* Posts by Alan J. Wylie

229 posts • joined 12 Jul 2008

Page:

KCL external review blames whole IT team for mega-outage, leaves managers unshamed

Alan J. Wylie
Joke

"multiple copies with identical hash sums"

I hope those weren't SHA-1 hashes.

shattered.io

1
0

Coming to the big screen: Sci-fi epic Dune – no wait, wait, wait, this one might be good

Alan J. Wylie

Chris Foss's artwork and a little known fact

The artwork is so obviously by Chris Foss, as any avid reader of Science Fiction in the 70's will recognise.

http://www.chrisfossart.com/ confirms it.

Little known fact: he also did the artwork for The Joy of Sex.

2
0

Google mistakes the entire NHS for massive cyber-attacking botnet

Alan J. Wylie

Re: Google Captcha

I was prompted by an "I am not a robot" page this morning. I haven't seen one of those at work for ages. Perhaps Google has tweaked some of their detection settings?

8
0

I'm deadly serious about megatunnels, vows Elon Musk

Alan J. Wylie

Constructed from Stainless Steel?

8
0

President Trump tweets from insecure Android, security boffins roll eyes

Alan J. Wylie

Sean Spicer too

He's White House Press Secretary, and has just tweeted "n9y25ah7". His password perhaps?

https://twitter.com/evanoconnell/status/824614832691355648

8
0

I've got a brand new combine harvester and I'll give you the API key

Alan J. Wylie

+1

I was going to post the same Wired link. I'd just like to make sure the words "Copyright Office" are mentioned here and note that they have pushed back to allow DMCA exemptions for automotive software.

9
0

My hole is a private thing – see for yourself

Alan J. Wylie

Re: Public Hole

Fill That Hole is an alternative pot-hole-filling site:

http://www.fillthathole.org.uk/

1
0

Mozillans call for new moz://a logo to actually work in browsers

Alan J. Wylie

about:mozilla

The twins of Mammon quarrelled. Their warring plunged the world into a new darkness, and the beast abhorred the darkness. So it began to move swiftly, and grew more powerful, and went forth and multiplied. And the beasts brought fire and light to the darkness.

3
0

ProtonMail launches Tor hidden service to dodge totalitarian censorship

Alan J. Wylie

Certificate Transparency Log entry

https://crt.sh/?id=78086775

0
0

What's the biggest danger to the power grid? Hackers? Terrorists? Er, squirrels

Alan J. Wylie

Video of the acorns being emptied

https://www.youtube.com/watch?v=cZkAP-CQlhA

7
0

Laser beam sky mirage cannon can spy on enemies and generate Star Trek-style shields

Alan J. Wylie

Re: Can't you...

Might work, if you pulsed the light source in synchronisation with the compressions of the wave.

1
0
Alan J. Wylie

Re: All over the place

Trinity Mirror

Even funnier if you are aware of the event on July 16, 1945

2
0

Stanford boffins find 'correlation between caffeine consumption and longevity'

Alan J. Wylie

Re: Still something missing for my lifestyle..

Does it have hot chili peppers on it?

The Association of Hot Red Chili Pepper Consumption and Mortality: A Large Population-Based Cohort Study

5
0

You have the right to be informed: Write to UK.gov, save El Reg

Alan J. Wylie

Shiva Ayyadurai and Techdirt

https://www.techdirt.com/articles/20170111/11440836465/techdirts-first-amendment-fight-life.shtml

Shiva Ayyadurai is suing Techdirt for $15M over their comments on his claim that he invented e-mail.

http://fortune.com/2017/01/05/email-inventor-techdirt/

0
0

GoDaddy revokes 9,000 SSL certificates wrongly validated by code bug

Alan J. Wylie

mozilla.dev.security.policy posting

https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/Htujoyq-pO8/uRBcS2TmBQAJ

3
0

3... 2...1... and 123-Reg hit by DDoSers. Again

Alan J. Wylie

Re: I'm with 123reg

I can recommend http://www.gandi.net/

Memo to self. Must move my 123-reg domains over.

2
0

Amazon files patent for 'Death Star' flying warehouse

Alan J. Wylie

If they have a 3D printer on board, they will be possessing the ability to recreate an exact likeness of an object ...

6
0

Bad news: Exim hole was going to be patched on Xmas Day. Good news: Keyword 'was'

Alan J. Wylie

Xmas day after all

http://seclists.org/oss-sec/2016/q4/744

As at least one major distro isn't ready yet, we'll keep our initial schedule and release the fixed versions on Dec, 25th, 10:00 UTC.

0
0

Major outage at broadband biz 186k

Alan J. Wylie

Accounts overdue

They seem to have flip-flopped company names between LIGHTSPEED COMMUNICATION and 186K in July, but the accounts for both companies are overdue since the end of November.

https://beta.companieshouse.gov.uk/company/04937421

https://beta.companieshouse.gov.uk/company/03744335

0
0

Europe to launch legal action against countries over diesel emissions cheating

Alan J. Wylie

"the best available technology"

Or more probably, CATNAP: Cheapest Available Technology Narrowly Avoiding Prosecution

19
0

Privacy is theft! Dave Eggers' big-screen takedown of Google and Facebook emerges

Alan J. Wylie

"enjoy the unreadable EULA as it flashes past"

By visiting the site, you do grant the Circle the right to interfere with the operation or use of your sites through any means or device including, but not limited to, spamming, hacking, uploading computer viruses or time bombs, or any other means.

In applicable states, your family members, including children three (3) years of age and older may be confiscated for failure to comply

Trust us, we're not breaking antitrust laws.

Users may also have their citizenship revoked for failure to comply with the aforementioned community guidelines. If it happens, we'll know.

And Oh, the Irony: <!-- GOOGLE ANALYTICS TAG -->

10
0
Alan J. Wylie

Google Conspiracy?

A Google search for "the circle" or "we are the circle" currently doesn't return http://wearethecircle.com/. There are "high quality psychic mediums" in the results, though. Bing is even worse, however - at least Google returns a couple of Wikipedia hits, so I assume the site is just too recent to have been noticed, or highly ranked.

2
0

Bletchley Park Trust vows to shore up insecure website

Alan J. Wylie

I've seen far worse

The "F" grade at SSLLabs is due to the same certificate being hosted on a web server elsewhere (this may be their backend server, they are behind Cloudflare) with SSLv2 and export grade (deliberately weakened) ciphers supported. The certificate has a SHA1 intermediate certificate in the chain, so they will need to update it anyway before the major browsers start giving warnings early in the new year[1]. Doing this will help to mitigate the problem, no need for an entire new web site. They should also be either getting the 2nd server turned off, if it is unused, or better secured if it is their backend server.

[1] https://community.qualys.com/message/35468-sha-1-deprecation-countdown

0
0

Three to appear in court over TalkTalk hack

Alan J. Wylie

I await the headline

"TalkTalk to appear in court over Three hack"

3
0

PoisonTap fools your PC into thinking the whole internet lives in an rPi

Alan J. Wylie

Re: To lock a Linux system down

It only stops *new* modules being loaded. Load any required kernel modules (e.g. usb-storage) first , then lock down.

Perhaps not the right answer for a developer's system, but very useful for e.g. a system in a doctor's surgery, as was mentioned earlier, or a system in a PCI DSS scope.

3
0
Alan J. Wylie

To lock a Linux system down

Adding

echo 1 > /proc/sys/kernel/modules_disabled

to a local boot script will stop any more modules being loaded. Unless the driver for the USB is the same as one used by the system (unlikely) nothing will happen when it's plugged in.

https://www.kernel.org/doc/Documentation/sysctl/kernel.txt

2
1

Microsoft just got its Linux Foundation platinum card, becomes top level member

Alan J. Wylie

Re: Great news!

I'm glad somebody finally got it...I was beginning to worry that I'd been too subtle.

I went to the comments and immediately searched for "embrace". Well played, Sir.

1
1

Adult FriendFinder users get their privates exposed... again – reports

Alan J. Wylie

Interesting passwords

From https://www.leakedsource.com/blog/friendfinder

short:

43: football

59: liverpool

long:

21 equal: youwillneverwalkalone

21 equal: ilovemanchesterunited

(and for the benefit of non-UK readers: You'll Never Walk Alone is the anthem of Liverpool Football Club)

What is it with footballers?

2
1

What should the Red Arrows' new aircraft be?

Alan J. Wylie

Re: Hawker Harrier

VIFF

that is all.

1
0

UK will retaliate against state-sponsored cyber attacks, Chancellor warns

Alan J. Wylie

SPF, DKIM and DMARC - better late than never

He pointed to the recent rollout of software to cut to zero an estimated 50,000 fraudulent emails a day from hackers purporting to be from HMRC offering tax refunds in order to obtain people's bank details.

This blog post from February details the government's move to SPF/DKIM/DMARC. I assume this is what the chancellor is referring to. Since SPF has been generally adopted since about 2009 and DKIM since at least 2012, what on earth have civil servants been doing all that time?

1
0

I've arrived on Mars. Argggh, my back!

Alan J. Wylie

Re: 'simple'solution

<Red Thunder>

Reminds me in some ways of "Welcome to Mars" by James Blish

2
0

'Biggest ever' Linux release

Alan J. Wylie

Wrong way round - it's big *because* it will be LTS

Torvalds says the release looks so substantial it's probably destined for Long Term Support status.

Greg K-H has already announced that he intends 4.9 to be the next long term stable. Linus commented on this in the 4th paragraph of his announcement linked to in the original article: people pushing to get their stuff ready

2
0

Como–D'oh! Infosec duo exploits OCR flaw to nab a website's HTTPS cert

Alan J. Wylie

Re: Trust?

The last paragraph of Comodo's report (linked to by the original article):

Comodo finds it regrettable that some registries choose to offer a port 43 WHOIS service which redacts information for all registrants which even the registry themselves would normally consider to be public. We find it even more regrettable that a sub-set of those registries refuse to consider offering unredacted access to that information even when contractual and/or commercial terms (including binding restrictions on the use of that information) are offered.

6
0

New measurement alert. The Pogba: 1,200Pg = NHS annual budget

Alan J. Wylie

Re: Monty Python reference

Ref the typing speed, was that an African sheep or a European sheep?

And would it be spherical?

3
0

SHA3-256 is quantum-proof, should last BEELLIONS of years, say boffins

Alan J. Wylie

Re: Hash functions

or do some other attack

Obligatory XKCD

7
0

Heads roll as Qihoo 360 moves to end WoSign, StartCom certificate row

Alan J. Wylie

Archived copy of Tyro's blog post about backdated SHA-1 certs

archive.org / bing

we made a decision to implement a temporary workaround to allow our small and medium-sized merchants to continue to transact. We reached out in good faith to certificate authorities to provide a few months runway to resolve this big challenge in a way that had minimal impact on merchants.

1
0

Hubble telescope spies massive 'cannonballs' of fire from dying star

Alan J. Wylie

Ringworld Engineers

It's obviously the Ringworld Meteor Defense System in action

3
0

Mozilla wants woeful WoSign certs off the list

Alan J. Wylie

WoSign has stopped issuing free certificates

https://twitter.com/rmhrisk/status/782838192944713728

https://buy.wosign.com/free/?lan=en

Sorry, due to some security consideration,

WoSign decide to close the free SSL certificate application temporarily. Sept. 29th 2016.

0
0
Alan J. Wylie

Apple's response

https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/lWJ1zdUJPLI

In light of these findings, we are taking action to protect users in an upcoming security update. Apple products will no longer trust the WoSign CA Free SSL Certificate G2 intermediate CA.

0
0
Alan J. Wylie

Interesting messages from Tyro

First, an old announcement about problems with SHA-1:

http://www.newsagencyblog.com.au/2016/06/02/if-you-are-running-windows-xp/

and secondly a blog posting, now deleted, but still in Bing's cache: try this link to archive.org or search Bing for the text below

https://tyro.com/blog/merchant-security-is-tyros-priority/

Merchant security is Tyro’s priority

Sascha Hess

27/09/2016

To summarise: after a SHA-1 to SHA-2 upgrade, some merchants had obsolete Point of Sale systems that were unable to connect. Tyro "reached out in good faith to certificate authorities to provide a few months runway to resolve this big challenge".

0
0
Alan J. Wylie

What about the other browsers?

Unless Google, Apple and Microsoft follow, Mozilla stands to lose market share: users want things that "just work" and if Firefox starts giving error messages, they might move to an alternative.

Chris Siebenmann's blog

2
0

The web is past peak innovation: It's all negative returns from here

Alan J. Wylie

posting using w3m

Just for the hell of it!

4
0

Argos tech team updates iOS app with helpful info on 'eleventy-billion toilet seats'

Alan J. Wylie

Zombie Moore's Law shows hardware is eating software

Alan J. Wylie

The wheel of reincarnation

http://www.catb.org/~esr/jargon/html/W/wheel-of-reincarnation.html

[coined in a paper by T.H. Myer and I.E. Sutherland On the Design of Display Processors, Comm. ACM, Vol. 11, no. 6, June 1968)] Term used to refer to a well-known effect whereby function in a computing system family is migrated out to special-purpose peripheral hardware for speed, then the peripheral evolves toward more computing power as it does its job, then somebody notices that it is inefficient to support two asymmetrical processors in the architecture and folds the function back into the main CPU, at which point the cycle begins again.

Several iterations of this cycle have been observed in graphics-processor design, and at least one or two in communications and floating-point processors. Also known as the Wheel of Life, the Wheel of Samsara, and other variations of the basic Hindu/Buddhist theological idea. See also blitter.

6
0

Lenovo denies claims it plotted with Microsoft to block Linux installs

Alan J. Wylie

Re: "To improve system performance, Lenovo is ... adopting RAID on the SSDs..."

Matthew Garrett's take on this is that Intel's drivers give better power management than Microsoft's and forcing "RAID" mode stops the MS one from binding.

http://mjg59.dreamwidth.org/44694.html

9
1

Luxe cable crimper

Alan J. Wylie

Gillette invented this business model a long time ago

https://en.wikipedia.org/wiki/Razor_and_blades_business_model

Sell the holder cheaply, make your profit out of selling lots of small bits of steel/plastic.

2
0

End all the 'up to' broadband speed bull. Release proper data – LGA

Alan J. Wylie

"local data for local people"

Your *my* wifi now!

7
1

Microsoft thinks time crystals may be viable after all

Alan J. Wylie

Re: YBMM

Rule 34?

0
0

Intel pulls out hard cash to gobble virtual CPU upstart Soft Machines

Alan J. Wylie

Re: Transmeta

One of their vice-presidents was previously Executive Vice President at Transmeta: http://www.softmachines.com/john-ohara-horsley/

2
0

Page:

Forums