* Posts by TrevorH

76 posts • joined 22 Sep 2009


Well Holby damned! We've caught a virus: Brit medical soap operas team up for 'cyber' episode


Shouldn't it be that the outbreak is magically stopped by a malware author turned security researcher...

Awkward... Revealed Facebook emails show plans for data slurping, selling access to addicts' info, crafty PR spinning


Yes, they really seized them


TL;DR: "Rarely used parliamentary powers were used to demand that the boss of a US software firm hand over the details." and "In a highly unusual move the House of Commons serjeant-at-arms was sent to the businessman's hotel and he was given a final warning and a two-hour deadline to comply with the order."

Linux kernel 'give me root, now' security hole sighted, dubbed 'Mutagen Astronomy'


Fixed in kernel-3.10.0-862.14.4.el7

World's oldest URL – fragments 73,000 years old – discovered in cave


From the extrapolated drawing seen in "b", it's perfectly obvious that this is actually the stone that used to sit in the original estate agent's window and is advertising a teepee for sale. One careful owner, all mod cons including a central fireplace...

Fix for July's Spectre-like bug is breaking some supers


The bug is already identified and a fix has been provided (unofficially) for CentOS. The CentOS bug report for this is https://bugs.centos.org//view.php?id=15193 and the fixed version is on https://buildlogs.centos.org/c7.1804.u.x86_64/kernel/20180820114938/3.10.0-862.11.6.el7.bug15193.x86_64/ and the fix has also been incorporated into the latest CentOS plus kernel kernel-plus-3.10.0-862.11.6.el7.centos.plus.1.x86_64.rpm

Home Office seeks Brexit tech boss – but doesn't splash the cash


So.... interviews at the start of October, by the time they've interviewed the candidates and made their decision and had an offer accepted it'll be at least the end of October. Wait 3 months for them to resign and be released from their current job and they'd be starting around Feb 2019 and this all has to be up and running by March. So start in Feb, fired in March. Good job!

Why the fsck has this person not been in place since June 24th 2016?

Batten down the ports: Linux networking bug SegmentSmack could remotely crash systems


> Most enterprise-grade Linux distributions do not yet use kernel 4.9 or above so aren't immediately affected.

Unfortunately not true. Redhat have a page https://access.redhat.com/articles/3553061 that says that RHEL6 and 7 and even 5 (which is quite dead) are all affected by this bug.

Scam alert: No, hackers don't have webcam vids of you enjoying p0rno. Don't give them any $$s


I've had two of these mails in the last 3 days and both told me that my password was 'changeme' which, to the best my knowledge, is not one I've ever used anywhere for anything. I vaguely recall it used to be the default password for some java key store as delivered from Sun/Oracle but it's certainly not one I'd choose to use (much too complicated, mine are all 'password', honest). They can send me as many as they want but since I already know I've never been anywhere near an adult site and most likely never will, I'm not likely to be paying anyone anything.

Europe's scheme to build exascale capability on homegrown hardware is ludicrous fantasy


> So EU, find the cash, somehow, give it to Atos


(An ex-ATOS employee)

Indiegogo lawyer asks ZX Spectrum reboot firm: Where's the cash?


Who'd keep half a million squid in a paypal account. I get worred if I have a fiver in mine!

If you're a Fedora fanboi, this latest release might break your heart a little


> Linux tip: Avoid Nvidia graphics cards if possible

Really? That may have been true about 10 years ago but these days they pretty much just work. Besides, the main alternative would be AMD and theirs are far far worse.

Monday: Intel defector touts Arm server chip. Wednesday: Intel shows off new server chips


Or perhaps the news release has to do with the leaks... https://www.anandtech.com/show/12387/skylaked-creeps-out-on-intels-price-list

EE Business Broadband digital transformation: Portal offline until July


Code review?

Someone did a code review and discovered it leaked like a sieve and was unfixable?

El Reg assesses crypto of UK banks: Who gets to wear the dunce cap?


What happened to Nationwide?

Why are we disappointed with the best streaming media box on the market?



Didn't that ship sail about 5 years ago with no-one on board?

Fore! PCI Express 4.0 finally lands on Earth


El Reg left hand, meet right hand...


Huge ransomware outbreak spreads in Ukraine and beyond


So let's get this straight, this exploits the same vulnerabilities as the last one that made headlines all over the world and crippled various organisations and yet, some people still didn't patch against it?

sympathy-o-meter firmly pegged on 0 here.

'OK, everyone. Stop typing, this software is DONE,' said no one ever


CentOS 6 is in production phase 3

So... yes, CentOS 6 is "supported" until 2020 but the upstream RHEL that it's based on and receives all its patches from went into what Redhat call "Production Phase 3" on May 10th 2017. That means that only security vulnerabilities that Redhat class as "critical" will now be fixed. Anything that's merely "important" or less gets patched if they feel like it and judging by the things that _didn't_ get fixed in RHEL5 once that reached PP3, that's going to mean that CentOS 6 gets less and less secure over the next 2.5 years until it goes EOL.

Canonical sharpens post-Unity axe for 80-plus Ubuntu spinners


All this stuff about not rebooting when there's a kernel update. Without the reboot you're still running the old, potentially exploitable kernel. But who needs security anyway, eh.

1.37bn records from somewhere to leak on Monday


It's a myisam database

Unlikely to be Microsoft then

Mysterious Gmail account lockouts prompt hack fears


There was some discussion about this possibly being related to Cloudbleed too but comment 24 in https://bugs.chromium.org/p/project-zero/issues/detail?id=1139 says definitely not.

Intel's Atom C2000 chips are bricking products – and it's not just Cisco hit


I'm pretty sure that I've had one Supermicro A1SAi fail with these exact symptoms already. Was in normal use one day and then the load average went sky high with no warning and a shutdown/reboot killed it stone dead. One replacement motherboard and processor later...

Alleged ISIS member 'wore USB cufflink and trained terrorists in encryption'

This post has been deleted by a moderator


USB stick disguised as a cufflink...

as sold by that bastion of terror: Marks and Spencers Plc perhaps?

NASA gets last Pluto data


The one kilobit figure is wrong

Having done a little reading around it seems that the spacecraft has 2 transmitters and both can be used simultaneously if they shutdown other equipment on board. That nearly doubles the data rate to 2Kb/s but that still doesn't explain the discrepancy. I also see that the image data can be compressed by a considerable factor so this is probably more likely to be the explanation - the 50GB figure is going to be the total data size before compression.

Belgian court fines Skype for failing to intercept criminals' calls in 2012


>> but explained that it was impossible in 2012 to provide access to users' conversations

In 2012. Doesn't say it's _still_ impossible.

Asterisk users need to patch DoS bug


1.8 is also affected but out of support so there is no upstream fix.

M.2 SSD drive format is under-rated. So why no enterprise arrays?


Re: Gbit/sec?

Yes, Gbit/sec is wrong. It's GBytes/s.

Bad news: MySQL can dish out root access to cunning miscreants


mariadb is affected too

Don't assume that mariadb is immune - it was a fork of mysql and at least some of the vulnerabilities discovered here are also present. Mariadb also helpfully reads $datadir/my.cnf so you can do something similar with it too.

Having offended everyone else in the world, Linus Torvalds calls own lawyers a 'nasty festering disease'


> Effectively Red Hat and Oracle have both done that. They publish their own version of the kernel as a tarball

Haha. Not sure if that's meant to be a joke since the main reason that Redhat produce a monolithic patch of their modifications to the kernel is to stop Oracle from hijacking their work.

BT customers hit by broadband outage ... again


Re: Some sympathy -but not a lot

I don't believe this problem has anything to do with LINX. THN is a massive building and LINX have space there but the room currently affected by the power problems is not the LINX suite.

Linux command line mistake 'nukes web boss'S biz'


Re: I thought everybody knew

The original post said he was running CentOS 7 and if you run rm -rf / on CentOS 7 you get...

[root@localhost ~]# rm -rf /

rm: it is dangerous to operate recursively on ‘/’

rm: use --no-preserve-root to override this failsafe

No, HMG, bulk data surveillance is NOT inevitable


Why did I read "the draft Communications Data Bill" as "the daft Communications Data Bill" ...

Containers! Containers! Containers! And RHEL 7.2. Employ as you wish


CentOS 7.2 "any day soon"

CentOS 7.2 has been out for more than a month.

Is the world ready for a bare-metal OS/2 rebirth?


The guys behind Arco Noae are longtime collaborators with the people who previously produced Ecomstation and wrote much of the code that shipped with ecs. I doubt if they'll price themselves out of the market so it's likely to be affordable when it comes out.

Caption this: WIN a 6TB Western Digital Black hard drive with El Reg


Clive unpacked his new HD projector from Ebay

Brimming with VM goodness: Qnap TS-453mini 4-bay NAS



Magnetic lid and spinning rust... good combination.

Red Hat unleashes EL 7.2 beta on a waiting world


Re: Some nice additions

Oddly the release notes make no mention of two of the biggest changes: systemd is rebased from version 208 to 219 and gnome from 3.8 to 3.14.

CAUGHT: Lenovo crams unremovable crapware into Windows laptops – by hiding it in the BIOS


Lenovo are not the only ones apparently

http://www.securityfocus.com/archive/1/536181/30/0/threaded mentions HP and if two of the major vendors are at it then I'd not be that surprised to find more of them at it too.

Linux Foundation serves up a tasty dish of BUGS


"therefore how much TLS a particular tool or project needs."

I'm pretty sure you meant TLC

Thinking of adding an SSD for SUPREME speed? Read this


Your price for the 512GB SM951 is about £100 too high, it's currently available from a well known UK etailer for a shade over £235 + delivery.

China's STILL holding up the full WD-HGST integration. Why?


Or perhaps they've seen the failure figures for both companies drives and want to retain one company that makes stuff that works.

Feared OpenSSL vulnerability gets patched, forgery issue resolved


Bug introduced on June 11th

This is a fix for a bug that only entered the codebase on June 11th and was spotted on the 24th. I suspect almost no distros have backported or shipped such new openssl releases - oh, except Fedora which handily backported the buggy code :-( For those of us running CentOS/RHEL or probably any other LTS distro, the bug never even made it to the code...

The next Nest? We talk to Ring, the doorbell-come-security system


device owner gives 4 out of 10

So I bought one of these and by the time you factor in VAT and customs fees it works out at pretty nearly £200. Not cheap. And for that you get a nice looking bit of hardware that attaches to a 20p plastic backplate that's screwed onto the wall with 4 screws. The screws are a decent length and won't come out in a hurry but the backplate looks like it'll just tear off round them. The bell then fits onto the backplate with 4 tiny little plastic lugs that a child could rip off. In addition their special 'security' screws are standard size 5 torx fittings so really would only deter a passing thief who couldn't be bothered to go home and get his torx set out. Oh, and every time you screw those torx screws in, they eat a bit more of the bottom two plastic lugs on the flimsy backplate.

As for the device itself: it can't handle being set up on one wireless network while being configured from a device on another! It just bombs out and leaves the device half setup. And to reset it and set it up again, you have to remove it from the wall so that you can press the setup button on the back. Same goes for recharging the battery, device has to be removed from the flakey looking backplate which looks like it'll only stand a few removal/install cycles before it gives up the ghost entirely. Then there's the device functionality itself...

The videos it takes are full of blocking and static, the audio in both directions is appalling and barely recognisable, motion detection eats 12% of the battery per day so the claimed one year battery lifetime is really a week unless you disable the motion detection. Which is probably a good thing anyway since it goes off about every 30 seconds even with the range setting set to 5 feet.

Then when someone does come to call and rings the bell, it takes a few seconds to come through to my phone but uses the standard android notification sound, there's no ability to choose a different one nor to set its volume individually. So it bongs quietly and half the time I don't hear it and the rest of the time, by the time I've swiped my phone screen to get the unlock screen and entered my pass code then pulled down the notification area from the top and selected the ring app and hit 'accept' 5 times because it doesn't detect when you click on it, the caller has given up and gone away.

The latest android app update has now added a big advert at the bottom of the screen for their cloud storage solution. This takes up about 20% of my phone screen and cannot be removed except by signing up for cloud storage. Thanks but no thanks. No bug fixes in this upgrade, just 20% less useful information.

Can you tell how impressed I am with this? Great idea ruined.

Roku 3: Probably the best streaming player on the market ... for now, at least


>> Roku has no skin in the game when it comes to content.

So exactly how much of Roku is owned by Sky these days?

REPORT: UK needs online eBay-style court for civil justice


Wouldn't it be cheaper and more or less as reliable just to flip a coin?

Living with a Renault Twizy: Pah! Bring out the HOVERCRAFT


It's KW

It is of course 3KW and 7KW not 3W and 78W. I think even a tiny electric car might take a few days to charge at 3W...

Bash bug: Shellshocked yet? You will be ... when this goes WORM


Even the fix is flawed... CVE-2014-7169

MtGox has VANISHED. So where have all the Bitcoins gone?


"So even if Mt Gox has lost 6% of all its Bitcoins, it's still massively more solvent than any bank"

Err, no, it lost 6% of *all* Bitcoins. Not 6% of "its Bitcoins".

Apple plans to waggle iNormous 4½-incher in fanbois' faces



Surely a VPL is a Visible Pantie Line not a Very Phone Large. Perhaps you meant a VLP?


Biting the hand that feeds IT © 1998–2019