it's been promising? Seems unlikely to me

52
3

Ugh, of course Germany trounces Blighty for cyber security salaries

Ben Tasker
Silver badge

Re: Well you'd need to compare available income

> Accommodation is horribly expensive in UK - that DE quoted rent & associated costs would be fantastically low to my London mates - and compares to cost in shared flat (yours implied luxury of on your own) in ****hole araes of UK..

400 EUR is currently about £350/month.

When I was younger, I paid just shy of that - £295/mo - to rent a single room in a shared house. So I had a (tiny) room that was mine, and a shared kitchen/bathroom etc.

When I moved out to a small studio flat, it added another £250/mo on top IIRC (and didn't include water, heating etc).

This was in a small town, so it's not even like it's London prices artificially increasing the rate.

That was a fair few years ago too, and rents have only gone up, so agreed, 400EUR a month is cheap as chips.

8
0

Capita screw-ups are the pits! Brit ex-miner pensioners billed for thousands in extra tax

Ben Tasker
Silver badge

Yep. If HMRC view me as a customer then surely I can withdraw my custom without issue?

0
0

Netflix could pwn 2020s IT security – they need only reach out and take

Ben Tasker
Silver badge

Re: I remember when....

A container might run as a process on the host, but a process is not necessarily a container.

Although their popularity has grown recently, containers really aren't that new. Docker was first released in 2013, but the underlying kernel primitives hit Linux in 2006.

It's really not just a marketing thing.

That said, although Docker (and other containers) have it's place, it gets abused IMO. Creating a docker image can massively simplify deployment (which is good for eng) but can create an absolute maintenance nightmare for operations.

It also requires a bit of additional care in terms of managing your build pipeline. Yes, you can send me an image to deploy and I can spin it up. But, where did you build it? If you're hit by a bus, can I build a new image (to integrate patch x), or is it in fact going to turn out you built it on your laptop without documenting what needs to be available for the build?

That can be an issue without docker, but IME gets experienced less, because you tend to package the software either with the dependencies it needs, or with a well defined list inside an RPM or Deb.

Personally, I start to twitch whenever someone says "we could use Docker" unless that's followed by a justification of why a container is actually needed. We can trivially spin up cattle with Ansible/Puppet without the need for Docker, so for Docker to make it into the implementation you need to be able to justify it. There are sometimes valid reasons, "It makes it easier for me to include this obscure dependancy" isn't one of those IMO.

And that's before I start on the issues I have with Docker itself as a project.

8
1

Ex-Google recruiter: I was fired for opposing hiring caps on white, Asian male nerds

Ben Tasker
Silver badge

> I do that. mark 'other'. write in 'human' where it asks you. or leave it blank.

I've always tended to tick "Prefer not to say" for every question where it's an option.

I know these questionnaires are well intended and supposed to help the company, but something's gone horribly, horribly wrong where companies are asking employees about their race and sexuality to ensure they're diverse enough.

Well, that, and I hate filling out surveys and the like. I've never understood colleagues who look forward to their appraisals either. Don't think I've ever had a negative one, but I still hate all the paperwork and odd questions (name something you enjoyed in the last year) that goes with them.

Meh, maybe I'm just getting old and grumpy, but I just want to turn up and do my job

13
0

Knock, knock. Whois there? Get ready for anonymized email addresses after domain privacy shake-up

Ben Tasker
Silver badge

>Meanwhile, talking of last-minute consideration, this week the .UK registry Nominet published an online survey asking for opinions on its own changes to its Whois service in light of GDPR.

I've been waiting for this to turn up here. Clicked their link to view the changes, and got asked for personal details (with no apparent way to skip), so I'd not (until now) seen what the cretins were planning on doing.

I can understand requesting details to respond to the survey, but to view the proposed changes?

2
0

Washington (no, not that one) to pass hardcore net neutrality law: All ISPs in state must obey

Ben Tasker
Silver badge

> This is flat out illegal. States can't regulate interstate commerce.

You may be right, but they have a *lot* more leeway with their buying power.

So Washington's approach (regulating commerce) may not stand up to scrutiny, however the approach of other states (we'll not allow local government contracts to be awarded to anyone not complying with these requirements) is almost certainly very legal. There's no regulation, simply an exercise of buying discretion.

Personally, I think the ISP's got greedy and have bitten off far, far more than they can chew in this case. They may never have been particularly consumer friendly, but taking such a user-hostile position was such a big step that it couldn't come without risk

3
0
Ben Tasker
Silver badge

> No, because of the Interstate Commerce Clause in the Constitution. Business that crosses state lines automatically becomes federal business. And most of the Internet is interstate if not international in nature.

Interestingly, though, I was reading the other day that the Pai, in his rush, has buggered the FCC's ability to pre-empt states on this.

The FCC decided that it didn't have the authority to regulate broadband and that the Net Neutrality rules were therefore invalid (so might as well be rescinded). The problem here being, if they don't have the authority to impose rules, they also lack the authority to pre-empt states.

More here - https://arstechnica.com/tech-policy/2018/02/why-ajit-pai-might-fail-in-quest-to-block-state-net-neutrality-laws/

Which would be incredibly amusing if it proves to be true.

5
0

US Supremes take a look at Microsoft's Irish email slurp battle, and yeah, not a great start

Ben Tasker
Silver badge

> You mention "someone" and then debunk "everyone". When I worked at G, (as an SRE), I had the ability to root almost any prod box. (I assume there were a few I did not.) I expect that M$ is the same way, or at least was when this started.

When (not if) a breach happens, that kind of setup will likely be included in the report by the authorities and considered insufficient effort in protecting the data. Anyone who has that level of access, needs to have sufficient justification of why they need that access on an ongoing basis (and there _are_ roles which require it).

As a matter of best practice, when assessing who needs what access, you should always make sure the decision (and supporting arguments) are properly documented so that you can show the justification if needed. Far better than trying to remember why you decided that Level 1 support needed global root access after an event.

0
0
Ben Tasker
Silver badge

Re: The US is a megalomaniac nuthouse

Whilst it was still their choice, many businesses (in particular) will have done so because of the promises about data not being transferred to another territory (as you need to make sure your provider isn't going to breach data protection laws 'on your behalf').

If this goes through, it's an absolute game-changer for the industry, as it potentially closes the European market off to US companies. At least as far as B2B sales go. Any company that decides to use them would be putting themselves at risk, so any custom they might see would likely be based on ignorance of the law.

It's going to be a bugger for anyone currently using them though, as they're almost certainly going to have to plan a migration if the decision goes the wrong way.

17
0
Ben Tasker
Silver badge

> the beginning of even stronger encryption protocols for communication between services.

More importantly, it may also increase the amount of encryption *at rest*.

That's what matters in this case. MS could be using future-generation crypto to deliver it to your browser and it'd make no difference because they can still access it on disk to transfer to the US (to comply with a ruling).

What'll be needed if the Supreme's decide that getting extra-territorial is A-OK is to implement a system where only the user is able to decrypt the data, so that MS cannot provide it even when ordered to. It's been done before (Lavabit used this method, for example), though not (AFAIK) at the scale that MS operate at.

It's also a logical next-step in the crypto arms race, as it's almost exactly what's already happened with smart-phones.

I've been toying with the idea of setting something similar up myself for a while (more for the fun of building it), maybe I should try and get around to it sooner rather than later.

10
0

Kentucky gov: Violent video games, not guns, to blame for Florida school massacre

Ben Tasker
Silver badge

There are rampage type games outh there - Postal being one series. But even then I don't remember there being a school or anything like that.

Mind you, it's irrelevant because nothing will desensitise an impressionable mind like there being a school shooting on the news every other day, inevitably followed by politicians making excuses for it to avoid having to actually deal with the issue.

3
1
Ben Tasker
Silver badge

Re: Guns should be almost totally banned

Doesn't seem to come up much, as most of our criminals don't carry a gun either.

Push comes to shove and you have no choice, you grab the nearest object and twat the bastard as hard as you can.

The primary aim being to get into a safer situation. Don't ask me why but we just don't get a boner for killing someone like some of your gun owners do.

9
2
Ben Tasker
Silver badge

> There are games that literally replicate and give people the ability to score points for doing the very same thing that these students are doing inside of schools, where you get extra points for finishing someone off who’s lying there begging for their life

Rather difficult to amass those high bodycounts without the gun though, isn't it?

Kids in the UK also play those games, and yet we don't seem to have the equivalent happening.

And that's being generous and accepting the hypothesis that games are anything to do with this. Couldn't possibly be just that an angry, misguided and disenfranchised teen had access to an AR-15 and chose to take that anger out on those he felt had wronged him

64
4

Mueller bombshell: 13 Russian 'troll factory' staffers charged with allegedly meddling in US presidential election

Ben Tasker
Silver badge

I'm almost certain I argued with that account at one point. Really weird seeing it in the news, I just assumed it really was just a bunch of extremely right wing idiots (or maybe it was the real account I argued with and they really are just twats)

8
1
Ben Tasker
Silver badge

Re: Last name on the list is not likely to be Russian

> Russia may have seen a benefit in having Trump instead of Hillary early on. It is clearly a choice between Pestilence and Plague though. Both are not someone you would like at your table.

As has been mentioned elsewhere, the aim may not have been to get a given candidate to win so much as to sow enough discord to destabilise the system.

In fact, if you look at the position Trump was in when this allegedly started, they may not even have believed Trump could win it even with their help.

Even more telling though is that they apparently staged both a pro-Trump Rally and a counter rally on the same day. Other than to cause discord, the only other reason I can think of would be a weird attempt to cover their trail.

They also apparently attempted to support Bernie Sanders, so it's also possible the original aim was to get anyone but Hilary.

None of that automatically means Kremlin though. As you suggested it could also be driven by financial interests, either in Russia or elsewhere

15
3

UK mobile customers face inflation-busting price hike

Ben Tasker
Silver badge

Re: Abuse

> Are their any (reasonable) simm only with wifi calling? I can't seem to find one

EE do a 20GB/month (unlimited texts and minutes) for £22/mo with wifi calling.

Next tier down is £17/mo but you only get 4GB data.

The catch? It means using EE. So you better hope there's wi-fi available as chances of a consistent signal are slim outside of cities/towns. They had 3 masts down near me a few weeks ago

1
1
Ben Tasker
Silver badge

Re: It makes no sense.

Yup, the reminder has prompted me to look at the upgrade options. Between my phone and the Mrs' phone I've just saved £25 a month and got significantly more data to boot.

Had they left the price alone, apathy would probably have maintained its hold until next time one of us needed a new phone (could easily be years)

2
0

Who wants dynamic dancing animations and code in their emails? Everyone! says Google

Ben Tasker
Silver badge

Re: how to turn that shit off @JetSetJim

> Had I been given that tip earlier, my life might be entirely different. I find AMP to be such a usability nightmare that I switched to Bing. No, really.

Yeah, thankfully this news story prompted me to decide I should pull my finger out and actually do something about it (especially as I follow a lot of news links from Twitter). So I've updated my adblock list (to block the AMP JS - particularly amp-ads) and created a Greasemonkey/Tampermonkey script to detect AMP pages and send me to the canonical URL instead: Remove AMP from my browsing

0
0

Microsoft's Windows 10 Workstation adds killer feature: No Candy Crush

Ben Tasker
Silver badge

Re: A thought.

> I have a Fujitsu Celsius R650 workstation dating from 2007 running XP Pro x64, it has dual quad-core Xeon's.

So you have 2 processors.

2 is less than 4, so you're golden.

It's physical processors (i.e. slots on the motherboard), not cores that this seems to be based upon.

6
0

Forums

Biting the hand that feeds IT © 1998–2018