* Posts by Flat Phillip

88 posts • joined 2 Dec 2010

Page:

'They took away our Cup-a-Soup!' Share your tales of bleak breakout areas with us

Flat Phillip

Re: First they came for the coffee

It's a reasonably reliable sign, especially during the dot-com days.

If they started to muck around with coffee or fruit or whatever, it was time to either burn down your leave or find another contract. It didn't mean things were going bad tomorrow, but you had fair warning.

US taxman wants AI to do the security checks it seemingly can't do itself

Flat Phillip

Needs more work

Here I was hoping it was some new AI killbot that rampaged after SharePoint administrators.

Inept bloke who tried to sell military sat secrets to Russia gets 5 years

Flat Phillip

Looking after dad

If this guy starts making enquiries about life insurance and muscle relaxant when he gets out if I was his dad I'd firmly decline his "help".

nbn™ hits the half-way mark – but has more than half of the job left

Flat Phillip

How ready is ready

I live in one of those locations where it is ready for service (passed the RFS date in March) but... well its not quite orderable yet.

So the website helpfully says

YOUR AVAILABILITY

SERVICE AVAILABLE

and then:

There’s still work to do before we connect your premises.

So, using their own statistics, which are more about stretching the truth then reporting what is actually happening, am I one of the 50% that is ready for service or the 50% that is not?

Good Guy Comcast: We're not going to sell your data, trust us

Flat Phillip

Aggregate and opt-in

There were two parts that to me seem to be Comcast using the weasel-words.

First, they won't hand over individual data, that doesn't mean it won't be sent in aggregate and who knows how small those "buckets" get. Also it has been shown many times you get enough aggregate data you can sometimes work out who someone is.

The opt-in can of course be covered by 5 scrolling pages of "EULA yada yada" style opt-in in the future, so its all good.

It's Comcast right? We all know how this will end.

Australia's online Census collapses, international hackers blamed

Flat Phillip

Unexpected DDOS

You would think given this is a highly public event with some data privacy contraversy floating around it that they would know someone would try something like this.

There are methods to help against DDOS usually using some sort of service provider.

I think the days of "we didn't think it would happen to us" or "we didn't expect it that big/that way" are long gone.

Liberal Party of Australia: why are you paying so much for ancient software?

Flat Phillip

DataFlex

DataFlex? Now there's a name I've not heard in a long, long time. A long time. I haven't heard software gone by the name DataFlex since, oh, since you were born.

Or maybe 1991; its a close call. And we were trying to remove the awful thing not install it!

Motion Picture Ass. of America to guard online henhouse

Flat Phillip

Someone should build that list. Not because I host anything dodgy but because I don't what my email and/or tiny website at the mercy of some idiot lawyer in Hollywood.

It also sends a very signal to those registrars. Let's face it, it's not like there aren't other choices out there.

Flat Phillip

Safeguards

It will be all ok because of those safeguards, you know the ones that:

* Try to take down sites using 127.0.0.1

* Remove Debian CDs because they were CDRs

* Tried to nail someone because they were using bittorrent to get valgrind

It seems the rush to find the pirates there may be a somewhat liberal interpretation of what a safeguard is. The hint is, its not "some crap we made up so you all ok about us which we will ignore".

Still it's nothing new; I'm sure there were such things happening in the high seas in Ye Olde Days where some ships that was unknown and/or suspect got taken out.

Australian Greens don't believe Silicon Valley can save the world

Flat Phillip

Not exactly sure

But something about the article makes me think the author is taking the piss at our new-fangled STEM will save the world, or at least Australia, idea our pollies currently have.

I am Craig Wright, inventor of Craig Wright

Flat Phillip

Re: chain of blocks

More likely a chain of bollocks, to use one of those quaint English sayings.

Pop goes the weasel! Large Hadron Collider blown up by critter chomping 66kV cable

Flat Phillip
Linux

Cyber Squirrels

Obviously this weasel is part of the Cyber Squirrel conspiracy. While they don't have a break-down of all their agent types and only list successful attacks by Squirrels, bird, raccoons etc, I'm sure it was them.

You can find out what other successes they have had at http://cybersquirrel1.com/

A penguin is a bird, right? (277 successful missions so far)

Miguel de Icaza on his journey from open source to Microsoft: 'It's a different company'

Flat Phillip

Re: open source people DON'T universally hate Miguel.

You do recall correctly. People may want to rewrite the history but Qt around the time Gnome and Gtk started was quite hostile to open source. It was that typical "we'll call it open source but you play by our rules" attitude.

The competition of Gtk definitely put some pressure (but would not be the only reason) to open up Qt; it's all ancient history now but doesn't mean it didn't happen.

Australia's Dick finally drops off

Flat Phillip

Re: dropped off a *long* time ago

Yeah, 25 years seems about right. I was an employee of Dick Smith back then. Half of us had electronic interests and you could see things changing. While there was a full complement of electronic components, there was this temptation to go into consumer electronics because that's where the cash was (Telephone Answer Machines and My kids first computer)

Move forward a few years and noone had any idea and electronics components were those under-stocked annoying things in the corner nobody cared about. I stopped going and went to plays like JB or online instead.

Strangely enough, Jaycar hasn't changed terribly much and is still going.

Admin fishes dirty office chat from mistyped-email bin and then ...?

Flat Phillip

Another era?

I suspect the admin had the best of intentions at the time. There was a time email was newish and he probably thought he was helping people out by fixing typoed email. I doubt he was thinking it would be a problem getting work related emails and sending them on their way.

Me? I'd nuke it and then consider if I want a catch-all anymore. Maybe just check the mail logs and add some alias for some common problems. It is easy to be the armchair general with hindsight though.

DNS root server attack was not aimed at root servers – infosec bods

Flat Phillip

Re: Was it a test?

Not really hard to send stuff from 895M addresses; you can build programs that send it from just over 4 billion addresses. Now; if they were sending it from more than 5 billion addresses and using IPv4 then I'd be impressed.

I'm surprised source IP filtering is still not in yet (and yes I'm quite aware of some of the pitfalls of it). Doesn't make sense for consumer type lines and for the vast majority of commercial ones too.

A Logic Named Joe: The 1946 sci-fi short that nailed modern tech

Flat Phillip
Thumb Up

Re: *Remarkably* sharp prediction?

Brunner had a lot of predictions in that book (others too). Have an upvote.

FBI v Apple spat latest: Bill Gates is really upset that you all thought he was on the Feds' side

Flat Phillip

Re: We are the government

I suggest narrow means "not quite as much as NSA does"

Yahoo! is! up! for! sale! – so! how! much! will! you! bid!?

Flat Phillip

Yahoo should buy Yahoo

After all, it's where all the other failed Internet properties go to die.

D&D geeks were right – their old rule books ARE worth something now

Flat Phillip

Has to be a better way

If only there was a large company filled with nerds that had a really good way to scan books. I'm sure they're not cutting up the library books for the project.

Help! What does 'personal conduct unrelated to operations or financials' mean?

Flat Phillip

JM

My guess he has done something that John McAfee would approve of.

Perhaps they can get together and form some sort of strange start-up.

Samba man 'Tridge' accidentally helps to sink request for Oz voteware source code

Flat Phillip

Voting machines

You do realise that in Australia there are essentially voting machines now? All the bits of paper get counted and then the numbers are sent to a central site and put into a computer, which then does things like send it to the media, update the website and ultimately give the results.

Sure, for simple cases you could pick up fraud, e.g. Voting booth A at electorate B voted 75% Party C, but the scrutineers with their samping might see it only 25% so it looks sus. For more subtle changes its harder, but for the lower house its the edge-cases that get more checks.

For senate (and the story was about the senate voting), good luck with that! There is in theory a 1:1 relationship between the number of bits of paper seen and the numbers that go into the computer but after that it gets hard real quick, especially when you get to the later preferences when the usual suspects have their quotas.

That's not to say I think AEC is fiddling the books, quite the opposite. I'm just pointing out there have been computers involved for quite some time.

The bigger problem is disenfranchising public from the senate voting because it's almost impossible for normal humans to vote how they want in the senate. Not really an IT problem though voting machines might help with the "tablecloth" but a change how the senate is elected would certainly help.

Doctor Who: Even the TARDIS key can't unpick the chronolock in Face the Raven

Flat Phillip

Re: Bring back Clara!

I saw that too. I thought, oh she already has taken it and in the next scene it's back and NOW she's taken it.

Even with Turnbull's NBN, Australian ISPs are getting faster

Flat Phillip

Is it wholesale or retail?

I was never sure, but I assume this is the retail provider, not the wholesale. For example I use the iinet/internode/tpgi borg as my provider which is the retail side but the DSLAM is Telstras, would that make my crappy internet a black mark against i/i/t or Telstra?

If it is based on retail, then it really is that Telstra provides crummy internet. I already know the internet is bad outside metro areas using Telstra wholesale, but then, who else would you use?

Australia on the very brink of cyber-geddon, says ex-spook

Flat Phillip

Sounds like most of those natsec types: the world is going to end in a horrible scary way unless you give us more money or powers. Actually to be sure that nothing scary happens, how about you give us both?

My parents don't know I'm in SEO. They think I play piano in a brothel

Flat Phillip
Happy

Re: A very quick education

Well FWIW I found your explanation interesting. I do wish the spammers would back off a bit, I really don't give a rats about my SEO ranking for my own site; execpt perhaps for bragging rights and I'm not paying for that.

NEW ERA for HUMANITY? NASA says something 'major' FOUND ON MARS

Flat Phillip

Do the rock snakes shoot sparkling cannonballs?

Cisco network kit warning: Watch out for malware in the firmware

Flat Phillip
Unhappy

Linked blog

If you try to visit the cisco blog (link is in the article) and attempt to sign-in, you get a weak DH key error. Funny to see that on a blog entry about security.

Get that OFF dot-com, hysterical France screeches at Google

Flat Phillip

Re: Geo-blocking?

It doesn't have to be defamatory or wrong, it just needs to be old or not the current situation. The classic example being someone has gone bankrupt not payed his creditors etc and its reported in the paper. Fast forward a few years later and he is no longer bankrupt, debts are gone etc but you search for their name and the first few hits are those old reports.

The reports are true, just old.

The problem with this sort of law is what is old and what is not relevant? If I am a politician and have done some shady stuff a few years ago, should that data be "forgotten"? What about a hotel with bad reviews?

Also, if I don't like all the other Flat Phillips and want all the hits to be about me, why not just send in a report for all those other websites so I get the first hit on searching.

How British spies really spy: Information that didn't come from Snowden

Flat Phillip

Re: If you've done nothing wrong ... you have everything to fear.

Actually the 96 cyber-attack thing sounds good at first, but depending what it is could be meaningless.

You'd expect someone such as Arbor or other DDoS mitigation company would have detected far more than 96. One security vendor (yes I know they have a drive to increase the number) is saying there were 25,000 attacks today.

Even if they discovered 96 attacks a day, I don't think 0.4% is that impressive for me to have my privacy routinely invaded.

Security tool bod's hell: People think I wrote code for Hacking Team!

Flat Phillip

Re: not possible

During the times of creating the Debian Free Software Guidelines (DFSG) there was a lot of heated discussion around Fields of Endeavour. People were a little uncomfortable with Debian being used on.. certain things. The problem was those "certain things" varied from person to person. For some it could be genetic research, others it was military while there used to be licenses prohibiting software for CB radio (yes this last one actually existed).

In the end, there seemed to be no sensible way of a) working out and agreeing what was universally the "bad thing" and b) having a sensible way of limiting it that could go into a license or the DFSG. Debian now has item #6 as a result.

SourceForge staggers to feet after lengthy STORAGE FAIL outage

Flat Phillip
Unhappy

Re: You can believe everything they say.

My download and summary pages are back, the hosted website isn't.

Glad I moved some of my projects off there already,I wasn't happy with the way they are going so I'm glad I did the move.

Heinz cockup sees Ketchup's QR codes spurt saucy sites

Flat Phillip
Coat

I have heard the movies on that site are a bit saucy

Someone had to say it. I'll go now.

Hardcore creationist finds 60-million-year-old fossils in backyard ... 'No, it hasn’t changed my mind about the Bible'

Flat Phillip
Alien

Maybe He just messes with carbon dating

You, know like he reaches out with his noodle and messes with the carbon dating machine, or just makes these fake fossiles - pasta can be quite cunning.

Avoiding data retention will be as easy as eating a burger

Flat Phillip

Re: Is Ludlam being a bit naive?

You're missing what he is talking about.

He is talking about the proposed wide-spread data retention scheme that may get introduced in Australia. That scheme will have 2 years of storage of anyone using the internet, to a point and with exceptions.

To get around that specific scheme, just have a Big Mac, or perhaps a Frappe and hook in to the wifi and use something like gmail. The spooks will know that someone in the Maccas accessed gmail but not who they were emailling.

Not exactly Mission Impossible stuff. Meanwhile everyone else using an Internet connection will have their data logged for 2 years all ready for the movie companies or hackers to gain access.

For those that don't understand metadata, EFF has a pretty good page about it at:

https://www.eff.org/deeplinks/2013/06/why-metadata-matters

Brits need chutzpah to copy Israeli cyberspies' tech creche – ex-spooks

Flat Phillip
Black Helicopters

Re: Easy

This isn't one of those "declare war on France" things some Brits like to go on about; especially after a few beers? It's pretty local and there has been some history with you two.

Seems like a pretty extreme thing to do just to get some firewall startups.

Google boffins PROVE security warnings don't ... LOOK! A funny cat!

Flat Phillip
Unhappy

They are pretty awful messages

I saw this one today:

A secure connection cannot be established because this site uses an unsupported protocol.

Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I think it means the website is using an old version of SSL, possibly SSLv3; maybe.

Those sort of error messages bug me, you KNOW what is wrong Mr Chrome but you give me a message with OR in it. Firefox was a little better with:

Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

And IE? Well IE 8 just worked fine with no error message at all.

Telstra: we don't collect the metadata the government wants now

Flat Phillip

Why would they retain the IP address for billing? They don't need it.

"User 1234567 downloaded 15 MB at time X" versus "User 1234567 with IP address 127.0.0.1 downloaded 15 MB at time X" doesn't give the carrier any more information. The ones I've seen generally try to aggregate the data as soon as they can for data storage reasons. It costs 1/12th of the price to store hourly data usage versus 5 minutes and from a billing dispute use, the two are pretty much identical. So yes it comes off the actual production systems in short intervals but its only until its "rolled up".

Admittedly, its been a while, but it would mean its a backward step.

There is also the required level of accuracy. The level for operations stuff (think MRTG etc) is pretty low. The level for billing is much higher but still leaves some leeway. The level of accuracy required to say User 1234567 is a terrorist/pedo/pick your boogieman is even higher still. Making sure something is accurate (whatever that means) costs money.

BOO! Grave remote-code exec flaw in GNU C Library TERRIFIES Linux

Flat Phillip

This family of functions is obsolete and anyone needing this sort of feature should be using the more modern (and IPv6 capable) ones instead. The fact that exim is the default for some systems and is remotely vulnerable is a little bit of a worry, but the default setup of exim is to connect to the localhost only. That moves it from a remotely exploitable bug to a privilege escalation one (if its the default setup).

Still, it should get fixed if you have vulnerable versions. Debian Jessie and Sid aren't so no need to update for me.

Microsoft: We bought Skype. We make mobiles.. Oh, HANG ON!

Flat Phillip

Re: If they abandon the Tiles for the Win 3.1 look&feel of Android...

Someone who *liked* that Windows Phone tiles UI?

Wow, the Internet does bring out the weirdos.

Microsoft tries to defend Irish servers from US g-men invasion, again

Flat Phillip

Re: One thing...

I wouldn't say many if it has gone to court. The defence would argue that the material was cannot be used as it was not obtained correctly and that would of been picked up by some news outlet; even if it was to compare it to this one.

Of course if it was one of those US courts that doesn't care about procedural fairness, such as some of the military ones, then who knows what has gone through them.

This is really all about Microsoft avoiding the situation where all of its non-US competitors would sprout some (if it is upheld, actually valid) FUD about any US based cloud service and how the US government can have a sneaky peak in whenever they feel like it.

Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority

Flat Phillip

Re: So how will this work?

The way it works now if ANY CA keys are compromised then any certificate can be faked. Leaving browser caching (remembering if you like) keys its seen before aside, if having this CA spooks you and you say you are not going to use it won't make your website any safer as there is no "hard link" between a specific server certificate and the CA one. It would be lovely to be able to independently say that my server uses a certificate from this specific CA so reject any signed certs from anyone else but that doesn't exist.

Someone else said that they'd be worried about the daemon having some evil mode. It looks like it will be open source (there is some code on github) which should at least remove any intentional nasties.

You'll go APE for our new Gorilla Glass 4, Corning reckons

Flat Phillip

Re: Fnarr Fnarr

Prince Rupert? When did he get that? I assume it was for outstanding services in providing a fair and balanced news reporting. It's good to see a (former? is he still Australian anyhow) colonial be promoted up to Prince.

Oz gov lets slip: telco metadata might be available to civil courts

Flat Phillip

Maybe not tarred at first. Perhaps a quick peek through 2 years of web browsing history to find something that at very least sounds dodgy (you visited a website that shares the same IP address as weloveisis.com would do it).

Then they've found the tar; A quiet word to a tame press and the job is done.

Woman says narco-cops used her PICS to snare drug lords on Facebook

Flat Phillip

"bad actors doing bad things"

Are they talking about miming "I will survive" while wearing too many sequins? Some things should be banned!

CNN 'tech analyst' on NAKED CELEBS: WHO IS this mystery '4chan' PERSON?

Flat Phillip

I think that may be an arrestable offense these days

Then nab him and stick him up on a cross, that'll teach him and all his cyclophilliac mates.

No, thank you. I will not code for the Caliphate

Flat Phillip

Re: > Isis please.

Actually I keep thinking why are they running that instead of OSPF or EIGRP?

No, minister Turnbull, IP addresses aren't part of routine billing data collection

Flat Phillip

Re: How would the data be used?

My guess would be:

1. Find dodgy site and raid it for its logs OR find out what addresses visited said dodgy site by some other means, such as ask your friendly NSA counterpart.

2. Lookup address in the "BigMal" metadata metadatabase.

3. Profit!

Nuts to your poncey hipster coffees, I want a TESLA ELECTRO-CAFE

Flat Phillip
Unhappy

Re: Move to the US

I used to think that. A week and a half on the US west coast where my only goal (besides boring "work stuff") was to find decent coffee. No matter where I went the best coffee I found was to the level of "OK" and most was downright nasty. Basic things like overheating the milk, use beans that have taste and how about cleaning the machine every decade seemed to be overlooked.

Arrived back in Sydney to the over-priced so-so coffee places in the airport (of all places) and had the best coffee for a week; only in a relative sense of course!

The WiFi however, was very good.

Help Australia's PM and attorney-general to define metadata

Flat Phillip
FAIL

That's the problem with lies

One of the difficulty of lying is trying to make sure you remember what falsehoods you have said where and keeping it all straight. When you start getting asked questions about your set of lies, it can go bad very quickly.

While I think both the PM and A-G are completely incompetent when it comes to anything technical (and probably a lot of other things as well) I suspect the difficulty they had increased because they know they're trying to do something and that something will be unpopular and they don't want to spell it out. It's much easier to spout slogans than do any real work which is what this issue requires.

As dan1980 and others have said metadata is YOUR data. In fact if I was going to track and link someone, a bucket of metadata is better because its easier to sift, search and make connections with.

Page:

Biting the hand that feeds IT © 1998–2019