* Posts by Alex 72

13 publicly visible posts • joined 6 Nov 2009

UK finance minister promises NHS £3.4B IT investment to unlock £35B savings

Alex 72

Re: Ah yes, Mr Hunt...

Maybe they can get 10:1 ROI if they keep that Mr ?unt as far away from the project as possible.

Why the end of Optane is bad news for all IT

Alex 72
Linux

Re: Not the idea, the implementation

Yes, this could have won in the marketplace if Intel opened it to all CPUs including ARM, and worked with UNIX/Linux vendors and OSS projects and Microsoft to build OS varients that used it the way google and apple do before a hardware launch. If as many people here believe there was benefit to be had demonstrating this at launch and opening up potential customers to everyone could have built demand (it would have brought competition but Intel would have first mover advantage and the segment would still be there now). Oh well, I guess it's a lot to expect Intel to manage their own IP carefully and to look out for the long-term health of their shareholders and the industry when it is easier to try to put everything new in an intel walled garden like the apple one but with none of the benefits because reasons.

BSA kicks multiple holes in India's infosec reporting rules

Alex 72
Alert

Re: The BSA

Whilst I have no wish to defend the (B)SA, I must take exception with the implication that it is wise for India's CERT to ignore the collective experience of companies many of whom have 75+ years of experience in this space and spend Indian taxpayers money on measures that will not work.

I do agree that these firms have responsibilities for software vulnerabilities and bad architectural decisions from decades ago but most if not all of them release patches every month. These firms are at least trying to deliver secure software. CERT-In if it is not taking feedback seriously or attempting continuous improvement are making themselves part of the problem and not the solution.

Australian digital driving licenses can be defaced in minutes

Alex 72

Re: Stop Using Phones for This

The iOS wallet works on the lock screen and I assume Google wallet will too.

If a plastic card option is still an option and this allows people to get an instant id I can see it being useful. I think a physical doc as a backup like chip and pin cards now would be helpful they could even print the qr code on the physical doc too so you can scan it at car rental places the way you do passports and e-tickets at the airport.

So I can see there are ways with public keys to allow verified entitres to confirm a license is genuine based on a decent PKI, trusted entities to verify the holder meets age requirements and the driver number and the government and police to do what they want as well as allow users to share what they consent to with verified third parties. But that all assumes that the app enforces an alphanumeric passcode at the os level like every decent BYOD registration that provides mobile tokens and productivity apps and the org in question has or can build and maintain a decent PKI and when vulnerabilities are responsibly reported software is patched. As the author said government systems of old do not inspire confidence these conditions will be met and without them paper and plastic are far superior.

VMware customers have watched Broadcom's acquisitions and don't like what they see

Alex 72

Ahh Broadcome the harbinger of doom

Even if Broadcom mean it: that they intend to keep all of VMware's customers and grow the business as an independent unit I am not sure they know how. Broadcom will also have the same advisors (accountants lawyers managers whoever) telling them there is an opportunity to hurt the competition by ending support for a competitor.... If they mismanage it or break legacy kit for the sake of it as everyone has pointed out those on the road to public cloud can go to Azure, AWS, Google cloud... instead of whatever VM Ware are doing and those stuck with VM's can use Microsoft Hyper V or KVM or even IBM system i or Joyent or PROXMOX. There is also the container space Docker and LXC/LXD and Kubernetes and so on. And as noted all of these can work with Terraform, PowerShell desired state config, ansible, and so on just as well as VMWare. Most of these alternatives are all still adding features and if VMware stips support and drops stuff well you know. Even those customers who have custom solutions and decades of investment after being forced to replace all the kit in a DC will not have the same brand loyalty in the long run and may use a different platform for greenfield systems.

So I hope Broadcom can pull it off and grow a profitable company without destroying it but much like the people the Reg talked to I will not hold my breath.

Spies still super upset they can't get at your encrypted comms data

Alex 72
Coat

Why break encryption

Given that the main issue the 5 eyes seem to have is with default on encryption for things like imessage and android messages as well as whats app and facebook if there were a system like the one describe below which was built in to client device (laptop desktop and mobile) OS's and made available to developers maybe mainstream comms and software providers could still have some security and allow "lawful" access but mainstream software isn't the problem for the real threats like terrorists they use telegram and ricochet and custom onion router code to communicate and even if they could find a way to incorporate this in to the those technologies without making them completely useless no one would use them after that as another open source app without this would appear in a day a fork of the predecessor from the last commit before it was added most likely with a shiny new name an no oversight. It's not the people who generate keys and share messages in the light you need to worry about.

With Shamir's Secret Sharing surely a key could be assigned with 4 or 5 factor authentication to allow authorise organisations with a warrant (i.e. anyone who can get a software or hardware token activated and a valid smart card for an approved organisation and a password for an ldap account on a trusted directory (with audited access so that anyone doing without a warrant gets caught) plus 2fa secured passphrase based on the device info from an approved manufacturer employee or something similar to de-crypt a built in key which is random and unique generated at manufacture. This key would never be stored on the device or anywhere else un-encrypted (other than volatile memory on the device creating it) but in encrypted form on a worm chip plus a manufacturer whilst this back door is still a potential attack vector it is cumbersome enough to achieve that traditional blackhat hacking would be easier. The only problem with something like this is that 5 eyes may not like it as the manufacturer 2fa would mean that in circumstances where they would rather no one knew how many communications were being encrypted by agencies who have blanket warrants or who "don't need them" the manufacture would know and could insist that agencies provide authorisation or a aren't every time would report it to other agencies and the media if anyone ever fraudulent claimed to have a warrant but didn't...

Brit cloud slinger iomart goes TITSUP, knackers Virgin Trains, Parentpay

Alex 72

customer 1st

Maybe throw gamma or bt some money to lease another line i get that some of the traffic cant go on the public internet unencrypted but encrypt it and pay for the overhead I doubt there isn't at least provider who could lease them enough bandwidth to get tier 1 services back up. It would be expensive on this level of notice but so is publicity like this

UK's super-cyber-snoop shopping list: Internet data, bulk spying, covert equipment tapping

Alex 72

Bye bye encryption

WTF no encryption you can't break so no encryption: "RIPA requires CSPs to provide communications data when served with a notice, to assist in giving effect to interception warrants, and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the CSP to whom the notice relates."

Alex 72

No encryption that works

WTF so TDM and VOIP providers can't provide encryption strong enough they can't decrypt. "RIPA requires CSPs to provide communications data when served with a notice, to assist in giving effect to interception warrants, and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the CSP to whom the notice relates."

Would putting all the climate scientists in a room solve global warming...

Alex 72
Thumb Down

Straw Man!

Straw Man! that is all

Microsoft's Hotmail flicks finger at UK students

Alex 72
FAIL

UWS is ok but

Outsourcing uni mail servers saves space money and and its better isnt it.... oh wait it isnt and its a single point of failure apparently YAY

Vint Cerf mods Android for interplanetary interwebs

Alex 72
Thumb Up

Mars on the number 25 ?

So we tried to figure out how to send data to mars and along the way made downloading **** on the train or in a tank whilst moving work well LOL