* Posts by eLD

12 posts • joined 21 Jun 2009

MailOnline pulls recipe site after innocent young cookbook DEFILED


As usual, el reg dodged the real question

How will this hack affect house prices?

Indestructible, badass rootkit BadBIOS: Is this tech world's Loch Ness Monster? VOTE NOW


There was a chap at work who had a wig. Up until now, that was the least plausible thing I've ever seen in my life. Its just so stupid on so many levels. ASUS couldn't even reflash my BIOS without messing it up with the benefit of source code. What hope for something to have hundreds of BIOS patches, patches for affecting multiple OSes and all ready fit inside one BIOS.

NSA chief leaks info on data sharing tech: It's SharePoint


Unpopular opinion

I feel like I'm bucking the general trend here of the comments and about to be shot down. However, I actually agree with the NSA chap that the decision to use SharePoint was an extremely large reason for administrators being able to leak information.

I know nothing about SharePoint administration so I am expecting to be shot down in flames, but to have just a few basic thoughts on how I might design a security focused collaboration tool. I'd probably ensure that all the content was stored and served up encrypted. There would obviously be no need for someone with root on the machines serving content to be able to see the unencrypted content for backup or permission related issues. I'd probably delegate the actual job of decrypting the content that was being served up for particular user tokens to separate servers with more restricted access that only managed decryption and re-encryption of "resource {token} stored on source {token} being requested by {token}" to separate out and simplify the authentication job and limit the attack surface of what actually matters if it is compromised. I'd also probably split up keys storage into a number of different and disjoint fiefdoms under different control and use the academic research on byzantine generals problems to ensure that it required a majority of systems (and people) to be compromised before information was leaked beyond the intended targets.

The point I'm trying to make is that the design of a secure system for the NSA would seem to be very different to (my imagination of) a simple microsoft collaboration tool. It seems they were remiss in going for the easy option and not putting the possibility of spies at the heart of their IT policy. And thank god for that, now we know what we always suspected. :)

COLD FUSION is BACK with 'anomalous heat' claim

Thumb Up

Re: Finance?

I know technically thats only one reason, but its such a good reason that I think it deserved to be mentioned twice.

Amazon cloud knocked out by violent storms in Virginia


Yeah they've got the region "us-east" (virginia) availability zones a -> d. If only one zone in the region went down i don't see this as a real issue. There's a phrase involving eggs and baskets that springs to mind.

I cant see how this would drive people to move to other public clouds for reliability either. At least from the EC2 perspective, Amazon's cloud is failing in the way its advertised to fail. Again with Azure, unless T&Cs have changed since I last looked, you get no SLA unless you've got your stuff deployed in different azure reliability zones anyway.

NASA probe now closer than ANY OTHER spacecraft to Pluto


I think the caps in the titles are just a homage to timecube.com

Banshee man dumps Novell for Skype duo



it could be worse, it could be infected with Java

No new copters for Afghanistan troops


look on the bright side

At least we're keeping the taliban's submarine fleet under control.

Online sync'n'store services

Big Brother

I wonder why no full backup

I wonder why none of them seem to encourage full backups. It seems quite a reasonable use. I've got a couple of TiB of data total, but I bet 95%+ of that is duplicated on other machines with the same old apps, games and pr0n as other people.

I'd be interested to know if any of them were smart enough to recognise that they already had the files you had somewhere (hash it?) on their cloud and not make you upload it if so. The only downsides I can see are:

1) They'd know what files you had, which dependant on how its done with uploads they wouldn't necessarily know.

2) It'd be harder to explain pricing to customers if they started charging for what the service cost rather than just per GiB. It presumably costs them next to nothing to store the same identical file as another 1000 customers have.

MoD battles copycat hackers


Lets be realistic here

Its just a PR website for the navy. Its not as if it has anything to do with important military infrastructure.

Embarrassing? Yes.

The sort of stuff I care about being secure? No.

Windows 3.0 turns 20

Gates Halo

Windows 3.0 32-bit ?

Actually it kindof was. Remember that stuff with enhanced mode for 386?

Windows 3.0 had a kernel that ran in 32-bit protected mode and ran 2 subsystems under there. Windows (16-bit) and DOS (also 16-bit). Ever wonder how you could run multiple dos boxes at once? It was pre-emptive multitasking even back then.

Still its all a bit academic given that all the apps were 16-bit cooperatively multitasked...

MPs turn to Black Blob to preserve their dignity



That doesn't work so well when they're all as bad as each other. Its not as if its just 1 party. Sadly anyone who wants to become a politician is clearly unsuitable.

Biting the hand that feeds IT © 1998–2019