* Posts by Kurgan

155 posts • joined 15 Sep 2009


Huawei hasn't yet fixed its security vulns, says UK's NCSC overseers


Different issues

So, what's the real issue? Is it just poor security (as the report seems to suggest) or fear of Chinese government backdoors?

I'm just not sure the computer works here – the energy is all wrong


No interference?

Today, thanks to low quality electronic devices (switching power supplies, led lamps, usb devices) or devices that generate interference by design like powerline ethernet, the whole RF spectrum from 0 to at least 150 MHz is flooded with noise.

I am an ham radio operator, and I can tell you that if you live in an urban area, no ham band below 70 cm (430 MHz) is noise-free.

On the bright side, I am happy to report that the LED street lamps that have been installed in Bologna, Italy, where I live, are properly shielded and have not increased the noise level at all.

Forget your deepest, darkest secrets, smart speakers will soon listen for sniffles and farts too


I want votes and applauses

That's fine, but I want the AI to be a farting contest judge. Give me votes, tell me how do my farts rank in regard to my friends ones.

Trainee techie ran away and hid after screwing up a job, literally


Lift and long screws...

I thought he had locked himself in the lift by screwing the doors shut.

Silk road adviser caught, Kaspersky sues Dutch paper, and Vietnam's tech clampdown


Vietnam, uh?

I'm totally sure that in Vietnam the law stating that data should reside only inside the country is made to restrict citizen's freedom.

But, I'm also totally sure that the same applies to every other state that has such a law (Europe, I'm talking abou YOU!).

Soon every nation will have its own great firewall, and the free and united internet will cease to exist.

Cambridge Analytica dismantled for good? Nope: It just changed its name to Emerdata


Emerdata sounds like...

Emerdata, in Italian, sounds like e-merdata. Which translates to something like E-bullshit, E-shittiness, E-shit, E-something-that's-shitty.

In fact "merda" is shit, and "merdata" is more or less something that's definitely shitty.

Isn't it perfect?

IETF: GDPR compliance means caring about what's in your logfiles



GDPR means MADNESS. I really whish I was not living and working as an IT consultant in Europe.

Hawaii governor: I wanted to tell everyone nuke alert was fake – I just forgot my password


So now the password for twitter...

So now the password for twitter has been set the same as the username, so it's easy to remember.

Flying on its own, Thunderbird seeks input on new look


Thunderbird needs INTERNAL REWORK, not UI

Thunderbird does NOT need a fancy and useless "modern" UI. It needs internal rework. Local email storage is SLOW when folders are big. IMAP sometimes hangs on "sending message". Sometimes TB just crashes (rarely, but it happens). On big installations (with lots of accounts and folders and emails) it sometimes says that this or that script no longer responds, even of fast PCs with SSDs. I have some 100 or so installations on win, mac, and linux. And they all have the same issues. So, issues are not OS-related.

Everybody (based on comments here) want a USABLE email client, and TB is committed to produce a "nice" email client. I think we have a problem here.

Italy leans on Amazon to retrieve €100m in unpaid tax


Re: Should there be a court case ?

Not necessarily. This is Italy, where the government just wants your money, and it wants it NOW. It does not matter if you're a criminal or not. You can settle these kind of issues out of court. And, as usual, if you have unpaid taxes worth 10 euros, you get to pay 1000 euros. If you have unpaid taxes worth 100 millions euros, you end up paying one million. This depends on the level (as in D&D) of your fiscal consultants.

Germany says NEIN to purchase incentive for Tesla Model S


There will not be enough elecricity anyway

Wait for electric cars to become more popular, and there will not be enough electricy for everyone, unless we build nuclear power plants like crazy. So, what are talking about? Just green madness.

Damian Green: Not only my workstation – mystery pr0n all over Parliamentary PCs


The dog ate my homework.

Yea, sure. The dog ate my homework, and bad hackers porned (pornized?) my PC.

French activists storm Paris Apple Store over EU tax dispute


I'd like to know...

... how many of that activists had iPhones in their pockets. I suppose most of them.

It's official: Users navigate flat UI designs 22 per cent slower



Flat and grey-on-grey no-contrast UI sucks. That's all. Simple as that. Case closed.

WannaCry kill-switch hero Marcus Hutchins collared by FBI on way home from DEF CON


Stay CLEAR of the USA

As usual, if you work in security, stay AWAY from USA (or Russia).

systemd-free Devuan Linux hits version 1.0.0


I use Devuan since older betas - it's fine

I'm a long time (since versione 3) Debian user, and now I have both Debian Jessie (with systemd removed) and Devuan Jessie beta installed in about 50 servers total. They both work fine. On my desktop I use Mint. I will end up using systemd on my dekstop distro, I suppose, and I can live with it as long as it does not crash too often. But I don't want it in my server.

BOFH: The Boss, the floppy and the work 'experience'

Thumb Up

Re: Being on a placement myself...


"Except avoid *US*".


Printer blown to bits by compressed air


I did something similar once

I had this very very old and very dusty PC from a rock grinding mill control system (yes, very fine rock powder everywhere) that needed to be cleaned. I had an oversized air compressor. I have TRIED to be kind, regulating air flow by gently pulling the air gun trigger, and it sort of worked. No components flying around. But I forgot to hold the cpu fan in place, so it went spinning at about 100.000 RPM, generated a lot of current (a motor is a generator, too) and totally fried something. The PC never booted again.

Schneider Electric still shipping passwords in firmware


Reminds me of some routers

I have found a similar flaw, almost 20 years ago, on Telindus routers. You could get the password by sending a properly crafted packet to the routers. Remotely.

Their fix? Xor the password with a fixed key.


HPE blames solid state drive failure for outages at Australian Tax Office


Like the old WD Raptors

I remember the old WD Raptors, that had a glitch every 57,6 days of being powered on. Mirror sets failed synchronously. History repeats itself. At that time, WD would not acknowledge the issue. They did later on, on a private basis, and never made it public. But then you could find the relevant information by googling.

Penguins force-fed root: Cruel security flaw found in systemd v228


systemd SUCKS!

Simple as that. Systemd SUCKS. Use Devuan, without systemd by design.

Could a robot vacuum cleaner monitor your data centre?


Security considerations

I wil only buy connected "things" that do NEED a VPN, my OWN vpn, to work remotely.

NO cloud.

Because cloud is not secure (security costs money) and is not reliable (seller shuts down service and you end up with a brick instead of a connected device).

'Too big to fail' cloud giants like AWS threaten civilization as we know it


Re: Absolutely

Your "expensive professionals" just outsourced the job to cheap indians.

Congratulations! You survived the leap secondocalypse


Old Debian boxes had issues

3 in about 15 old (2.6.26 and 2.6.32 kernels) Debian boxes crashed or got one or more cores in soft lockup, had to reboot them.

Atomic keyrings: Just how bright are they?


Disappointed by shipping costs

I was on the verge of buying 3 of the little ones (from Italy) but then I have seen that shipping costs 12 pounds, which is definitely too much.

Something Coming Through – aliens, LA noir, techno-thriller, dystopia ALL in the mix


Bought it

Nice to see an affordable price for the ebook edition. Just bought it.

Elon Musk's Tesla set to unveil home storage battery



A home battery? For what use? How do you recharge it? Why do you need it? Is it basically a 3KW UPS?

UNIX greybeards threaten Debian fork over systemd plan


Death to systemd

I am one of the anti-systemd rebels, and all I can say is that I can confirm that I like the init system that I currently use, and that I don't want systemd to be mandatory in a Linux distro that's aimed at servers.

Linux systemd dev says open source is 'SICK', kernel community 'awful'


Stop destroyng Linux, Poettering

Poettering should simply STOP trying to destroy the Linux ecosystem by imposing systemd, which is absolutely non-compliant with the UNIX philosophy.

Canadian taxman says hundreds pierced by Heartbleed SSL skewer


Was it a MITM or what?

Was it a MITM job, or were the social security numbers taken from server memory by exploiting the bug? How can they know how many (and which) numbers where taken?

IT executive at JP Morgan dies in fall from bank's London HQ

Black Helicopters


Yeas, sure, it was a suicide. Just like Roberto Calvi. http://en.wikipedia.org/wiki/Roberto_Calvi

EE BrightBox routers can be hacked 'by simple copy/paste operation'


Telecom Italia had such junk before...

Telecom Italia, in years 2000-2003, gave their BUSINESS users a router from "Telindus" that exposed its password in plain text to anyone that sent the right "request" to it. Both on LAN and on WAN. So hacking Telecom Italia business users was as simple as sending the right request packet (simple and identical for every router, no MAC address hash involved) to every Telecom Italia public IP address, and you could collect all of the router's passwords in plain text. Then you telnet to the router and you are in.

I discovered this vulnerability while trying to access a router (locally) for a customer who lost the password. (http://archives.neohapsis.com/archives/bugtraq/2002-06/0028.html)

When I told Telecom Italia (and then Telindus) about it, they asked me if I was going after a ransom, if I was some sort of criminal. I just wanted to warn them. Anyway, 6 months later, they changed the firmware so that now you needed to apply a XOR to have the password in plain text.

Double Fail!

Dying HealthCare.gov bagged JUST SIX registrations on first day


Re: So something like $400M-$500M has been spent on this website....

So we italians are not alone. Our government spent 45 millions Euros on the useless "italia.it" website.

Build a BONKERS test lab: Everything you need before you deploy


Asus mainboards?

I have had a lot of bad experiences with Asus mainboards (and with quite every consumer mainboard I have happened to use under heavy load). These mainboard are usually slow. Their buses are full of bottlenecks, so you don't get to use all fo the speed of the CPU or of the disks or of the RAM you are installing. I know that this is not a proper techical description of the issues I had, but I am no more "up to date" with modern hardware design. What I know is that I have seen more than one Asus-based "very fast workstation" perform very poorly at various I/O intensive tasks. I have seen the latest and greatest hardware (Asus mainboard) run terribly slow when compared to hardware that was 5 years old (Intel mainboard) at the same task (mechanical 3D CAD that needed to load hunderds of little files to create the entire project in RAM). It was not a video card issue, but definitely an I/O issue.

How does your setup feel? Does it feel fast enough, considering the CPU and RAM you are using? Have you tried using different mainboards?

AT&T relaunches walkie-talkie style service Push to Talk


PTT could have been a great idea...

... but it was a failure in Europe because of the greediness of the operators, I suppose.

Report: McAfee founder wanted for murder in Belize

Thumb Up


Belize, stormy night, homicide, lunatic millionaire, home-made drugs... it really seems to be the beginning of a Call of Cthulhu RPG session.

Bing is the most heavily poisoned search engine, study says


Bing had malware sites as sponsored pages!

Some time ago (six months, maybe) I was installing some new Windows machines (which I usually don't, because I am a Linux sysadmin) and after installing them I wanted to install "security essentials", so I opened up Explorer, and searched (in Bing, it is the default search engine) for "microsoft security essentials". The first two links (sponsored, I suppose, because they were on some gray or blue background) where for malware sites, the first non sponsored link was for some dodgy download site that puts spyware in every download, and the fourth result was for the right site.

If I run the same search in Firefox (same windows box, same day, just installed Firefox and tried the search on Bing using Firefox) , the sponsored links do not appear at all.

I have confirmed this behaviour for at least four or five times. I don't know if they have fixed it now.

Cisco backs down on cloud control of routers


Nice fuckup!

Now I don't trust Cisco anymore. They have lost a customer. Maybe more than one, since I am a consultant.

Facebook phone app attempts to seize ALL YOUR MAIL

Thumb Up

Re: I do use Facebook

You are a wise man. But a lot of idiots happily abuse their contact's data (phone numbers, email addressess) by giving them away to every spammer and every dodgy app in the world.

Diablo III


Re: Nice game, but...

Not only to play Diablo, but we also play Diablo. We eat, chat, drink, then someone goes to sleep and someone pulls a Diablo all-nighter.


Nice game, but...

... but I like to play Diablo 2 offline in coop mode with some friends, on a LAN with no internet connection (at a cottage with flaky cellular connection and no phone and dsl line). This "online only" mode, that is not actually required (except for DRM purposes) when playing solo or in a LAN environment will spoil our Diablo nights at the cottage.

So I', not buying it, at least not until we find a way to play offline in our LAN, which may be possible by cracking the DRM, or may not be possible at all, if the game can only talk to its servers to setup a multiplayer coop game, instead of talking to the other local installations.

AOL sells Microsoft 800+ patents for over $1bn


IP Bubble?

I really HOPE that there will be an IP bubble, with patent trolls paying millions for patents and then going bakrupt in the most gruesome way.

Paedophiles ‘disguise’ child abuse pages as legit websites


"digital path"...

... does it mean that you have to enter www.something.com/smut/ instead of www.something.com?

How technically difficult. How hard to explain. It must be kept secret and undisclosed. Just say "follow a particular digital path", do not help criminals understand this technology.

Crap mobile networks shamed by Carrier IQ API

Thumb Up

If the operators were willing to share all of the informations gathered with the users, then I'd consider installing such a spyware on my phone, because it would be useful to me, too.

If they don't, or they just share half of what they gather, then it's a big "NO, THANKS" for me.

Symantec sues rivals in backup patents spat



Software Patents: a complete failure. That's all.

Boffins embed electronics into fibres


Not just lock-in...

While such a solution can be nice for a fibre patch cable (that you buy already "terminated" with such opto-electronic integration), it is quite useless for longer runs where you have to lay the fibre for hundreds of meters (or feet, o furlongs, or whatever) and then cut it and connect it. You should have the fibre pre-cut and pre-terminated at the right lenght, before you buy it.

European revolt over ACTA treaty gains ground


A little too late

It's a little too late, isn't it?

System Shock


A great game

One of the best games I have ever played.

Year of the Penguin - el Reg's 2011 Linux-land roundup


Canonical will not be missed

Well, when someone really thinks that a big non-touch monitor needs to run the same interface as a small touch one, I think it's time to say "sure, go on with this madness" and promptly choose another distro or another desktop manager.

I like the Android touch-friendly interface on my phone and on my tablet, but I DON'T WANT the same interface on my 28 inch non-touch monitor.

Interface designers in commercial products think that users are stupid, suffer from attention disorder, and cannot focus on more that one simple task on one big window that covers all of the screen, with no more that two big buttons at a time. Everything more complex is absolutely too hard to use. And while there are smarter users in the commercial software world, there are also a lot of brain damaged users.

But, if we keep helping the brain damaged users, sooner or later the smart users will die of boredom.

Have you seen the movie "Idiocracy"? It is a perfect example of where we are headed.

Seagate matches and raises WD disk warranty cuts


Those pesky disk manufacturers...

What we need is reliable disks, not 10-terabytes disks. They should focus on reliability, and the do exactly the opposite.


Biting the hand that feeds IT © 1998–2019