* Posts by sysconfig

289 posts • joined 5 Jan 2010


HMRC: We 'rigorously tested' IR35 tax-check tool... but have almost nothing to show for it


Re: High Quality Test Software Of High Quality

With the current government you have better chances of getting the contract, if you haven't even got a computer or skills at all. (see Seaborne Freight debacle)

The Large Hadron Collider is small beer. Give us billions more for bigger kit, say boffins


Re: I see oppotunity

Absolutely. And nobody knows more about colliders than Trump!

Clicky here

London Gatwick Airport reopens but drone chaos perps still not found


Re: I have a solution that is very feasible and would be dead-reliable...

So you were behind the drone nuisance to pitch your project next week? :P

Dropbox plans to drop encrypted Linux filesystems in November



I've been dropping Dropbox slowly over the last couple of months. Going to switch it off by end of this month now. I use Syncthing instead. N-way filesystem sync between PC, laptop, home backup and remote virtual server, all of which use different encrypted file systems and three different OS between them. Has been working like a charm. Oh, and the transfer off-site goes via OpenVPN link between home router and virtual server. Not that I have reason to believe that Syncthing's in-transit encryption of traffic isn't good enough, but I trust OpenVPN to be better tested and scrutinised.

Mobile app devs have, oh, about 9 hours left to decide whether to stay on Google's ad platform



Facebook handles end user data itself, so users of the ad network have nothing to worry about at all from GDPR.

I wish I could accept that as a fact. I'm sure you meant this to be funny.

Careful with the 'virtual hugs' says new FreeBSD Code of Conduct


So, in line with the new Code of Conduct...

Who of you snowflakes social justice warriors wants a *hug*?

WikiLeave? Assange tipped for Ecuadorian eviction


Poor living standards...

A person cannot live forever in these conditions...

So the Ecuadorian Embassy is one of the less comfortable Knightsbridge accommodations then?

Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs


Re: Hmm, If I was working at a secret agency

[...] it greatly benefits certain agencies

Exactly that. Especially given that Intel and AMD are American, and ARM is British, but their chips are used globally. From an agency and gov point of view: What's not to like? I bet they are more upset that this has come to light than they ever were about the existence of those flaws.

I'd also be inclined to wager that there are more flaws like this in CPUs and other chips/hardware. It's no secret after all that the 5 Eyes would like to see backdoors and reversible encryption everywhere.

Developers, developers, developers: How 'serverless' crowd dropped ops like it's hot


Re: A true paradigm shift!

Dataless. That's the future young man!

Oh, so the "big data" hype is already over?

Military test centre for frikkin' laser cannon opens in Hampshire


Time to start developing defensive measures...

...like a giant mirror?

UK.gov told to tread carefully with transfer of data sets to NHS Digital


Re: Privacy Lite as ever, it seems

Seems the upcoming GDPR will have no bearing on either our gov or the NHS. I wonder if they are somehow exempt. Any legal eagles around to clarify that?

NYC cops say they can't reveal figures on cash seized from people – the database is too shoddy


Lock them away...

...and conveniently lose paper trail and jail door key. Let's see how quick the database is fixed and/or a previously unheard-of backup found.

The mere fact that a law allows to snatch assets because somebody (police officer) thinks they might be connected to a crime, sounds very Wild West. Sad that these laws actually exist.

44m UK consumers on Equifax's books. How many pwned? Blighty eagerly awaits spex on the breach


EU data protection?

Customers of these companies might therefore be affected by the attack despite not having signed up for Equifax's services. The US agency holds the personal details of 44 million UK citizens

I'd be curious on which legal basis they hold the data in the US. And I'd be even more curious how they are going to inform all non-customers about the data they kept and failed to secure. 44 million UK citizens, for Christ's sake. That's almost all of the adult population.

Lord Sugar phubbed in peers' debate on 'digital understanding'


Re "Oh, and Hey you 'Amber Rudd', You are FIRED!"

If only!

Smart cities? Tell it like it is, they're surveillance cities



Absolutely spot on!

I'd only like to add one thing: You don't need to ponder "smart" control of resources, while hundreds of tons of water are wasted in London every year due to mains pipes that leak. Don't know about other countries, but this one has to get the basics sorted first. In the meantime I'll keep the little privacy I've got left, thank you very much.

NSA ramps up PR campaign to keep its mass spying powers


Re: @John Smith ... NSA"Last year we proved <redacted> really did kill 20 US citizens at <redacted>

"You have the issue of bad guys wanting to kill you because you don't believe in the exact same things that they do. They think of you as the evil incarnate."

I've got a few issues with this statement. First and foremost it's the moral high ground which the U.S. and many of its citizens are still claiming. The number of civilian casualties in the Middle East caused by the U.S. and their allies, is likely a lot higher than the number of terrorism victims on U.S. soil, in the same time frame. You don't even need to go as far as including the Gulf wars, which were based on the evidently false claim that WMD existed in Iraq. (That claim was known to be false before the war, not after returning empty handed.)

Moral high ground and fear mongering together are the biggest threats to our society. They're both used for political and economical gain, not to make us safer.

Besides, a lot more people have died in car accidents, drug misuse, gun accidents and crimes; each of these categories individually have produced more fatalities. And they are domestic. Now why do you think that not a lot is happening to tackle those? Because there's nothing to gain for big arms dealers, intelligence agencies and politicians; all of them desperately need fear and threats to further their agendas, inside the country and abroad.

Every time we give a piece of privacy away, the terrorists have actually won another battle.

After London attack, UK gov lays into Facebook, Google for not killing extremist terror pages


Unless the US social media companies are actually supporters of terrorism?

You don't have to go far back in time to find plenty of cases where the US, UK and others have made a sizeable amount of money by selling war machinery into countries which are now "evil" and supporting/hosting terrorists. In some cases you don't have to go back in time at all. The Saudi's are UK's biggest importer of weapons currently, for example, and as long as they keep fighting Yemen, they'll need more gear.

So if our governments (via arms manufacturers' lobbying and tax collection) have no interest in having an entirely peaceful world, why would companies in such countries care much about it?


Two things they want

1. They want to be seen to be doing something, anything.

2. They want more control over what we can and cannot see. Even if it's done with best intentions (I doubt that), there's no way anybody can effecitvely control which website should or shouldn't be visible. No pattern is perfect: Country of origin? (Hey there Donald!) Keywords? (let's ban everything about cars or knives?)

The UK Gov's wish (and that's all it is) answers to the demands of rags like the Daily Fail and their readers. But it's a futile attempt at best, and it's a very slippery slope.

Also, unless UK Gov somehow manage a world-wide ban of certain sites on Google (and all other search engines), people with enough criminal energy will easily be able to work around it. So it achieves nothing. Meanwhile, all the false positives will affect Law Abiding Citizen. Another win for the "terrorists" (in quotes, because we use that word way too lightly and sometimes inappropriately).

COP BLOCKED: Uber app thwarted arrests of its drivers by fooling police with 'ghost cars'


Bad press vs no press...

They say bad press is better than none at all. Uber really embraced this concept.

'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time


Re: Stop using PDFs ?

That's a very good point you're making there, JimmyPage.

Since false certificates were part of this discussion, I'd like to see that too. A cert is nothing but a ASCII text document of a very specific format. That should be a lot harder to pull off than using binary blob formats like PDF, which would allow you to hide a lot of stuff quite easily to tweak the hash to your liking.

Having said that, I'm not defending SHA-1. It was already known that its days are numbered.

Also, let's not use the term "calculate" when we refer to this stunt Google pulled off. Anything that uses 6500 years of compute time sounds a lot more like trial & error to me... or trial, verify, dismiss, repeat. Not quite a straight forward calculation. So SHA-1 is not really broken; it's just too weak as compute power becomes cheaper.

EDIT TO ADD, even if wandering off on a tangent: There are better ways to break SSL encryption, regardless of the hash used. How many of the Certificate Authorities that your OS&browser know, do YOU know? How many of them do you personally TRUST? SSL is fundamentally broken by design; unfortunately with no feasible alternative as yet.

Google agrees to break pirates' domination over music searches


Whether something is illegal or not...

...is for courts to decide, not for governments, search engines, or the music industry.

Censorship is in full swing in our so-called free western world.

Smash up your kid's Bluetooth-connected Cayla 'surveillance' doll, Germany urges parents



If big companies who earn money with coms and networking (in the broadest sense) struggle to keep their stuff secure (TalkTalk, I'm looking at you, but not only at you), how on earth can anybody think that some random company from far far away can and will keep their cheaply produced IoT stuff secure? Even if it was secure at time of purchase, who is going to update their daughter's doll? I mean seriously.

They did the right thing in Germany; the ban won't help much, but it raises awareness of the risks. It's a start, and goes quite in the opposite direction of what's happening here in the UK (as pointed out by someone else before).

This whole Internet of Trash is going to blow up in all our faces, if it hasn't already (depending on what gadget you have bought or intend to buy, or what is forced on you).

NGO to crowdfund legal challenge against Investigatory Powers Act


So they don't take AmEx, then?

Yes they do, and the input field splits the groups of digits correctly as you type. I can confirm, you may go ahead and pledge with your Amex, too.

Prez Obama expels 35 Russian spies over election meddling


Gesture to appease Joe Public

Expelling known spies is and has always been just a gesture to show Joe Public, "Look, we're doing something about it." Just political bullshitting, to be honest.

Much harder to expell spies the US doesn't know are spies. Even more difficult to expell those who have an American passport. And those are the one to worry about.

On a side note, I don't buy this RU interference nonsense. It's a desperate attempt to depict Trump as an illicit successor in the White House. (Disclaimer: I think he is a shite candidate. But so was Clinton. Choosing the lesser of two evils was particularly hard this time around.)

Samsung, the Angel of Death: Exploding Note 7 phones will be bricked


Re: Is this even legal in the EU?

I'm sure they can override mere property laws under public safety or anti-terrorism grounds

What has the world come to...

Brexit means Brexit: What the heck does that mean...


Re: And there's also the Snooper's Charter

We're going to lose a lot of data business, I think, just by creating yet-another-jurisdiction to deal with

Exactly. New, currently undefined, red tape and uncertainty about what and when and how are poisson.

Also, the giant holes in the left and right foot? They are called Snoopers' Charter Crater and Digitcal Economy Abyss. Neither of them is going to help attract business, to say the least.

HMS Queen Lizzie to carry American jets and sail in support of US foreign policy



That deployment will take place with half the air wing provided by US Marine Corps F-35Bs because Britain hasn't ordered enough of the jets for delivery in time to fully equip the air wing

So let's build those bloody carriers, even though we don't have enough planes to utilise them?

Want to spy on the boss? Try this phone-mast-in-an-HP printer


Re: I'm wondering

Who replies to text messages from numbers they don't recognise or people who won't identify themselves?

The same people who click on links in spam and phishing emails, and hand over credentials to third parties. We wouldn't see any of those "attacks", if there weren't enough stupid "customers".

What will happen when I'm too old to push? (buttons, that is)


Re: RE; LEDs

Or get an Echo and do everything by voice.

A cloud-enabled recording device in the bedroom? To each their own...

UK 'emergency' bulk data slurp permissible in pursuit of 'serious crime'


Re: Exactly what defines 'serious crime'?

Judging by the looks I get from my neighbours, having your bin out more than two hours before or after it's supposed to be picked up is pretty serious already. (out = end of your driveway, not even on the pavement)

Pressure mounts against Rule 41 – the FBI's power to hack Tor, VPN users on sight


@Six: Re: Definitely different!

Thanks for that rather insightful post. I didn't know any of that. Very interesting.

Energy companies aren't going to slurp your personal data. Honest


EDF keep trying

to force one of those smart meters on me. And boy are they persistent. But so am I.

It might be the case that energy companies are supposed to roll that shit out by 2020. That doesn't mean that I'm obliged to help them with that. There's neither a law that requires house owners to have those snoop smart meters, nor is there any law that allows energy companies to deny supply based on what meters are installed. So service will commence as usual, for the time being.

I don't care how old EDF think my meter is. It counts kwh just fine. They will not convince me otherwise, unless my leccy bill is suddenly much lower than it used to be (meter stopped working).

Lester Haines: RIP


Very sad news

55 is way too young to log out!

Rest in peace. Condolences to the family and friends.

Crims set up fake companies to hoard and sell IPv4 addresses


Dormant networks, unvalidated contacts

Surely ARIN itself could do the crims' job much easier, repossess orphaned and dormant address ranges and therefore delay the inevitable depletion of available IPv4 space a little bit further?

It's of course not a solution to the problem (slow IPv6 uptake), but would buy some time and remove a market for criminal extortion schemes.

Voter registration site collapse proves genius of GDS, says minister


You couldn't make this sh** up

They knew within two hours after the fact what went wrong. Hear, hear! Everybody who does not need a beating with a cluebat first, would have known *before* the fact how many visitors can be expected and what capacity might be needed (plus buffer and/or ability to scale).

And here's another piece of common sense: Things *always* get busier as a deadline comes closer. Some basic analytics and monitoring would have shown an alarming trend (for the un-initiated) and they could have spent those two hours to sort things out before seeing the service fail.

It was a spectacularly epic fail, not a success by any means. Politicians!

Uber helicopter taxis


For $19 I'd have a ride

I like flying in helicopters, so $19 would be a no brainer for me, if I lived in Sao Paolo.

After the promotional offers expire, the price will be many many times higher though, because helicopters and commercial pilots are not cheap to operate.

Symantec swoops on Blue Coat in $4.65bn deal


@Scunner - Re: Certificate Authority buys enterprise grade SSL decryption biz? What could go wrong?

How about this then? http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/

Their gear is already being used in non-consentual ways. Just not by our own governments yet (to our knowledge).

Also, there's a new ElReg article highlighting the same issue, quoting concern in the security community about the acquisition: http://www.theregister.co.uk/2016/06/14/symantec_blue_coat_analysis/

The thing is that for enterprise-level security, backed by clear consent (via employment contract, code of conduct etc), there's no need to have a proper cert on the Blue Coat appliances. The Blue Coat cert will just be added to trusted lists on all clients and you're good to go.

Having an already widely trusted cert just enables much easier misuse of decryption, without any added security benefit for the normal enterprise customer.

Wasn't too long ago that Symantec was threatened to be "untrusted" by Google as well, because of other blunders:



Five years ago I would have agreed with your analogy to cars. However, nowadays every citizen is presumed guilty and subjected to extreme surveillance, further extended by IPB & Co, which is a hard to grasp concept already. To add insult to injury we see privacy not only infringed by government agencies, but also by lots of big enterprises; and Symantec/Blue Coat would make it so much easier for everybody, that I find it difficult to give them the benefit of a doubt and assume all the best intentions. Complacency and ignorance is what got us into this state of surveillance, and we're only at the beginning of it. Forgive me if I cannot just look at Symantec/Blue Coat and assume best intentions. For the protection of a local network with Blue Coat, a proper CA signed cert isn't needed; for transparent decryption in other places on the other hand, it is.

My original argument was that Symantec can no longer be trusted as a CA because their cert on Blue Coat appliances used by others will enable transparent decryption.

I stand by that. Trust, for me, is not only defined as to whether I think an entity is doing the right thing and has good intentions, but also if whatever they provide can be misused by others. An analogy to that would be a trusted network vs a DMZ. You control servers in the DMZ, and should be able to trust them, but they can potentially cause harm due to the fact that others may compromise (gain access, misuse) them, hence you keep them away from the crown jewels.


Certificate Authority buys enterprise grade SSL decryption biz? What could go wrong?

See title. Symantec needs to have its status as Certificate Authority revoked and removed from all browsers and SSL clients RIGHT NOW. Otherwise all clients will trust the certs that Blue Coat uses, and will not question or even flag the MITM nasties that Blue Coat has built a business on.

(Fine if used in a company and policies and employment contracts are clear about private use; But really bad if we see this kit popping up at ISPs and hosting companies, in line with bills like IPB)

Over Ireland? Bothered by Brexit? Find that new home for your cloud


With the IPB coming, EU membership is less important to consider

Rather than waiting until 24th June, I'd wait until a final decision on the Investigatory Powers Bill is made, if I was a non-European company looking for a place to host. It looks very much incompatible with EU data protection laws, puts logging and data hoarding burdens on service providers and hosting companies that are not yet clearly defined, and may well render the EU membership question moot in comparison.

A non-European company's best bets for hosting are Ireland (if English-speaking country and low corporation tax rates preferred), Netherlands (AMS-IX) or Germany (DE-CIX) if best possible connectivity within Europe is needed. As an added benefit they get a location inside the EU.

All these options are a lot cheaper for hosting than anything near LINX as well.

If Britain decides to leave the EU *and* introduce the IPB, it will no longer be attractive for anybody to host things here, including domestic companies.

Government regulation will clip coders' wings, says Bruce Schneier


Re: The man's an incorrigible optimist

I think you will find it was BT not the BBC. Slightly different I think you might find.

BT of course. Thanks for the correction.


Re: The man's an incorrigible optimist

Evidently he's not got much experience of the British government

I think he's well aware of it, not least because he used to be employed by the BBC. (And the British gov is not the only stupid one in the world.)

But you don't go on stage at a major security conference and call out the government for what they are. It closes all doors for any sort of communication in the future. So you keep your reasoning along the lines of "haven't lost all hope just yet". Who knows, being the renowned security guy he is, he might be hoping to get an advisor role with a government?

Twitter: Don't know where hackers got those logins but it wasn't from us


"Out of 15 users we asked, all 15 verified their passwords"

That explains how passwords were collected in the first place then.

EU referendum frenzy bazookas online voter registration. It's another #GovtDigiShambles


This is due to unprecedented demand.

You don't say. Of course there's no precedent for a Brexit referendum, because there's never been one.

That said, how hard can it be to make an educated guess about the capacity needed? (EDIT: and/or design it properly so that it scales?)

Can anybody please name any GDS project that hasn't failed spectacularly (or is about to)?

FBI tries again to get warrantless access to your browser history


Great to hear that the Brits are pioneers and the Muricans follow suit this time around. Sounds a hell of a lot like Investigatory Powers Bill over here.

MPs pass new UK spy law


Register going BBC style reporting?

How can news about such important legislation only appear in those tiny news nibbles, which rotate all the way through in no time? IPB will take away over night the little privacy we had left, and turn all of us into subjects of surveillance, presumed guilty, while giving access to the information to a broad range of institutions and people with insufficient oversight and sign off procedures. Several committees and experts alike had doubts, which makes it even more outrageous and important, since you've got to wonder how it can receive such an overwhelming majority in the House of Commons.

This should be kept in the headlines indefinitely, not be disappearing with other FYI-style bites.

Brexit: UK gov would probably lay out tax plans in post-'leave' vote emergency budget


Re: Optional indeed...

Exactly what I thought, too. A lot of if, would, might, could, likely, unlikely etc etc

In essence the article supports what the "fear mongers" (remain camp) are saying: We do NOT know what's going to happen when Britain leaves, or when. A lot of things will have to be re-negotiated, which takes time and causes uncertainty - and that's always bad news for business.

On the pro side, if Britain left the EU, the next 1-2 goverments here will have a very hard time blaming any shit on the EU or migrants.

Systemd kills Deb processes


@Alan Brown - Re: Creating problems that didn't need solving

Incidentally, it's NOT a huge monolithic process and can be understood _if_ you take the time to do so. [...]

The blind hate is unjustified. You might not want to use it on your single-user box and that's fine but in a large, complex, multiuser environment it's a different story. That said, it's far closer to an ideal startup sequencer than BSD or SysV were and _that_ is why it's not going to go away until something better comes along.

Firstly, it's not blind hate, but my personal experience and opinion, which I am entitled to.

Secondly, more importantly, do not make any assumptions about the environments I am in charge of or my willingness or ability to learn systemd. You can keep your Lennart-like attitude to yourself.


Creating problems that didn't need solving

That's, in a nutshell, systemd.

If distros think it's useful to speed up boot times and respond to device changes (wifi, GUI interaction etc) on desktops and laptops, that's one thing. But it has no f***ing business on servers. The average server's POST time is probably around 2 minutes due to controllers etc. I don't give a flying f*** if Linux takes 10 or 30 seconds to boot after that. It only happens once every blue moon anyway (kernel & glibc updates), and while it reboots, another server is taking over the job.

Systemd is the idea of a self-centred hobby kernel developer (now unfortunately sponsered/employed by RH), who shows complete disregard for real world problems.

It messes with things it shouldn't (leave them processes alone!), adds layers and layers of unnecessary complication to simple tasks (who asked for binary logs, please? if you store logs *only* on the server, and not remotely, you have bigger issues than log integrity), and the list continues.

Just keep those screw-ups coming. Makes it easier for me to propose FreeBSD to clients.

Rant over - until systemd messes up yet another thing, which won't be long.

Don't panic, says Blue Coat, we're not using CA cert to snoop on you


Google decided to consider Symantec no longer trusted in December (as reported here) - that time it was Symantec "testing" something.

The current CA landscape is a farce. Somebody, somewhere decides which corporations everybody is supposed to trust. And those corporations can then go ahead and delegate that trust to other parties, like BlueCoat (and anybody else interested in stealthy MITM nasties), or they issue malicious certificates without even knowing about it (Comodo a few years ago, IIRC).

Unfortunately there's no alternative, yet.

The Windows Phone story: From hope to dusty abandonware


@JimmyPage - Re: Even though most people evidently prefer Android and IOS

I *use* Android, because it's either Android or iOS. But I don't "prefer" it.

By prefer I actually meant choose for whatever reason, simply based on market share. Should have been a bit clearer there.

That was a very general and neutral statement. However, on a more personal note, just for the record, I have a Lumia 650 myself, which I think offers fantastic value for money and is a very neat phone altogether. Apps aren't a problem for me, because those which I need, are available and work well. I do not fancy going back to either Apple or Android, either.


Biting the hand that feeds IT © 1998–2019