* Posts by AustinTX

182 posts • joined 15 Jul 2008


The antisocial network: 'Facebook has a black people problem,' claims staffer in exit salvo


"it’s pretty disappointing to see you share our private messages"

Watch out for guys like this. Who say things to you in private, that they wouldn't say in public. Because they know what they said in private was wrong. But they wanted to say it to you. They just thought you were under a gag order and couldn't rat them out. They like to play with people and they like to twist the knife.

Pixel 3 XL reveals innards festooned with glue and... Samsung?


Re: Recycling

An unsatisfying excuse when certainly it would be quicker to place pre-cut gaskets inside, than to wait for glue to cool or set. Gaskets would probably peel out and be re-useable after repairs, while also filling empty spaces to bear pressure.

Perhaps though, this glue dissolves easily in some special solvent so they can just soak the phones in a tumbler until they fall to pieces.


I've always felt uncomfortable with this statement

They should have x-rayed it first!

Sendgrid blurts out OWN customers' email addresses with no help from hackers


Mailgun has even bigger problems

Recapping what I wrote here on El Reg a week or so ago is the problem I had with Mailgun SMTP, a freemium email relay service:

Your account is associated with one of Mailgun's SMTP relay servers when you sign up. Many other Mailgun customers share that server with you. Your local SMTP server relays all outgoing email to Mailgun's server, and typically, all of your incoming email comes from the relay too. If your email traffic starts getting blackholed, you can ask Mailgun's staff to switch you to another at random, which may have a better reputation than the one you had.

If you are a spammer looking to avoid being identified and trick others into paying for your deliveries, you just need to find domains which are served by Mailgun SMTP relay servers. Probably, you'll harvest this from header information in other email traffic you're collecting. Another possibility is spamming many domains with "Delivery Status Notification" turned on and looking to see if Mailgun servers convey the response. I'm not really sure. If you sign up for a bunch of Mailgun accounts, request switches, ect., you'll likely manage to acquire accounts with one of each SMTP servers which they offer. Then, all you need to do is send a payload of spam FROM one of your accounts that shares the SMTP relay server with this victim TO their local SMTP server, addressed to various addresses from your spamming list.

Since email servers like Postfix, treat an SMTP relay/gateway as a trusted peer on the local network, it does not consider email which is injected this way to be relay mail. It treats it with the same trust as your workstation or whichever local machine you send your email from. The victim's SMTP server re-sends the spam email back OUT through Mailgun under it's own reputation and quota. It skips local spam filters because since when do you scan "outgoing" email submitted by a trusted peer for spam? And so the spammer uses up your 10K free quota, and then your paid quota if you have one. It doesn't require your victim's login credentials, as Mailgun has given you your own. And, if there's any way to stop this exploit in configuration, I don't know what that is. If you take the SMTP relay server off your Postfix "local networks" list, then while it won't accept mail from there, nor will it send there any more either.

I provided Mailgun staff with every detail I had, log entries, copies of the spammer's incoming emails (which the spammer had stuffed with as many to: cc: and bcc: addresses as possible), but they pigheadedly refused to understand. I was scolded for running an open relay and they said there was no indication one of their other customers was doing anything. Oh, please! The emails I'd captured had all the headers and session data. I get the feeling one of their staff is dirty and exploiting customers who rarely use up their monthly quotas.

My workaround is to block incoming email from Mailgun, at our firewall. Our MX configuration now advertises our cable modem IP address for directly incoming email traffic. Also, Delivery Status Notification has been disabled, though that means legitimate folks won't get address bounce messages.

That syncing feeling when you realise you may be telling Google more than you thought


So Tone Deaf

Chrome User: "You're grabbing our credentials and logging us into your previously-optional services without our consent or control! The only indication is an easily-overlooked color change to the "user" icon in the corner!"

Google: "What? Yes! You're welcome! We care deeply about our users and their safety, so we made a visible indicator that you were still logged in, in case you were sharing your device with someone else. Now they can log you out and then log themselves in separately! Keeping their browsing history separate from yours, and thus more accurate."

Baddies just need one email account with clout to unleash phishing hell


Joys of Using 3rd Party SMTP Server

I use Mailgun for some community/volunteer organizations. We can send enough emails free for our purposes (newsletter, forum activity) or pay very little for a few additional thousands now and then.

When you sign up for Mailgun's services, you are assigned one of their half-dozen or so SMTP servers. We use Mailgun only to send out email, and not to receive it, but we are still tied to a fixed SMTP server at a particular IP address, as it is the one we must send out through. Since it is our "relay" or "gateway" address, Postfix considers that IP to be a "trusted" peer "within our network", but worse, it is treated as "trusted" mail which does not get filtered. Email is still received from that address, which is normal because most customers use it for mail both ways.

The problem is that we share that SMTP server with many other Mailgun users, and some of those other users are spammers.

Imagine my joy upon finding one day that the server was spooling a enormous amount of email, OUTGOING email, and none at all was being delivered... We had used up our free 10k ration at Mailgun somehow, which was refusing to deliver for the rest of the month!

I tracked the problem down to a small number of incoming emails, each with hundreds of "To:" recipients coming FROM mailgun, through our system, and then going back out through Mailgun, but thereby using our allotment and reputation.

I don't know how the spammers matched our domain with that particular SMTP server, but it probably isn't too hard for spammers to apply for multiple accounts on Mailgun until they have one with each of the available servers. Then, they just work through a long list of domain names until they find one which accepts relay. I could do the very same, and masquerade as any other Mailgun users if I shared their SMTP gateway. Using the email deliveries they were paying for after i'd burned through their free quota. I just need to know which SMTP gateway they were assigned, and exploit it. Anyone could grep their own server logs for email coming from Mailgun and collect a valid domain and SMTP gateway. It's practically a password to use someone else's account!

Sadly, Mailgun Support was no help, and blamed ME for the loophole. They wouldn't even investigate whom among their other users was sending spam through me, which should be a trivial task. They essentially defended the spammer and scolded me for running an open relay. But it's not an open relay. My local SMTP server rejects relay and blacklist email all day long. But it just CAN'T reject email from that particular Mailgun SMTP server, by design of Postfix!

I never found any proper solution to configuring Postfix, and had to resort to a firewall rule blocking all incoming traffic from our own SMTP relay server. We continue to accept email directly from the senders (except for China, Russia and all the other squirrely sources that hit our local blocklists).

Seagate passes gassy 14TB whopper: He He He, one for each of you


Re: Foot in both worlds

There's always the wag who asks "why on earth do you need that much?". None of your business!

Sitting pretty in IPv4 land? Look, you're gonna have to talk to IPv6 at some stage



IPv6 is all who-knows-how it works all-behind-the-scenes and I have no way of knowing if a hostile entity is punching straight through my firewalls or even re-routing my traffic because he knows the IPv6 secrets and my stupid SOHO router merely "supports" it.

Now that's a dodgy Giza: Eggheads claim Great Pyramid can focus electromagnetic waves


A few important details left out

And at what power level is the most concentrated radio waves? Minute fractions of a microvolt? Oh My! They could power their whole civilization with that!

Early experiment in mass email ends with mad dash across office to unplug mail gateway


Re: Net send

In the early 2000's, the glorious international Wincor Nixdorf corporation didn't allow instant messengers on employee's desktops (at least not in my dept) so many people resorted to NET SEND which worked perfectly, assuming you knew your recipient's full machine name.

One evening, a new guy tried messaging his team lead, was ignored by them but engaged in a lengthy casual chat with someone who replied instead. The twist was that the new guy was messaging everyone on a whole network segment, if not everyone everywhere. Everyone in the room was simply ignoring the messages and no-one said a thing to him as the chat went on and on.

The other participant turned out to be a sysadmin overseas who simply wasn't kind enough to say "hey buddy, you're messaging everyone". NET SEND was disabled soon after the announcement made to stop using it.

LabCorp ransomed, 18k routers rooted, a new EXIF menace, and more


I use VLC a dozen times a day so thank you for the news. I was already using 3.0.3

Trainee techie ran away and hid after screwing up a job, literally


Let's call him Jacob, for no particular reason...

I was part of a team replacing Dell motherboards for that lovely swollen capacitor issue which they denied for another decade. One member was in such a hurry to be free for lunch that he crammed the CPU into the socket and slapped down the restraint without bothering to match the pins properly. It wouldn't close properly so he opened it up again (we were all standing there, waiting for him), observed all of the squashed pins, said in his nonchalant professor expert voice "Hmmmm, how did that happen?!". He didn't come back after that day.

Welcome to your sci-fi dystopia: Sonic firewalls to crumble inaudible ad-tracking phone cookies


I've always felt uncomfortable with this statement

Sonic cookies are not anything like playing MP3s. The sounds are being generated directly by the offending apps. There's no compression process because that's an unrelated thing pertaining to saving storage space.

Astroboffins spy the most greedy black hole yet gobbling a Sun a day


Re: Probably ate other black holes in it's youth

That begs the question of how did it manage to gather up and eat all those other black holes in so little time. They've thought of that and it still doesn't pan out. The leading theory is that the initial black hole formed and fed in an environment of high-pressure gas before the deionization of the universe took place. The inward pressure was high enough that the outward pressure of its jets and radiation still couldn't blow the gas away so it was forced to guzzle for an exceptionally long time.

Your software hates you and your devices think you're stupid


Re: Hang the UX designer

Agreed, I hate controls which are invisible until you happen to mouse over them!

That's no moon... er, that's an asteroid. And it'll be your next and final home, spacefarer


Life Aboard A Colony

I don't think there's anything improbable about a colony ship heading out for a multi-generation trip to another star. In the event that we can build such self-contained colonies in the future, it will come after we've fully matured the technology of inhabiting ones orbiting here within the solar system. Thousands, or millions of them. People living inside will already be accustomed to spending their whole lives inside one colony, just as people still grow up, age and die without ever leaving their county or shire. Sustainability will be the way of life for everyone. It won't change their lives much if the colony is orbiting Earth, Mars, among the asteroids or coasting through interstellar space.

However, no-one is going to be traveling inside a big lump of raw rock. Imagine the energy required to move such inert mass, and consider that it's probably just a big pile of loose rubble. A mountain of unprocessed asteroid rock is just a waste. Instead, spacecraft colonies will protect themselves inside a shell of already-processed and refined resources, and lots and lots of water ice. Every bit of that will be useful to maintaining life and propulsion.

PC recycler gets 15 months in the clink for whipping up 28,000 bootleg Windows 7, XP recovery discs


He didn't make 28K pirate copies. He merely infringed trademark.

Another lesson in how the law is not the same as right, fair or moral...

Since the program is provided free of charge, M$'s $25 fee is for duplication and shipping of that free software on a CD. It only works by burning it onto a boot CD. You can pay them to make you a disc, make your own disc, or you can have the kid next door to do it for you. Or anyone else.

Making the discs seem official was a dumb move though. And it seems more like they should have calculated his time based on how much he profited from the discs ($0). Or how much M$ provably "lost" in sales rather than assuming the maximum physically possible. [That's kind of funny, actually, assuming that all of the discs would surely be used. Not a good endorsement of M$... :D ]

I'm sure it comes down to the construction of the law, BUT I take a dim view of letting "victims" declare damages without providing any proof.

On the other hand, I wonder if the judge did him a favor charging him with $700k of pirate software instead of 28k instances of trademark infringement?

Sysadmin unplugged wrong server, ran away, hoped nobody noticed


Re: access request hitler

"I especially like jumping through several levels of pomposity to enter an area a cleaner walks in an out of via a side door with a floor polisher multiple times between nipping out for a fag."

Having worked as a janitor in a number of sensitive areas as a lad, I can vouch for this.


Fast food testing kitchen? :o

CEO insisted his email was on server that had been offline for years


Illuminati Online

I worked for this semi-famous ISP, io.com, launched with money won from a lawsuit against the U.S. government. Their parent company's equipment had been seized and wrecked, based on a false claim that they were training hackers. It was just a role playing game, ya know. You rolled your dice to see if you'd "hacked" the "mainframe", etc.

Their mail cluster wasn't up to snuff and stopped delivering throughout the business day. Nothing but angry customer calls and our lies to them about "nothing we see on our end". Similar problem with newsgroups, which they gave up hosting in-house and outsourced. Their servers and fileshares weren't really set up with reasonable permissions, and you could literally telnet in, without a password, and browse customer's files. This even continued for some years after they had supposedly "hardened" so they could offer network security. Those servers were just a bunch of middling Pentium machines in cheap beige plastic cases sitting on shelves. The original modem pool was literally a bunch of 14.4 modems on a rack.

The above is an abbreviated account, you can visit this archival copy of their old website at io.fondoo.net if you like. Lots of pics!

OK, this time it's for real: The last available IPv4 address block has gone


Re: Compatibility

IPv6 does not "coexist", it exists besides and outside of IPv4. It doesn't do IPv4 at all. And if we're going to switch to it, it needs to be a drop-in replacement which handles both, instead of an abstracted parallel universe where we struggle to find out what our address (or block) is, or to understand if our firewall is actually protecting us, let alone be able to choose which static IPv6 addresses we want our home web server to use.

Hurrah for everyone who found it "simple" to migrate to IPv6. Now kindly share your tutorials rather than sniffing at us old dinosaurs.

Whois is dead as Europe hands DNS overlord ICANN its arse


Just give everyone free opt-out anonymity service.

This has been suggested before and I think it's the best solution. Flip everyone's contact details to anonymized, with the option to switch it off.

Sorry spooks: Princeton boffins reckon they can hide DNS queries


Re: Oh Good Grief

Speaking for myself, I don't care for the Glorious Republic of Gilead going over my once-legal public discussions for signs of being a compelling Influencer who would probably benefit from a Holy Redemption.

Nor do I care to accommodate today's bastards, who will be the Gilead's Commanders one day, to inject fake news into my newsstream, or monitor my fertility discussions with partner and doctors.

I guess I'm just a silly-willy.

Big Brother

Still vulnerable to identification through timing

Same way they're identifying TOR users, by matching the timing of encrypted packets to and from the user to the ones that come out various endpoints. Timing could be randomized a bit, but who wants unnecessarily delayed DNS queries? I don't think we can really trust a chain of new servers out there beyond our watchful ISPs. We need to install a new component on our devices which encrypts/tunnels all DNS queries, perhaps along with padding and random fake activity.

The strange case of the data breach that stayed online for a month


Ransomware which sets up LAMP servers?

I can't fathom how spreadsheets from someone's workstation drive ended up in a public-accessible web folder on a server. Unless the company used a central server and web interfaces for it's document storage? Or perhaps the visible documents were placed there by extortionists to prove that they'd hacked their network and were rummaging around... ?

‘I crashed a rack full of servers with my butt’


Whoopsy Daisy

OK then, FINE. I *may* have brought down a big U-shaped robotic tape storage vault by feeding it a cassette which I'd just dropped on the floor. In all fairness, no-one actually told me why the vault had to be shut off the next day so someone could go inside and cut out a wad of tape which was jamming one of the readers.

Nvidia: Using cheap GeForce, Titan GPUs in servers? Haha, nope!


Re: Data Center Defined:

A room which /could be filled with computers containing Tesla V100 chips./


Re: Unenforceable.

Just as valid EULA:

"Nvidia never intended this product for solving multiplication or division problems. That is an application our fine Tesla (TM) product line does much better. Use of this product for such therefore constitutes abuse!"


Oh *THAT'S* abuse?

Since it's only "abuse" if graphics-grade chips are used in for-profit data center services (except for the established lucrative market of graphics cards for profitable bitcoin mining), "abuse" would seem to be a synonym for "flaw in Nvidia's business model". "Abuse" is a word which also implies a privilege had been granted with conditions imposed and accepted. Otherwise, there's no line one crosses to consider an "abuse". However, what we're seeing is a manufacturer blatantly attempting to forbid an *application* which competes with another one of their products, once that application catches their attention. Nvidia is far more clearly the abuser in my eyes.

Yahoo! Groups! Go! TITSUP! for! Days!



Don't do it. Nextdoor is gobbling up the world's "neighborhood" forums. USA, Netherlands, Canada... Most of the biatching (see sitejabber.com) you'll read is about people fighting with each other and admins failing to moderate properly. But it gets worse. The corporation itself is keen to treat the admins and their users as pawns in their little games. Nextdoor will watch you and kick you out for ideological reasons. You won't be free to set your own rules, or make your own allowances and follow your own culture. Plus, the platform is stuffed with ads now.

Google "dawson neighborhood seized" and read about what they did to one group who ran an "alternative" forum for it's neighborhood, to get away from the vindictively-censored Yahoo group their Neighborhood Association ran. Nextdoor said they were cool with it and would stand by free speech. The forum grew to hundreds in no time. Then, Nextdoor kicked off the admins and turned the site directly to the neighborhood association's old Yahoo forum admin.


Re: "Alternatively, are there other sites that provide this service?"

I had high hopes for Google Groups, but unfortunately they're just... somehow really ugly. And setting up permissions is really not intuitive. Google hasn't updated them in years so we all know they'll be on the chopping block before long.


Re: Yahoo Mail is TITSUP too

Agreed... I have some Yahoo email accounts which forward to other inboxes. For the last couple of weeks, mail arriving for a period of time will stop being forwarded. Then, I'll get newer emails. For the rest of the day, the older messages will start to gradually trickle in among them.

The Quantum of Firefox: Why is this one unlike any other Firefox?


Re: Everything's gone. Everything.

I dunno what your malfunction is, but it migrated all of my bookmarks and settings. And it really does seem to run swifter and use less ram (so far anyway; i'm keeping my eye on that because it was getting really bad recently).

Hells door-bells! Ring pieces paralyzed in horror during Halloween trick-or-treat rush


Internet Of Spying Devices

See, I understand the part where Ring and other IoT device hawkers spy on their customers to produce statistics to sell to other, more shadowy players.

What I don't abide in is how they lobotomized their devices so thoroughly that they don't merely send stats from the devices - the devices have to send out a signal and receive instructions from the server on how to ring the bell. That's pathetic!

BOFH: Do I smell burning toes, I mean burning toast?


"You’ll be given a chance to give your input"

I always take this to mean;

"The deadline to weigh in on this issue is in 5 minutes, and I'm not going to tell you that, so listen to the soothing sound of my voice and please take no action for another few days".

Boffins trapped antiprotons for days, still can't say why they survived the Big Bang


If it isn't inside, it's outside.

We have an asymmetric distribution of matter type, though the types themselves are symmetric. Therefore, an outside force cast them this way. Whatever triggered the Big Bang itself had a bit of a spin, which favored matter.

Another IoT botnet has been found feasting on vulnerable IP cameras


Using generic Chinese Foscam clones

I have their internet access cut off at the router so they can't call out or be reached from outside. Likewise, all of my embedded/IOT-like things are restricted to communicating with specific IP addresses on the LAN. Namely, my workstation and my web server where I run ZoneMinder to record activity.

User loses half of a CD-ROM in his boss's PC

Paris Hilton

Re: I always wondered...

ELP has a consumer line of laser record-players. they're "only" $4000 - $15,000 (down from $25,000). The advantage is that it has no needle to ever replace and shouldn't wear records down. The problem is that it's vastly more expense for no gain in quality. I've read that it sounds fine, but not nearly fine enough for audiophiles to fork over the big bucks.

I've read of a similar system using an ultrasonic beam which is far cheaper and also sounds decent.

I've selected the Paris Hilton icon since she's a famous DJ now, hah!

Far out: Dark matter bridges millions of light-years long spotted between galaxies


The assumption that it's matter

Note that all they know is that these are regions which exhibit naked gravity without detectable source. Since matter is associated with gravity, they call it "dark matter". It's just as likely that it's something that gravity does on it's own. My own pet theory is that it's a displaced gravity field caused by the matter pulled into black holes.

TRAPPIST-1's planets are quiet. Quiet as the grave, in fact


Re: Intelligent(?!) Design

"And don't forget the prostate. A kind and loving God would have put that on the outside and made it easily replaceable."

Intelligent Design placed your prostate just on the other side of your rectal wall so your buddy can give it a nice massage every fortnight or so... :D


Re: We won't be living on alien planets.

"I really can't understand the down votes; your post is, logically, the best way for us to colonise the solar system."

Yeah; I guess they all want to live on Mars and breed pale, frail cave goblins for children. :/


Re: We won't be living on alien planets.

"I believe sintered rock tends to be inflexible and brittle."

I'm not aware that all "sintered rock" must have the same quality, nor that it is uniformly inadequate. Different chemistry leads to different physical properties. Think of the colony wall as an eggshell proportionately expanded to a sphere several miles across. Even if it's stronger against compression than tension, it's still up to either task. It'll be more like a ceramic. Additionally, it can be reinforced with fiberglass or carbon fiber threads mixed in, and formed in corrugated or spongy form as appropriate for flexibility and other characteristics.


Re: We won't be living on alien planets.

"People are looking for habitable exoplanets because it's the first step to looking for exoplanets which actually have life on them"

This particular article doesn't mention colonizing other worlds, but pretty much all of them do. And most people read on through without realizing that living on alien worlds is just a sci-fi trope.

Put another way, we should stop searching the forest for comfortable caves to live in, since there is enough wood to build a city.


Re: We won't be living on alien planets.

"While I don't disagree with you, I do wonder how orbital colonies shield the colonists from the suns radiation."

Orbital colonies will shield from radiation about as well as the nearest mountain. A concrete-like shell 30-40 feet thick, an additional layer of soil and water features, millions of cubic feet of air above that. Also, colonies can be placed at the most convenient distance from the sun to maximize cooling vs energy collection vs ionizing radiation. They'll be clustered behind any natural protection if necessary.


Re: We won't be living on alien planets.

"Will those trillions, born and growing up in a fraction of Earth gravity still be human after a few generations?"

I most certainly did not describe life in orbital colonies as being like "The Expanse's" "Belters". An orbital colony can be spun to simulate Earth-normal gravity, or even more if you want your kids to grow up even more muscular.


We won't be living on alien planets.

We have GOT

to stop this unquestioned narrative

about colonizing Mars, searching for alien planets in the Goldilocks Zone

and all the rest of that nonsense.

None of them will have all of our basic needs as Earth provides, and at best we will have to live in domes or caves under the surface.

Landing in a gravity well is risky and expensive. Launching is even more expensive. There won't be any mining down there for anything but local needs. In fact, planet-dwellers are all-but trapped.

Terra-forming would take thousands of years, and humans just aren't capable of this kind of financial and logistical commitment.

But, we can build perfect homes almost anywhere in the form of orbital colonies. In orbit, where the easy-to reach material is in the first place. In fact, out of the tailings left over from sifting more valuable components out of comets, asteroids and the smaller moons.

Sintered rock powder makes a tough, concrete-like substance. The heat source comes from a reflective mirror. It doesn't even need to be big; a mirror a few feet across can turn sand to glass here on earth. We build up the football or cylinder-shaped habitat like it's inside a gargantuan 3D printer.

We spin it, and establish the ecology of our choice inside, and feed it with power collected from the host star through panels floating nearby.

We'll likely use the Moon for material first, then Mars's moons, then the asteroids. There is material for millions of habitats, each with the population of a county. Before long, the vast majority of Humanity will exist in colonies orbiting the Sun, population exceeding trillions of people.

ANY system that has loose floating material, and a star that is hot or bright enough, without being too irregular, will do.

The galaxy could be teeming with established intelligent life already, perhaps mostly around red dwarfs as they are the most plentiful and live many times longer than Sun-like stars.

Google, what the hell? Search giant wrongly said shop closed down, refused to list the truth


Google no longer lists my business either

Despite having a google+ site and getting JUNK MAIL from google addressed to my business, they took my business location off of the map and it's a struggle to "trick" google into getting it to come up in search. There was one month that I kept getting phone calls from various people pretending to be customers who would chat a bit about my services and then ask if it was a home business or not... and then abruptly hang up on me. Google has also told me to "just create a new google+ page and re-list my business". Yeah, but I can't use my current business name then, idiots. Who's going to do business with "Linden Consulting2"?

Dodgy Dutch developer built backdoors into thousands of sites


I've seen this movie

It was called "Sneakers" -1992

Wi-Fi baby heart monitor may have the worst IoT security of 2016


How adorably 1990's

"our data team"? You sure you don't want to capitalize those words to make them sound a tad more confident? You don't need a "Data Team", you need software developers, testers and at least a security consultant. I bet someone's flipping through their Rolodex for the number to that Chinese company who made the software for them...

Malware figures out it's running on VMs and refuses to execute


Re: Hide, hide, hide ...

A better Red Pill payload would be a marginally effective "real" payload which puts on a reasonable performance and distracts researchers for weeks or years. Probably been going on this way for years. Gewd Jorb, researchers!


Biting the hand that feeds IT © 1998–2018