* Posts by TRT

6498 posts • joined 11 Sep 2009

Apple leak: If you leak from Apple, we'll have you arrested, says Apple

TRT Silver badge

Re: "...an employee leaked a link to the gold master of iOS 11..."

Security by obscurity is not security. But it makes a wonderful headline, piques interest and curiosity, generates a buzz... what IS it that's so secret that it'll mean commercial ruin if it leaks out? It's the Holy Grail... the gaudy cup of anticipation rather than the carpenter's crudely carved beaker. They know exactly what they are doing.

Sysadmin’s worst client was … his mother! Until his sister called for help

TRT Silver badge

Shanty...

A sailor went to C++.

TRT Silver badge

Re: Dad wanted a PC

Had he previously used a non-TIFKAM system? Because if you're going to end up there anyway, one might as well start there instead of having to change. Mind you... Pissy World???!!!! WTF was he thinking?

TRT Silver badge

I sometimes dread going home...

because when I do the family rounds, I get to spend only 50% of the time on seeing my relatives, the rest of the time it's fixing stuff. Like last weekend... my father (a retired CNC lathe operator and metallurgist, so not a dunce) complained that the printer now wouldn't work from the laptop. It was fine from the desktop still, though. Had they made any changes to anything computer related recently? No... well, (eventually) they had received a new box from Virgin, but they just swapped out the old one, and typed the new password into the laptops and phones and it was all working, so that couldn't have been the cause. I spied the Virgin box sitting behind the television, in a different room to the printer.

Had they put the new password into the printer, then?

No, because the desktop computer worked with both the printer and with the internet after the Virgin box was changed, so that couldn't be the problem.

Well, that would have been a reasonable deduction; except the desktop was plugged into the printer by USB, and it had been originally set up so the printer managed its own queue and was connected to the WiFi as well as the USB so they could print from the laptop without having to turn the desktop on.

Problem fixed, I then drove back to my mother's house to see how that Windows 10 Creators Update was coming along so that she could pick up her Yahoo! mail again after the OAuth2 update issue which had "frozen" her computer. By which she meant it hadn't picked up new email since early February rather than the mouse and keyboard didn't respond with a visible change on the screen.

At least my aunt next door is totally technophobic and without a single PC, Mac, laptop, smartphone or anything like that in the house. And no... that scratch on the kids favourite DVD isn't repairable, and yes, it is the reason the disc won't play properly anymore.

UK defines Cyber DEFCON 1, 2 and 3, though of course doesn't call it that

TRT Silver badge

Re: shortform/acronyms

BIKINI state, surely.

Although there is scope for confusion and a need for mind bleach if someone asks "The BIKINI... Is it Amber? Red?" and someone else slightly mishears it.

TRT Silver badge

Re: I see a flaw in the plan

Armada? What armada? I see no IPs...

TRT Silver badge

Call it Cycon.

Pronounced the same as Psycon. Then you can announce the level nationwide by getting Brian Blessed to shout it from the top deck of The Shard.

El Reg needs you – to help build an automated beer-transporting robot

TRT Silver badge

We're working with a company that's putting alcohol shots into sealed gelatine-like edible spheres. I can see those being loaded into a Dalek subframe...

TRT Silver badge

Re: Drink! Feck! Arse! Devops!

You missed the Girls!

TRT Silver badge

Re: "shared collaboration space"

You can share space, but you don't have to collaborate. Perhaps a shared warfare space instead?

TRT Silver badge

Maybe...

at a stretch.

TRT Silver badge

I'd take a lead from Robot Wars...

Sir Spill-a-lot?

TRT Silver badge

Presumably it isn't bottled or canned...

That'll be the first time in history, then, that we hear uttered the phrase "Open the door! There's a draught coming in."

Was April 10th 'Add storage features to enterprise OSes day'?

TRT Silver badge

"Migrates that data, security, and network settings to a new, modern target by using the SMB protocol."?

That's the bit I'm having trouble with. Surely a migration is the time to review that kind of thing, refine or adjust them, test the new settings in place on the new server whilst it is still clean... And SMB??!! On an Enterprise system? As part of something other than a user service? Surely the back orrifice stuff is done using something more... hm... specialised? More secure?

'Dear Mr F*ckingjoking': UK PM Theresa May's mass marketing missive misses mark

TRT Silver badge

They're working on this bit...

"And of course you only have to go onto a party’s website or walk near a local campaign group to be inundated with requests for your personal information."

If they get their way, you will no longer need to visit the website or take a walk or, for that matter, be inundated with requests for your personal information - they'll be able to collect it without interrupting your day whatsoever, not even to tell you that they've done it.

Total WIPOut: IT chief finds his own job advertised

TRT Silver badge

Re: actually any productive work being done by WIPO?

erm... real world testing of various policies, legal frameworks, security practices etc? Sort of a grey hat organisation?

Skype for Business has nasty habit of closing down… for business

TRT Silver badge

Total bollocks.

If you're going to use such a shite method of providing the pixels from an application's window, you could do it with, say, mapping 16x16 blocks of the out-of-scope parts of the screen, because no-one is going to bat an eyelid at a couple of fuzzy frames in a Skype for Boneheads call. The compression algorithm is dreadful anyway, and the other participants are bound to be rescaling it as well.

Besides, isn't this the kind of thing the OS window manager is supposed to do for you?

Sorry spooks: Princeton boffins reckon they can hide DNS queries

TRT Silver badge

Re: So, what would be the point of hiding the DNS query?

That would take some organisation, and legislation. Have they really gone to that trouble?

TRT Silver badge

Re: So, what would be the point of hiding the DNS query?

That's for someone that is a target, i.e. known to the authorities, on a watch list.

DNS scrying is far more... well, circumspect.

TRT Silver badge

So, what would be the point of hiding the DNS query?

If you have spooks either (A) watching a DNS for trigger events or (B) going through DNS logs, then this method either (A) doesn't trigger the alert flag at the ISPs DNS or doesn't reveal the exact origination of the request at the .odns end and (B) means they have to obtain two sets of logs, potentially in two different jurisdictions, in order to decode the footprint.

All bets are off if they are watching an individual user; this methodology simply makes casting-a-net-and-see-what-we-get less worthwhile of an activity.

TRT Silver badge

Re: Pants

Thinking about it... if you DO use a revolving DNS, then this actually makes it EASIER to gather up the pieces, because the requests will all find their way to .odns's resolver in the end, within a narrow time window.

TRT Silver badge

The diagram isn't clear. The .odns stub isn't attached to the ISPs DNS but to the client.

The "attack surface" is roughly speaking "The ISPs DNS logs every packet in its entirety and that log is readable by a hostile agent. This enables a client's entire internet activity to be mapped out where DNS lookups are being made."

The mitigation is to encrypt the request which the ISP is logging, but to do so in a way that a bog-standard DNS service can handle the query.

Application asks the transport layer for a website, say. l33th4xerr.org

The transport layer is charged with sorting this out, and presumably the .odns stub will sit here.

The .odns Top Level Domain is added by the stub inside the client or in the client's own Firewall/NAT/DNS relay, and this encrypts the requested address, so you get a lookup request for something like:

x.x.x.x wants the IP for 30831r]83Rouy[498tby[8nyr84[B'CRB.odns

The ISPs DNS throws its hands up in the air and says "I'll have to refer this to .odns as the source of authority".

The x.x.x.x is now replaced by the DNS relay...

r.r.r.r wants the IP for 30831r]83Rouy[498tby[8nyr84[B'CRB.odns query reference number 12345

.odns, as a source of authority, strips out the session key which it will use to encrypt the response, decodes the real request, looks it up, gets the response and encrypts that before sending it back to the ISPs DNS, which is the only IP address that it has - the originating requestor's IP address isn't included in the query string.

So the response now reads:

To r.r.r.r from .odns. In response to query reference 12345

The IP addresses for 30831r]83Rouy[498tby[8nyr84[B'CRB.odns are 4c34c3442r2cc5gdfgr4344tf33, dfarf7fpqn8tt9[]5t5]tbq5[t and fifty98[b3[[];'\g-0]-k

Now, the ISPs DNS isn't going to understand what the response is. The reason that the response is encrypted is so that the reply doesn't reveal the IP address of the query because the ISPs DNS is going to change the response to:

To x.x.x.x from r.r.r.r.

The IP addresses for 30831r]83Rouy[498tby[8nyr84[B'CRB.odns are 4c34c3442r2cc5gdfgr4344tf33, dfarf7fpqn8tt9[]5t5]tbq5[t and fifty98[b3[[];'\g-0]-k

And that will be logged.

The .odns stub then takes the encrypted part of the response and uses the private key to the session key that it sent to change the reply to:

To originating computer, the IP address for l33th4xerr.org is 12.43.128.12

or if the stub is sitting in the transport layer of the client, it will pass that on to the resolver and add it to the local address resolution list.

If you pwn the .odns, you only see an ISPs DNS asking for dodgy URLs, if you pwn the ISPs DNS, then you see a lot of nonsense requests for a particular IP address on that network - a household with a NAT Firewall or something. If you pwn both then you can get the complete picture.

The problem I have with this is that the encrypted reply might need to be understood by the ISPs DNS. Surely it will be trying to parse the response in order to cache it or something. And the character set of both request and response must fit within the footprint of what a domain name can be, although with multibyte domain naming allowed now, I guess that restriction is cited slightly.

TRT Silver badge

Re: Pants

Crafty but obvious. It simply recurses to the odns server which has the other half of the key-pair, which then proxies the lookup. I suppose if one is trying to build a map of what a particular computer is doing, then this would help prevent that, but then so would using a revolving DNS package with a very disparate list of lookups. You'd have to scour dozens of resolvers to gather the map. This method concentrates all of the DNS requests to a single resolver. Unless one combined those methods of course; that would be like putting a jigsaw through a shredder that dumps its load in front of a leaf blower powered playground roundabout.

TRT Silver badge

Could be a software stub in the client computer or in a gateway. The diagram doesn't make it clear.

TRT Silver badge

Pants

Proxy DNS. Someone's getting a PhD out of this? Nothing to see here, move along.

UK 'wife'-carrying champion named

TRT Silver badge

Re: Optional

Depends if you carry your wallet in your back pocket or elsewhere.

Lib Dems, UKIP's websites go TITSUP* on UK local election launch day

TRT Silver badge

They'll blame the Russians you know.

...they always do.

TRT Silver badge

This web campaign brought to you...

by The National Spam Party.

My PC makes ‘negative energy waves’, said user, then demanded fix

TRT Silver badge

Re: A solution

My ex-missus insisted we had a copper wire pyramid located on top of the monitor and on the top of the PC case.

TRT Silver badge

Re: qotw

I used to work for a well-known American electronics high street retailer, now defunct in the UK, that started life making leather goods. You know the one?

Anyway, we had a regular who used to come in to buy the anti-static spray for record players (snake oil stuff - an atomiser filled with distilled water made up with about 5% IPA). He started asking for stronger stuff because "the US government had turned up the power when they realised they couldn't read him". Turns out he used the spray like a cologne. His baseball cap was lined with tin foil too, I noticed.

Birds can feel Earth's magnetic fields? Yeah, that might fly. Bioboffins find vital sense proteins

TRT Silver badge

Re: How would it feel?

I don't know the details of that. When I took part I was 14 and on a school trip. They checked the bus orientation with a magnetic compass, I recall, so it couldn't have been a total wipeout. The top bit of the bus was probably mostly made of oak or ash and melamine in those days anyway!

TRT Silver badge

Re: The Natural Navigator

You see? I just pictured that and got it completely arse about tit.

TRT Silver badge

Re: winging it

They use navigation beakons.

TRT Silver badge

Re: The Natural Navigator

I get totally bolloxed around South Kensington. In any other place in London, I know which way the river is and thence which way is North.

TRT Silver badge

Re: How would it feel?

Manchester university have been running a human magneto-orientation study for years. It involved minibussing blindfolded volunteers around Manchester, making use of several roundabouts to disguise direction, then a 20-30 minute drive around. Volunteers wore a headband contains either a magnet or a piece of brass, then had to guess and mark on a clipboard oriented towards the front of the coach which way was north and which way was the university.

I'm not sure what the results are looking like.

*Thunk* No worries, the UPS should spin up. Oh cool, it's in bypass mode

TRT Silver badge

Re: Sometimes, there are ways round it.

I can think of a certain basement area next to the Thames that's been flooded in the last 20 years. But that was down to a large water main running parallel to the river cracking open and the water finding its way through the ancient, long since covered and built upon, tributaries of the Old Father.

I don't know if it houses a DC or not; I suspect it does.

TRT Silver badge

Re: Is it Friday already?

Disaster can strike at any time. It just always seems like it's Friday when shit happens, just to take the shine off your weekend.

I say, I say, I say: What's the difference between a king penguin and liquid?

TRT Silver badge
Pint

Fluid dynamics?

I'll drink to that!

TRT Silver badge

I say, I say, I say: What's the difference between a king penguin and liquid?

Ones system of measurement is monarchic, the other imperial.

They forked this one up: Microsoft modifies open-source code, blows hole in Windows Defender

TRT Silver badge
TRT Silver badge

Windows-execute-order-66?

Spring is all about new beginnings, but it could already be lights out for Windows' Fluent Design

TRT Silver badge

"Reveal" UI elements?

You mean they hide the functionality? A bit like the hidden buttons in Office Online?

Have fun exploring and discovering new activities!

More and more like a Fisher-Price Activity Centre every day.

Elon Musk's mighty erection fires sperm at orbiting space station

TRT Silver badge

Re: First time human sperm was sent to space?

Those are the kinds of astronauts we need... they've got spunk.

TRT Silver badge

Elastic sheets, secured round the edge. Provides some thrust for re-entry.

One solution to wreck privacy-hating websites: Flood them with bogus info using browser tools

TRT Silver badge

I must buy a lot of spiced pork and ham then.

Apple, if you want to win in education, look at what sucks about iPads

TRT Silver badge

Re: At TRT...

Hey, I laid the same shit, bro. That AND 10Base-5. Even less bendy, and required vampire taps about the size of a single volume of the Encyclopaedia Britannica. That was for a cluster of Vax/VMS machines. For DECNET I believe they called it. That, too, was so long ago it has been swept into a dusty corner of my mind.

User fired IT support company for a 'typo' that was actually a real word

TRT Silver badge

Re: Validation Vs verification

People are fascinated by the BS Proofreader's Marks chart I have on my office wall. I rescued it from my last job in a print training place - found a load in an old store room. I don't think many people in scientific publishing now realise it was a job people had and how regulated it was, with a language all of its own.

UK watchdog finally gets search warrant for Cambridge Analytica's totally not empty offices

TRT Silver badge

Re: ... would *not* rely on a paper shredder alone

Building's combined heat, power, energy, ventilation and security system should take care of that.

Brit cloud slinger iomart goes TITSUP, knackers Virgin Trains, Parentpay

TRT Silver badge

Re: Cloud?

Every silver lining has one.

TRT Silver badge

They had to be sacrificed to the gods of the network in order to ensure the return of bountiful bandwidth.

Biting the hand that feeds IT © 1998–2019