* Posts by chuBb.

66 posts • joined 24 Jun 2008


Whats(goes)App must come down... World in shock as Zuck decides to intertwine Facebook, Instagram, WhatsApp


Re: Signal

It is feasible any one who won't communicate with me by other means gets disconnected, people who know me know my email and phone number it's been the same since '97 those that bother are friends everyone else is digital chod I don't miss

Tens to be disappointed as Windows 10 Mobile death date set: Doomed phone OS won't see 2020


Couldn't agree more had 3 win phones tiles were ace, could find things easily swipe right scroll list of apps hate the droid phone I now use feels like such a backwards step...

Also makes me laugh how much press samsu g got for doing the phone Dock thing a few years after ms did it, true I used it once and then just used it as a charger but I loved being able to reply to txts from win 10 notifications etc...

$24m in fun bux stolen from crypto-mogul. Now he fires off huge fraud charge. Like, RICO, say?


Re: Isnt this what hardware wallets are for.

Amusingly the thief did just that and transferred the funds to a trezor


Re: All the King's horses ...

more detail on how the sim swap worked here: https://krebsonsecurity.com/2019/01/stole-24-million-but-still-cant-keep-a-friend/ he did present photo id, and managed to get his name added to the

In essence though these security compromises work through a mixture of social engineering and bribery, getting your name added to an account, i.e. pose as a PA and say you need access to administrate it for your boss, and if thats not successful just pay off the lowest hanging fruit i.e. the sales chimp on the shop floor to just tick the seen appropriate id carrier arse covering nag screen on the sales terminal.

Unfortunately convenience always trumps security when it comes to consumer tech, even if it was posted there is no real way to stop the social engineer changing that as well as adding them selves to the account, and commission chasing salesdroids will always be the easiest way past what ever security is in place

Personally i cant wrap my head around why you would entrust 24m to a MFA system that uses SMS as anything but the cherry on top of at least two other methods [username password, biometric, hardware dongle/keyfob], that and the lack of stand and deliver references in this article, i mean the victim is caller Terpin!

You were told to clean up our systems, not delete 8,000 crucial files


Re: Backups

Stuff you want to use again is kept in the recycle bin, that's why it's called "recycle"

I actually had this happen to me, emptied recycle bin, office ground to a halt as that's where the receptionist stored all her documents to be reused. She also was incensed after the same cleaning session her cursor was "broken" as it was no longer a carrot, and how could she search the internet without all of the search bars in ie....

It's a, it's a, it's a SYN flood: Quick, ditch that packet


Syn greylisting would work as well as it does for email

Not very well in other words, too many crap network stacks out their which would fail never mind it working properly looks like it's broken to end users except here it would be much more subtle than a missing expected email and would manifest as security gates failing open or closed etc. Due to aforementioned crap network stacks

It's official. Microsoft pushes Google over the Edge, shifts browser to Chromium engine



Wonder what that will do to the various anti trust cases around bundled browsers, has ms just manouvered them selves out of the firing line with a talk to Google as the response...

That and opera bloke will now be winging about lack of diversity

Ah well guess that's the cost of a consistent box model and one less set of browser specific css hacks, poly fills and other normalisation chod. Actually that could have quite a dramatic impact if the ie/edge cruft gets stripped from bootstrap etc.

Virtual Nodes and Cluster Autoscaling arrive at Microsoft's Azure Kubernetes Party


Re: Delayed Functions

Been up and running for a quite a while, been running production work loads on Azure functions for last 18 months or so, python is the new bit they unveiled this week, personally i dont really care about that as its the one scripting language ive never bothered to get into, other than the usual lack of coordination between azure teams (cant use latest versions of the storage libs for example) functions has been a pleasure to use and like most comparisions against aws the consistent ui of the portal makes things easy, as does the deep hooks in visual studio remote debugging serverless ftw.

Salesforce dogged by protests, leaked emails, and guerrilla blimps on first day of Dreamforce


Lars is the singer???

And here I was thinking he is the "drummer" of sorts

Apple's new 'spaceship' HQ brings the pane for unobservant workers


i expect style guidelines (trumping health and saftey obviously [they used comic sans in places]) prohibit use of post it notes to indicate glass...

still at least u can guarantee defenestration when fired

Symbolic IO CEO insists the IRIS i1 is more than a bunch of pretty lights


sounds like a challenge

Unhackable??!!?? Ummm nah there will be a way.

So we are talking about a rack mount gaming pc case, with a smartphone display on the bezel instead of an ascii char lcd, magic save to dram on power loss without using (internal) batteries so reliant on ups or generator or super cap where a battery should be and hoping the alternate power source has enough grunt for the task to complete, and potentially a weird proprietary bios level file system/memory manager with an apple style vendor lockin ensuring that when you need a spare the eta is weeks not hours

Think I will stick with off the shelf boxen and wait to see what's left after the vapour has evaporated, if that's anything at all they will have distilled it down to an addin card for a standard x86 box, or gone bust...

One IP address, multiple SSL sites? Beating the great IPv4 squeeze


Re: Doesn't a proxy defeat the purpose?

Nope, either put your reverse proxy in front of the load balancer and have redundant rps, or share session state between app servers using memcached or red is etc. Or combine reverse proxy and load balancing into a single role as nginx is capable of load balancing too.

My current favoured approach is to distribute session state meaning i can spin up app servers and add to pool and not really care about maintaining an affinity between them, I.e. Any server can handle any request then use a redundant cluster of nginx images to reverse proxy port 80 and 443 only to the app pool making use of the load balancer in nginx. Management of the pool is done via vpn to the management lan of the cluster, with the only publically accessible entry points being the ports open on the nginx box it sounds like a complex setup which is true in terms of initial deployment but 99% less work from an operational point of view, as security largely comes down to app design and sensible coding rather than masses of network policy as any traffic coming in from the net on a port which isn't port 80 or 443 just gets logged and sinkholed while app traffic is easily monitored using off the shelf tools, logging and other insight frameworks.

This approach isn't just for web/http, with a few port swaps a very similar config underpins the voip platform at the day job...

LOHAN seeks stirring motto for spaceplane mission patch


Nevermind the ballockets

Home lab operators: Ditch your servers ... now!


Snap, me too, I prefer the microserver over a laptop as I can run dual nics useful for a management man and dmz scenario plus cheap sata drives. Oh and hp have the £100 cashback offer on again during Feb, have found them on amazon for £155 so with the cashback U can max the ram for free effectivly getting a server for £55 with 2gb ram or with 16gb for 155!

They also are virtually silent, and don't look totally out of place under the tv, so make great nas/plex servers as well as lab boxes

BOFH: Attractive person is attractive. Um, why are your eyes bulging?


Re: Solving "CRAZY"

That works, its eyebrows I struggle with, honestly cannot not see the diference, only notice an extreme lack or abundance of eyebrow...

So of course I have already unleashed the crazy by not noticing so no amount of back peddling helps

XBOX One SHOT DEAD by Redmond following delivery blunder



So guy is crying about his legally purchased (he means licensed), hardware and software has been deactivated as he broke the EULA by using it before the license's he purchased permitted public use of device and software, so the licensers have used what ever right is granted to them by the license he has purchased to stop him breaking the license agreement further. Wonder if he has broken the terms of preorder agreement with the supplier as well as IANAL but i think even if supplier fucks up and sends out early he shouldnt have attempted to use device, obviously that doesnt take into account the real world but since when has laws and contracts ever done that?

Aussie bloke hacks way to top of music charts with MIDI-based tunes


Austrian Death Machine

Have to say Austrian Death Machine have already cornered the commando based song titles, such as this


Do not adjust your set: TV market slows, 'connected TV' grows


Re: Just want big dumb panels

Exactly, hence 9 hdmi and a panel of bits please!


Just want big dumb panels

Honestly all i want is big dumb panels

I dont want the crappy "Smart" shit built in, I have a samsung tv, its smart apps are crap, iplayer takes forever to change between shows when browsing, whilst the iplayer channel in the plex app is instant, and even then i tend to use one of the consoles connected to the tv to do anything "smart". From what i have seen of most youview boxes they make the manuf's attempts at smart entirely redundant same goes with having a modern sky or virgin box.

So all i want is a HD LCD panel no tv tuner i have other better devices for that, no smart app's i have other better devices for that, i just want 9 hdmi ports (9 because a dedicated key with "10" on a remote would look wrong, and i dont want to have to press two buttons to access port 10), removable speakers as i have other better devices for that ;-), and a remote that just changes the HDMI port and volume and allows access to panel picture tuning i.e. like what i have on a monitor, any thing else is just crap i dont want. Give me that and i will be happy, hell may even start buying panels like that for use as monitors.

So TV makers be honest with yourselves, your panel makers, tv has moved on, and tv tuners will become an anachronism, content will be delivered in ways where the providers can keep nearly end to end control, i.e. via IP, with drm, with copy protection so that only viable way of recording content locally will be to intercept the screen buffer of the panel, and then re-encode the raw stream. (I know will never happen, and that there are numerous issues with what i have said about copy protection etc. but tbh as soon as services make it easier to stream than download the vast majority of people do, even if it via a "tax" as twats call it [no one forces you to use it, stop being cheap, get a job], or a subscription as sane people call it)

Web.com DNS hijack: How hacktivists went on a mass web joyride spree


Bloody NetSol

Nice to know that they havn't updated the change DNS process there in over 12 years.

If i remember correctly to change the DNS password all i had to do was:

Fax request to change password on company letter headed paper, any company would do.

Fax photo id with same name on it as the registered domain owner, if the domain was registered to a company any ID would do.

Grand Theft Auto V: Violent, sweary and amazingly ambitious


GTA online is part of GTA V, its just being launched a few weeks after GTA V (Guess they want to try and have enough servers to handle the load and avoid a Simcity type farce).

Also the reviewer clearly hasnt played game very much (if at all) the third protagonist is called Trevor not Lester... Pretty pisspoor review TBH

Chap unrolls 'USB condom' to protect against viruses


Re: Beware cheap cables?

you mean like these have integrated hardware in the plug?


nice pic has a clear plug so you can see the serial port uart hardware in the usb plug, and i have come across some vender specific cables where they have the driver/dongle embedded in the cable

WIN a RockBLOCK Iridium satellite comms module


2 for consideration













Untether (and)





Infosec analysts back away from 'Feds attacked Tor' theory

Black Helicopters

annother conspiracy theory waiting to happen...

Its the same SAIC that backs/is patent troll VirteX, who seem to be going after any one with anything to do with VPN's and other secure networking tech's..

How long till someone claims that its to force backdoors on to the tech...

Brazilians strip Amazon of brazen .amazon gTLD grab bid


Re: Can I register .bastards?

After watching nathan barley i wanted to register isa.co.ck, massive.co.ck and loadof.co.ck and sell sub domains off them, turns out .co.ck's are quite expensive to register (plus you need to be a resident of the cook islands or NZ...)

Sleek Nokia Lumia details EXPOSED ahead of Thursday's disrobing


Looks good

Wonder if it will be out over here by the time my lumia 900 is up for renewal...

'Raining Blooderator' pays tribute to late Slayer guitarist


Re: Best use for the interwebs thus far!


Hands up who wants 3D finger-controlled fridges? That's the spirit



As title, and no where near as much fun as could be had with one of those casio watches that you could set up as a tv remote, managed to convince a teacher the tv and vcr was possessed with one of those....

iPads in education: Not actually evil, but pretty close


Better than some ideas i have seen

Used to work in "e-learning" there were conferences on how the educational qualities of PSP's and Nintendo DS's (i.e. brain training) could be exploited

Also pots of money available to get smart phones to give to kids so that they could do educational things with them i.e. take photo's for course work, of course no one thought that kids would have a camera phone of there own???.

Or how about txt the answer to the white board, cus you know kids want to spend there credit answering questions in class

All in all a load of shite, mainly used by self promoting academics to get a conference fee with 0 educational benefit, bottom line is teacher wants and ipad, teacher cant afford ipad, teacher bullshits some dubious claim of educational value, techophobes at the top go ohh shiny innovative IT, every one loses especially the kids.

Flame espionage weapon linked to MORE mystery malware

Big Brother


Hmmm 5gb from 5000 machines, or a roughly 1mb a week per machine, certainly sounds about the right size for some network recon..., and pretty much a needle in a haystack in terms of sniffing the payload, and thats assuming that the ~1mb of data was uploaded at once, even less likely if the ~1mb is the product of a week spent sniffing and periodically reporting back to c+c some software auto updates send back way more than a 100kb payload just to see if the shiteware is up to date and if not present and opportunity to install a fucking toolbar....

Bill Gates, Harry Evans and the smearing of a computer legend


Re: Memories of the once cutting edge.

Pretty easy to do actually, you wouldn't have the message stored as a string, but as pointers to the chars that made up the string, then using a simple cypher of some sort, you could build the message by loading the starting location then applying the cypher to the starting location to derive the next location, until the message is built.

That said would be pretty dull task to embed the hidden message but meh, certainly do-able.

Story gone


Agreed wtf indeed

Sysadmins: Your best tale of woe wins a PRIZE


Re: Oh God

It wasn't fun i can tell you that, and i have had a root canal before, was definitely more enjoyable, lots of painkillers straight on the nerve :D..., 2008 to 2011 is meant to be less painful but still a royal pain...

Best bit is the one unfixable problem is that the one person in the company who needs access to every ones calendar is the one person who's account wont allow the permissions to be set oh the joy, tried explaining to "management" that exchange nevermind system administration is a full time job in its own right oh well u can but try...


I'm allegedly a developer...

I'm allegedly a developer... (admittedly one with a CCNA and an interest in system administration, Linux and other general geeky stuff)

Except i am charged with Running exchange, the cloud platform, the virtulisation stack, all of the servers and desktops, the helpdesks (yes 2, as a so say manager was beguiled by a nice mug and stickers, didn't even hold out for a pen drive!) , documentation, router kicker (crappy dlink wireless router from PC world powers the office, and dont get me started on the ADSL line!!!!), 1st, 2nd and 3rd line support, explaining basic concepts to the "technical" director (yesterday talking to a potential client his response was "we send some HTTP", when asked a question about SSL) oh and taking the flack for when dev deadlines are missed for all of the above, well here are some WTF's from this job:

1) We upgraded to SBS 2011 becasue the MD bought a mac book and couldn't connect to exchange, said mac now lives on a shelf gathering dust, Migration from SBS 2003 disnt work and we spent 3 weeks with a partial service.

2) Exchange is hosted locally on an ADSL line which has a top down speed of 5Mbs, on a router which crashes 10 to 20 times a day, average mailbox size is 12Gb and the suggestion of archiving went down like a lead balloon and was forced to revery back to all you can eat inboxes.

3) one of the helpdesk servers was a windows XP box bought in 2002 which died last week, that was

fun to fix (now on a proper server)!

4) we have a mixture of 1 to 10 Gig ethernet to every desk yet the MD insists on people using wireless to said crappy router because wires make the place look untidy...

5) It took 6 months of nagging to take the UPS out of the empty comms rack and install it in the server rack

6) The working helpdesk has been replaced by a cgi based web app which crashes when more than 5 people try and access it it also uses a VBScript based file upload and a scheduled task inplace of a service and requires administrative permissions to save to the file server, suffice to say new clients dont have the option to add attachments to support calls (we publicised the "upgrade" to our clients most are not impressed!)

7) A mezzanine floor was removed, but a comms cupboard was left 20' up a wall, i needed to replace a switch in there, new switch wouldn't slide in shoved it harder heard a crunch then a loud buzz, there was a bloody wasps nest in the cupboard!!!! queue rapid decent down the ladder and no network to half the building until the exterminators had been!

I could go on but the phone is ringing and someone needs their hand holding...

I Love deadlines its the whoosing sound they make when they fly past....

Arts & social-sci students briefly forced to do useful work at Foxconn


Hmmm sounds like ideal work experience for people who do arts and social science degrees, that or MacDonald's, as outside of academia where is the demand for those "skill" sets???

Bloody crayon botherer's and no shit sherlock's

Campaign to reduce RIM jobs gets underway

Thumb Up

Has to be inline for title of the year

Fasthosts officially not the best in UK for virtual servers


They were pretty good 10 years ago when then had the lucas arts theme tunes as the hold music, then they were bought by 1and1 and it all turned a bit kenny g.

Vote now for the WORST movie EVER


none of them are that bad really

Quite like all of the above with the exception of hitch hikers but that's because it might as well have been a film of every tosser going shitting over Douglas Adams grave. And as pointed out previously tarnishes with shit the diminishing returns of every thing after the radio series

That said i do seem to be a bit of a masochist when it comes to films as my collection includes such delights as:

The nostril picker (bought for the tagline alone, "He picks his nose, He turns into a woman, He kills people" its so bad even sci fi (sorry sy fy :-/) or movies for men wont air it.

Sexy Scary Movie (from the makers of the erotic which project) not scary and not sexy but does feature a scene where a stapler orbits around a bored office workers head

Hell Ride so shit tesco's flogged it to me for 50p basically an ego wank of some jerk who blagged tarrantino into being credited as executive producer and features vinnie jones as a biker bollox in a word

Reign of fire nuff said

Any of the Michael bay Transformers films

I could go on but probably should have suggested some earlier....

Psst, kid... Wanna learn how to hack?


probably expect a lot of arduino projects to get ported...

be intresting to see a reprap powered by one of those, almost a perfect educational device then

Now just have to convince the misses that i really need annother board, to got with my arduino's and netduino's ;-)

LOHAN fondles substantial concrete buttocks



Probably Immolation Proof Posterior Aggregate

Grand Theft Auto V trailer drives onto interweb


Fuck yes planes are back

as title :D:D:D

Celebrating the 55th anniversary of the hard disk


Me 2, spent the cashback on 8gb of ram an 2tb drive...

Scares me when i think my first PC only had a 1gb drive which was considered excessively large at the time, (I am under 30 so Pentium 100 is over half my life ago ;-) ), never mind the 8mb of ram it had cost double if not triple the £40 or so i paid for my new ram....

Nuke plant shut down after US earthquake


surely should be in gigawatts?

1,806 megawatt or 1.8 Gigawatts more than enough for a delorian....

Ridley Scott confirmed for Blade Runner pre/sequel



As long as it has NOTHING to do with the original then it might work. I.e. work in the universe like the old Westwood game did, but other than a fleeting appearance in an esper photo and a few references to events in the film there is nothing from the film apart from locations.

Would be cool to see something a bit closer to the book, i.e. more emphasis on lack of animals and the kibble but im not holding my breath.

But it will probably be another shitty 're-imagining' meh.

(Nuke cus thats essentially the prequel in one word)

T-Mobile JavaScript comment stripper breaks websites


Cus positive and negative lookahead/backs are so difficult...

Regex fail

if only: http://xkcd.com/208/

Mozilla answers Google's Crankshaft with IonMonkey


Supagorgonizer build?

Wonder if they know iron monkey was a band with song title like Supagorgonizer and Web of Piss

Thinking about it could lead to some fun googles...


Disclosure : Typed wearing an iron monkey t shirt

Coming soon: Die Hard 5 - The Zimmer Frame



"Wolverine and X-Men Origins"

Arent they the same film? Unless he has also written first class as well...

Anonymous hack showed password re-use becoming endemic



It is but unless you 'salt' the hash by combining other unknown data with it you are vulnerable to raindow tables and such like (a rainbow table is a precomputed hash of known weak passwords, so all you have to do is look up a hash that matches your unknown password and you either have discovered the password, or lucked out and found a string combination which yields the same hash as the hash to be cracked).

In the past I have used guid's (like Tom 15 suggested) and other unique readonly identitifiers associated with a users account along with a secret key value all concatenated together before the hash is generated. That way in order to crack the password not only would the cracker have to guess a unique value generated by the users account being created, but the users password and the secret key which is highly. Although if the servers are rooted your probably buggered as all this does is make the hashes rainbow table resistant, weak passwords still are vulnerable to brute force etc.

Diary of a Not-spot: One man's heroic struggle for broadband


iron acton is well served comapred to some the exchanges arround yate area

should try being on the didmaton exchange, had a friend living in iron acton who had adsl 2 or 3 years before my village got the chance.

Although that was probably not helped by my village not giving a shit about adsl untill they got it, think we managed to get 30 names on petition when we were trying to get connected, now its so over subscribed i long for my bonded isdn line back meh :-/

Reg Hardware Reader Awards 2010



Red Dead easily my fave game of the year

Sonic 4 is enjoyable but but i doubt it will be remembered as the classic sonic 3 + knuckles is


Biting the hand that feeds IT © 1998–2019