* Posts by Fazal Majid

323 posts • joined 16 May 2007

Page:

IETF mulls adding geoblock info to 'Bradbury's code'

Fazal Majid

Well, at least it’s not useless garbage like the “I’m a teapot” HTTP status code 418.

2
28

Europol cops lean on phone networks, ISPs to dump CGNAT walls that 'hide' cyber-crooks

Fazal Majid

Re: There's no incentive for IPv6 in the west

Not so. Large service providers have to get IPv4 addresses on the black market nowadays, at around $10/IP. Microsoft bought Nortel's /8 at its bankruptcy auction, and Amazon bought big chunks of MIT's /8 for AWS.

0
0

Beware the GDPR 'no win, no fee ambulance chasers' – experts

Fazal Majid

Re: Dwarves???

Tolkien admitted as much:

No reviewer (that I have seen), although all have carefully used the correct dwarfs themselves, has commented on the fact (which I only became conscious of through reviews) that I use throughout the 'incorrect' plural dwarves. I am afraid it is just a piece of private bad grammar, rather shocking in a philologist; but I shall have to go on with it. Perhaps my dwarf – since he and the Gnome are only translations into approximate equivalents of creatures with different names and rather different functions in their own world – may be allowed a peculiar plural. The real 'historical' plural of dwarf (like teeth of tooth) is dwarrows, anyway: rather a nice word, but a bit too archaic. Still I rather wish I had used the word dwarrow.

The Letters of J.R.R. Tolkien 17: To Stanley Unwin, Chairman of Allen & Unwin. October 1937

0
0

Dot-Amazon spat latest: Brazil tells ICANN to go fsck itself, only 'govts control the internet'

Fazal Majid

Re: The whole thing's stupid

Yep, just a greedy land-grab by registrars looking to shake down multinationals and trademark owners for more registration fees under the new gTLDs.

29
0

Aw, not you too, Verizon: US telco joins list of leaky AWS S3 buckets

Fazal Majid

Usability is to blame

AWS and S3's permissions system has got to be some of the most baroque, over-engineered and complicated permissions format ever devised. It's not surprising so many fail to get it right.

7
1

Apple bumps up price on iPad Pro as flash costs climb

Fazal Majid

The iPhone X is $1149, not $999

It doesn't make any sense to get one with a measly 64GB of flash.

5
0

Oracle's systems boss bails amid deafening silence over Solaris fate

Fazal Majid

Re: Not the repo you're looking for

Unfortunately OmniTI disengaged itself from OmniOS. Whether the project is sustainable as a community project is anyone's guess:

https://lists.omniti.com/pipermail/omnios-discuss/2017-April/008699.html

0
0

Rolling in personally identifiable data? It's a bit of a minefield if you don't keep your feet

Fazal Majid

PII covers more than you think

IP addresses and device IDs like the Apple Identifier for Advertising or Google Android Advertising ID are considered PII, and thus GDPR encompasses more than many companies think.

4
0

Minnesota Senator calls out US watchdogs: Why so cozy with Amazon?

Fazal Majid

The fact Target is headquartered in Minnesota must be fortuitous.

17
1

Node.js forks again – this time it's a war of words over anti-sex-pest codes of conduct

Fazal Majid

We'll see if the Ayo fork gets any traction. The previous one Io.js was motivated by complaints that the main Node.js project then run by Joyent was too slow at incorporating technical feedback and contributions from outside the company, i.e. the technology was not progressing as quickly as it should.

This fork is driven purely by process and personality conflicts, and is thus much less likely to provide benefits (new features or bug fixes) to the average Node.js developer. The fact it was launched before the Node.js board had the opportunity to respond to the complaints also looks like a fit of pique. After all, policy concerns around inclusiveness are not technical, and thus belong to the board, not to a technical steering committee.

10
0

Nasty firmware update butchers Samsung smart TVs so bad, they have to be repaired

Fazal Majid

They were unusable to begin with

What with Samsung SmartTVs' horrendous UI. Bricking the device is more like a mercy killing, really.

16
2

What code is running on Apple's Secure Enclave security chip? Now we have a decryption key...

Fazal Majid

Re: No public code review --> security by obscurity.

The Secure Enclave runs a variant of the L4 microkernel, one version of which (seL4) was proven secure using formal methods. No one knows if Apple performed the same kind of analysis on SEPOS. but they have clearly given serious thought to their design.

21
0

Google paying Apple BEEELLIONS to stay search top dog on iDevices, say analysts

Fazal Majid

Apple may have a branded DuckDuckGo in the works

Over the last 2 years or so I've seen online surveys that suggest Apple is working with DuckDuckGo on a co-branded search service. I doubt Apple would voluntarily forgo Google's billions for default placement, but it would be a credible threat if Google is foolhardy enough to believe its brand trumps the power of defaults.

1
0

Marketing giant Marketo forgets to renew domain name. Hilarity ensues

Fazal Majid

You can usually renew domains for ten years

Of course the flip side is that by the time the renewal notice comes in, whoever did it the last time likely has left the company...

9
0

Two-factor FAIL: Chap gets pwned after 'AT&T falls for hacker tricks'

Fazal Majid

That's why NIST deprecated SMS authentication

in the draft SP 800-63-3 guidelines, which also discourages other security theater like forced password rotations and crackpot password composition rules:

https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html

0
0

You think your day was bad? OS X malware hackers just swiped a Mac dev's app source

Fazal Majid

Re: Lost ?

Every git checkout is a full backup of the code repository, including his colleagues/employees, so in the worst case they'd lose a few days' work that hadn't been pushed to the Git server and pulled by the other devs.

6
0

DocuSign forged – crooks crack email system and send nasties

Fazal Majid

The perils of outsourcing

Sounds like their email marketing provider was compromised. No doubt marketing selected the said provider based on the color scheme of their website with no input from IT or security audit.

1
0

Yeah, keep buying those SSDs, grins Seagate: Your data will be on our disks eventually, muaha

Fazal Majid

Delusional

Sure, there is an argument to be made for disk replacing tape as the backup and archiving medium of choice, but that is not a path to riches, as can be seen by comparing the market cap of Seagate or WDC and Quantum.

0
0

That apple.com link you clicked on? Yeah, it's actually Russian

Fazal Majid

A simple fix

Would be to block IDN on the .com zone, where the vast majority of attempted impersonation would likely occur.

9
2

BMW chief: Big auto will stay in the driving seat with autonomous cars

Fazal Majid

Unjustified arrogance

I am a BMW driver, and given the horrendous nature of their in-car electronics and software, I have severe doubts about their software chops. They are resisting Apple CarPlay and Android Auto despite clear customer demand for in-car software that doesn't suck, and think they can play the same customer-hostile games with autonomy.

In any case, it's not relevant. Tesla outsells BMW, Audi and Mercedes 2-to-1 in the $50K+ segment, and is now coming to eat their lunch in their bread-and-butter entry-level luxury (3 Series / A4 / C Class) segment with the model 3. Despite having nearly 10 years warning, the luxury brands don't have an even remotely compelling all-electric offer for sale today, just vaporware. They are going to be too busy scrambling to survive to be fighting on the autonomous driving front, where Google et al have hired up all the machine learning PhDs needed to make the required breakthroughs.

2
0

Banking group denied access to iPhones' NFC chips for alt.Apple.Pay

Fazal Majid

Apple's refusal to cooperate can't have been a critical factor—they could only stall, but not block it if they did not prevail in the appeals process, and regulators have limited tolerance for scofflaws.

The deciding factor is clearly that the regulators see mobile wallets as competition for the entrenched banks, and allowing them to coopt the former would reduce competition, quite rightly in my view. The situation might be different if others asked for this, e.g. telcos.

1
0

As ad boycott picks up pace, Google knows it doesn't have to worry

Fazal Majid

Re: Excellent

Toyota and DJI drones certainly enjoy their custom.

2
0

Everspin's new gig: a gig or two of non-volatile RAM on PCIe

Fazal Majid

DDRDrive

DDRDrive introduced a similar product years ago. It held 4GB of DRAM backed by GB of SLC NAND and a supercapacitor, for $2000 list. If the card detects power loss, the supercap has enough juice to write the RAM contents to the flash. It was primarily marketed to ZFS users to accelerate the ZFS intent log (write cache), as DRAM does not suffer from the performance cliff of most SSDs.

0
0

Public IPv4 drought: Verizon Wireless to stop handing out static addys

Fazal Majid

Verizon, not Verizon Wireless

I don't know of any wireless service that hands out static IPs, there is not much call for them unless you are running servers.

2
1

Kodi-pocalypse Now? Actually, it's not quite here yet

Fazal Majid

Shaming

The end credits to X-Men Apocalypse had a message "This movie created 15,000 jobs", presumably to make people feel bad about pirating. I'm not sure how much of an impact this would have in a society rife with narcissism and self-rationalized bad behavior, the example being set from the above.

3
2

Aah, all is well in the world. So peaceful, so– wait, where's the 2FA on IoT apps? Oh my gawd

Fazal Majid

Re: Goolge can't even get their subsidiary use their own 2FA tools

Yes, SMS based 2FA is deprecated by the current drafts of the NIST SP 800-63-3 authentication standard, and due to be banned altogether in the next. SMS relies on the abysmal security of GSM standards and can be spoofed by a DIY Stingray involving about $2000's worth of hardware and GNU Radio.

This is security theater at best.

1
1

Rap for chat app chaps: Snap's shares are a joke – and a crap one at that

Fazal Majid

"went against the underwritten rules of Wall Street"

I think you meant "went against the unwritten rules of Wall Street".

0
0

Shopping for PCs? Ding, dong, the Dock is dead in 2017's new models

Fazal Majid

AMD Naples workstations

What I am looking most forward to is AMD's 32-core/64-thread Naples server CPU, for use in my development workstation. I can exploit the cores doing parallel builds, but Intel's extortionate Xeon pricing means I am currently limited to 4 measly E3-1670v3 cores.

5
0

$310m AWS S3-izure: Why everyone put their eggs in one region

Fazal Majid

US-East is popular

Because half the US population lives in the Eastern Time Zone.

Amazon only recently (4 months ago) opened its US-East-2 region. Many people haven't heard about it yet (I hadn't until just now) and in any case it is based in Ohio, which is nowhere near as big a connectivity hub as Virginia.

0
0

Silicon Valley tech bro's solution for homeless: Getting himself in the news. Again.

Fazal Majid

SF only pays lip service to homelessness

Sure the tech boom has put a lot of strain on an under-supplied housing market (thanks in no small part to NIMBYs stifling any high-density residential construction), but it's also brought in an extra $4+B in tax revenues per year, a truly staggering amount. That windfall would allow the city to purchase housing for every single homeless person in a single year.

SF sees fit to fritter it away instead on things like $500+M for bike lanes over the next 10 years (total cyclist population: 14,000). Of course, homelessness is a complex social problem with mental health and substance abuse implications, but the simple truth is for all it's liberal self-image, San Francisco would rather wring its hand about homelessness than actually put its money where its mouth is.

6
1

Google Chrome 56's crypto tweak 'borked thousands of computers' using Blue Coat security

Fazal Majid

Re: The curse of "Blue" security

Blue is the corporate color par excellence. It symbolizes trust, loyalty, authority,

conservatism, business in Western cultures:

https://www.six-degrees.com/pdf/International-Color-Symbolism-Chart.pdf

https://www.flickr.com/photos/philgyford/56867986/

The headline is wrong, this is clearly Bluecoat's fault for misimplementing TLS 1.3, and not testing it against the browser with 50% market share. If they had not implemented TLS 1.3 at all, the browsers would have fallen back to TLS 1.2.

7
0

Engineer who blew lid on Uber's toxic sexist culture now menaced by creepy 'smear campaign'

Fazal Majid

Eric Holder

Would that be the same Eric Holder who managed not to find anyone guilty of fraud in the 2008 depression, other than Madoff (who was unwise enough to steal from the rich)? Sure, he was shielding the banksters at his boss' behest, but that shows just how independent he is not, nor will be in this sham whitewash of an "investigation".

5
0

Uber hires Obama's attorney-general to review its workplaces

Fazal Majid

Re: Re:Why? and then we ask ourselves why women in are few and far between

The fair number should be the same as enrollment in university CS courses. Unfortunately that number has actually been declining:

http://www.npr.org/sections/money/2014/10/17/356944145/episode-576-when-women-stopped-coding

0
0

In colossal shock, Uber alleged to be wretched hive of sexism, craven managerial ass-covering

Fazal Majid

She really should sue

Unfortunately the Ellen Pao fiasco probably has created a chilling effect on sexual harassment cases, but given she seems to have a well-documented evidence trail (as befits a SRE), it would seem like a slam-dunk. Just because a company is well-known to be toxic with a huge sense of impunity doesn't mean they are actually above the law.

7
3
Fazal Majid

Re: Careful there...

How is Uber a monopoly? Every single ride-"sharing" driver I have ever seen is also on Lyft. There are no barriers to entry whatsoever, and as #DeleteUber shows, their user base is much less sticky than they believe.

4
0

Two words, Mozilla: SPEED! NOW! Quit fiddling and get serious

Fazal Majid

Firefox OS is not the problem

What do you expect in an organization where people with technical chops like Brendan Eich are forced out by touchy-feely non-technical mouth-breathers? Vivaldi is clearly the way to go.

2
6

Macs don't get viruses? Hahaha, ha... seriously though, that Word doc could be malware

Fazal Majid

Re: Macs don't get viruses

I asked a colleague whose SO works at Apple what AV they use, the answer was "none".

Quite frankly, AV software is written with terrible coding practices that dramatically increase your attack surface and can be counter-productive. One major product had buffer overflows in its scanner that meant you could be infected simply by receiving an email. At least without AV, you would actually have to double-click the attachment to be infected:

https://twitter.com/taviso/status/654321182338977792

0
0

Explained: Apple iCloud kept 'deleted' browser histories for over a year

Fazal Majid

Vacuum

When you delete data in a SQLite database, as in most databases the data is not actually erased, just marked as logically deleted and available for reuse. It's not actually physically removed until the VACUUM command is called.

11
0

Why does it cost 20 times as much to protect Mark Zuckerberg as Tim Cook?

Fazal Majid

Re: The author is wrong - the CEO doesn't decide security

You are probably right. When combined with the said threat assessment team's natural tendency to exaggerate the threat (so as to pad its own budget) and a new parent's hormone-driven paranoia about his child, that could easily explain the difference.

0
0

Apple eats itself as iPhone fatigue spreads

Fazal Majid

It's the headphone jack, stupid

We're well past the point of diminishing returns on smartphones, where they are good enough and combined with the end of carrier subsidies, we are in a replacement market where people will just keep their phone until it breaks, just as they do with PCs or tablets.

Apple was spectacularly clueless to give its customers, most of which are still in a every-other-year replacement schedule, a reason not to upgrade by abandoning the headphone jack.

2
0

Valley techies to protest outside Palantir – Trump adviser's creepy citizen database biz

Fazal Majid

Re: Meh!

Google "Maher Arar" for an example of the horrifying potential of social-network analysis run amok.

5
0

Why Theresa May’s hard Brexit might be softer than you think

Fazal Majid

Dr. North

Dr. North provides something sorely lacking, a pragmatic and detailed roadmap of how Brexit could be made to work. His proposals are flawed, however, because like all British governments since the 70s, and probably much of the British establishment, he keeps on seeing the EU as a mere trade agreement that has grown too big for its britches.

Pro tip: there is reason why it was renamed from European Economic Community to European Union. Continental Europeans see it as a political project, originally to make internecine wars like WWI and WWII inconceivable, but now mainly to unify Europe under a loose federal banner to keep it relevant on the world stage. They do not share Dr. North's curious infatuation with UNECE (inventors of EDIFACT, surely one of the most baroque set of data formats ever).

Dr. North's vision of European countries rebelling against an overbearing EU to switch instead to a panglossian utopia of frictionless free trade brokered by benevolent (and competent!) UN committees is simply risible. The EU is what it is because that's how most of its member countries want it, yes, even Greece. His vision is certainly possible, unlike most Brexiter predictions, just like it is possible that Bill Gates will wake up tomorrow with a burning desire to give me a billion dollars, but it is just as unprobable.

7
1

Happy 20th birthday to the RADIUS RFC

Fazal Majid

Re: 20 years?

Yes, RADIUS was more of a Livingston, then Ascend thing.

RADIUS lives on, most enterprises' WiFi and authenticated Ethernet rely on it, but it's successor DIAMETER (get it?) is the protocol that is replacing SS7 for telephony in the post-circuit era.

2
0

Not OK Google: Tree-loving family turns down Page and pals' $7m

Fazal Majid

Re: Condemn?

California law makes illegal Kelo-style land grabs under eminent domain for the benefit of a private party.

11
0

Exclusive: Team Trump's net neutrality guru talks to El Reg

Fazal Majid

Net Neutrality is actually the weaker option

The article makes Net Neutrality sound like an extremist position. It is actually a milquetoast compromise. The real uncompromising position, that I fully endorse, is structural separation, i.e. that network providers are banned from participating in adjacent markets like apps, video services and the like. Network Neutrality violations are hard to prove and police, whereas removing the incentive for them to occur in the first place would be a far more effective.

The biggest invention in telecom, automatic switching, was a consequence of Net Neutrality violations. Almon Brown Strowger was an undertaker, and his local telephone switchboard operator was the wife of his competitor, who would underhandedly direct his calls to her husband instead. Strowger retailiated by inventing the rotary automatic telephone switch, which would put her out of a job and make the network tamper-free (at least until software-based digital switches replaced electromechanical switches like Strowger's).

12
0

HMS Queen Lizzie to carry American jets and sail in support of US foreign policy

Fazal Majid

Re: U.S. has used Harriers...

I think he is referring to the fact the US Marines couldn't believe their luck and purchased all the British Harriers they could get their hands on when the UK MoD unwisely decided to scrap them even though there is still no operational replacement.

14
0

Apple fans using Chrome on alert for Mac malware

Fazal Majid

In the bad old days of System 7 Mac viruses were rife, specially the resource fork ilk. It's moving to the UNIX foundation of OS X that made a big difference, not any difference in demographics.

3
0

Obey Google, web-masters, or it will say you can't be trusted

Fazal Majid

Misleading title

It's the certificate authorities issuing the certificates, e.g. RapidSSL, who have to do the work, not the webmasters.

5
0

How many Internet of S**t devices knocked out Dyn? Fewer than you may expect

Fazal Majid

Mistake #1 - using BIND

http://blog.erratasec.com/2016/10/some-notes-on-todays-dns-ddos.html

0
1

Possible reprieve for the venerable A-10 Warthog

Fazal Majid

Re: On Loitering Aircraft.

"Isn't the Apache a better loiterer"

Helicopters are notoriously vulnerable, even to small-arms fire. The A-10 on the other hand can still fly even when huge chunks of the superstructure have been blown away by cannon fire.

4
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017