* Posts by bpfh

450 posts • joined 26 Jan 2011

Page:

Amazon may finally get its hands on .amazon after world's DNS overseer loses patience

bpfh Bronze badge
Flame

ICANN’T

See title

Hapless engineers leave UK cable landing station gate open, couple of journos waltz right in

bpfh Bronze badge
Big Brother

Inspiring words

"any interruption of service would not materially impact internet traffic".

I could use this in my customer service notices. This is absolutely awesome:

"This total interruption of service does not materially impact the use of your product, and does not affect our 99.999ggg9% uptime sla guarantee.

As such, please don't ask our sales team for service credit as your services are not materially impacted even if they are. You Have Been Told.

Cheers Mate,

Your Beloved and All-Knowing Support Team".

That marketing email database that exposed 809 million contact records? Maybe make that two-BILLION-plus?

bpfh Bronze badge

No continued compliancy

An unused for 10+ years email address of mine is in the list...

BNP Paribas systems 'tombés à l'eau' in France for over 24hrs

bpfh Bronze badge

Re: "...systems 'tomber à l'eau'" ??

I fell in da wartaaaaaaaaaa!

bpfh Bronze badge
Holmes

Was still down at about 11 AM CET this morning when my mobile app told me to do one to a rolling donut. Back up early afternoon for me.

ReactOS 0.4.11 makes great strides towards running Windows apps without the Windows

bpfh Bronze badge

Will it run visual studio 6 perchance ?

USB4: Based on Thunderbolt 3. Two times the data rate, at 40Gbps. One fewer space. Zero confusing versions

bpfh Bronze badge
Joke

They probably found that were copyrighted by Microsoft

bpfh Bronze badge

I second this. And they can call it Pentium for 20 years and about 10 versions before changing to usb core 2 duo. And usb Xeon for the professional version. And a usb Itanium that is not really usb at all...

Ok, then all that sounded better in my head.

Correction: Last month, we called Zuckerberg a moron. We apologize. In fact, he and Facebook are a fscking disgrace

bpfh Bronze badge

Re: Facebook and Disabled Accounts

The “cloud” is just somebody else’s computer. If you are paying for it, then they have a service obligation. If you don’t, then not so much.

How much did you pay Facebook for the image hosting and backup?

It's not your imagination: Ticket scalper bots are flooding the internet according this 'ere study

bpfh Bronze badge
Devil

Somebody has big money invested in this for years

A theory, with first a backstory about botnets.

In 2006 I designed and delivered as a one man band freelance engineer, an online selling site for a toy company, all built from scratch. I did my best for mitigating any attacks, injections, account security, hashing and seeding password details, even wrote some big fixes for a major bank’s online credit card processing library.

I got a request for a last minute change to add shop details so that someone could find their closest shop, with photo and contact details. A quick change where the shop name was passed in the url, this argument was parsed, checked that it was not attempting to get out of its root directory (in the end, not well enough), then this argument was used to run an include of $shopname.inc, and that would be rendered to the shop details page. This ran without fault for months.

So, one day the site started running slow. Ssh’d into the box, ps aux showed 2 perl scripts running from /tmp, taking up 98% cpu. Killed the processes, archived the files, rebooted as single user and archived the logs , ran several malware checks , ended up reimaging the server and restoring the site from cold backup to be sure.

After 2 days of log analysis, looking how the box was pwned. I ended up finding in the apache logs thousands of scans attempting to exploit known issues in known web apps and web servers. All ended with a server error as I was not running those apps or servers (server says apache, runs on Linux, lets run IIS attacks to get to the servers c drive...) - except one, from memory somthing like scan 2400 out of 6000, a direct access to one specific page on my site, no poking around to see what worked, no plugging random values seeing how the server responded, just one single bang to one direct page, all needed values present plus one ‘unexpected’ informing php to include the remote payload.

So. Rookie mistake, not realising that include() was not just a local include.

What got me was that somebody had checked the site, understood how the system went together , and crafted a tailored specific attack for a specific page on this, low volume totally bespoke closed source website, not used anywhere else on the net.

I never did find any details in the available logs on how somebody poked around and identified the pages to include, so it happened over a month before, then was released and that scan was being used in a script kiddies automated attack package, my bug was being searched on millions of servers around the net.

So, somebody took the time to look up the server, find a vulnerability, even if it was simple you needed to check and test first, design the attack and package that in with a list of others, then run the attacks, running from what I could discover ddos and sending spam.

I was amazed that someone took the time to find a one off vuln in a one off app, on one server so they could pwn it, and was running the same attack on other servers around the world.

Fast forward 8 years, ticket bots are on the rise when I first heard about the problem.

My theory is that some guy who was dedicated enough to do major analysis work to grab a fistful of dollars sending viagra spam on pa couple of thousand pwned servers has levelled up, and putting their ressources into reverse engineering ticket sites, custom matrixes to be able to get in, get around captchas and work on seat allocation.

Sell one inflated ticket and you have made 10 times more than you would ever have done pumping a few million spam emails from your botnet. Sell a thousand tickets and you are laughing. And far more legal than overt hacking. Less pain more gain.

So, how to mitigate ? Ip range restrictions from the major bitbarns à la BBC iPlayer ? It would probably slow the automated scrapes. Better captchas would be good too, but would still be vulnerable to wetware hacking from a Bangladeshi sweatshop, paid a few cents per form filled, add some geo restrictions, order limitations per ip, should go some way to limit the fake purchases. Ticket naming, proof of ID with reimbursement but no exchange/resale would be the cherry topping.

But are the ticket selling sites interested in doing this or are they just doing a ‘don’t care got paid’ customer service model...?

Qbot malware's back, and latest strain relies on Visual Basic script to slip into target machines

bpfh Bronze badge

Re: One day...

Because all the cool kids did it back in the day probably. Thanks Lotus.

I will admit that from a VB point of view, the access you can still get into office apps is awesome if you need it, but vba automation is such a niche market, it can only be a fraction of a percent of the use base.

The fraction of a percent of skint teenagers leaning to program vb in the nineties will thank MS for embedding VB6 IDE into office tools that only cost a quarter of the official product :)

Slow Ring Windows 10 fragged by anti-cheat software in the games you're playing at work, says Insiders supremo

bpfh Bronze badge
Headmaster

Not like this is a new thing.

I cannot find the intial technical article, probably long gone and/or buried in one of Microsoft's blogs, but I did dig up these three, talking about the Windows 95 era:

- Windows 95 detected if SimCity was running, and then ran the memory allocator in SimCity compatibility mode to ensure that the app did not crash the protected memory model due to a memory allocation bug in the game: https://www.joelonsoftware.com/2000/05/24/strategy-letter-ii-chicken-and-egg-problems/

- Why Windows 95 never displayed a compatibility error to request an upgrade for this: https://blogs.msdn.microsoft.com/oldnewthing/20050728-16/?p=34783

- Windows 95 shipped without a laptop battery power limitation trick because specific laptops from a specific big name manufacturer at the time would lock up if you used it (and also another system would crash if your graphics card was too far away from the power supply on the local bus): https://blogs.msdn.microsoft.com/oldnewthing/20030828-00/?p=42753

For these cases, the issue was that there was software and hardware with known faults that would bring down the system, and in general the customer experience would be "this bloody operating system is so crap, it can't even run apps that it used to run before the upgrade"... and given that when '95 came out, internet was in it's infancy, telling a client to "navigage" to a "website" and "download" a "patch" would incomprehensible be for the vast majority of users at that time, who went out to real physical shops and bought software on diskettes and CD's. Remember this was the time when Windows 95 was sold on a ton of diskettes (between 13 and 40 depending on your release version), so finding that there may have been a windows bug - or a discovered undocumented feature - that allowed some software to possibly do somthing that worked could well have been broken after a bugfix or a change in the internal API's, bringing down the app that used or exploited it, and again, this would be taken as Microsoft's fault because their working game broke, when actually it could be the game playing fast and loose with the specs, and now Microsoft wants that module (which could be a common module used across several game engines) to be fixed to avoid the hassle of SimCity hacks in the kernel, especially now that everyone has Internet, and these patches can be distributed as and when needed, avoiding Windows having to develop nasty compatibility workarounds.

Fan boy 3: Huawei overhauls Air-a-like MateBooks

bpfh Bronze badge
Linux

Re: Patriots Run This Hardware

Welsh patriots?

(Penguin icon as there is not one with a sheep)

Artificial Intelligence: You know it isn't real, yeah?

bpfh Bronze badge

Re: What's worse than the biased algorithm

Who needs a stethoscope when you have a tricorder^M^M^Msonic (screwdriver|sunglasses)?

bpfh Bronze badge

As for the nurse example...

Well, this is also the great thing with English having mostly neutral nouns , and when there are male of female ones it is either implicit (ship is a “she” by convention in English, but “he” in French and Russian for example), so the translation needs to make some guesswork to Identify from a neutral noun to guess the one you want.

So, “i talked to the nurse today” becomes “j'ai parlé à l'infirmière aujourd'hui”, but if you specify “i talked to the male nurse today”, it does change to the male sentence “j'ai parlé à l'infirmier aujourd'hui”, so you can overrule it if you need to by being explicit.

BOFH: Bye desktop, bye desk. Hello 'slab and a beanbag on the floor

bpfh Bronze badge

In think it’s called a “database normalisation error”.

Any consultant who disagrees can look in my very heavy spring loaded briefcase. That one open there. Lean over into it and look and the paperwork. Be careful , would not want it to snap shut would we.... WOP.

Oops.

Wop wop wop...

bpfh Bronze badge

Seems that the PHB has a modicum of sense...

though the fact that he is part of the scheme now, makes it likely that he will take the fall for any further action before finding himself in a roll of carpet in the PFY's Scottish estate...

Bored bloke takes control of British Army 'psyops' unit's Twitter

bpfh Bronze badge

Re: "Yes, there was some French blood there"

And that explains the driving on the south side of La Manche !

NASA boffins show Moon water supply could – er, this can't be right? – come from the Sun

bpfh Bronze badge
Devil

I'll just leave this here

https://www.youtube.com/watch?v=bVorQyjA6gA

Secret mic in Nest gear wasn't supposed to be a secret, says Google, we just forgot to tell anyone

bpfh Bronze badge

Re: Oh, crap they caught us again!

He is running a multiplayer Doom server?

WWW = Woeful, er, winternet wendering? CERN browser rebuilt after 30 years barely recognizes modern web

bpfh Bronze badge

Re: RE: ...and now your average web page weighs more than the shareware distribution of "Doom"

For one you have the Big Fucking Gun. For the other , well, I really wish it was a God Dammned Plasma Rifle...

bpfh Bronze badge
Coat

Re: Eh, it's pre-CSS

Starting with the page code that can be helped with HTTP compression options, but then you get the images, which may not be much (though i've seen too many 4 meg jpeg's being forced down to 200 x 300 pixel window), then you add a couple of hundred kb of minified jquery, then a gazillion js includes for all the tracking and stats libraries under the sun, plus google tag library as someone has realised that their website is so locked down that the only way they can publish content to their own website is using an external system, chewing through your data package....only finally after 2 seconds to run about 10 redirects to tell you that you are the billionth visitor to this website and you have won a free copy of viking nazi zombies rape and pilliage if you click here and subscribe to a 50 quid a week game plan, and cannot get back to the actual bloody content you wanted to read in the first place...

Yep, the web has come a long way since when I started in 1994. Get off my lawn and take your fucking fake arsed download buttons and autoplay video ads with you.

Mine's the one with my mate's diskette of racey animated GIF's in the pocket.. I swear it's my mates. I'd never look at such stuff, of course.

Solder and Lego required: The Register builds glorious Project Alias gizmo to deafen Alexa

bpfh Bronze badge
Joke

Re: Dear el-reg

Would not whispering directly into Alexa somthng along the lines of ordering sex toys or a 55 gallon drum of anal lube when the host was out fixing drinks not give them the message that an always on listening device linked into the online tat bazaar is not a good idea? You can always protest that the think must have been mis-listening to your conversation...

Bloke thrown in the cooler for eight years after 3D-printing gun to dodge weapon ban

bpfh Bronze badge

Re: Because

Theoretically yes, if you get approval from the BATFE for a destructive device and some paperwork from the DOE. Remember that local statute also applies and I believe there may still be a 500 dollar fine in a Phoenix AZ for letting off a nuke within city limits.

Why does that website take forever to load? Clues: Three syllables, starts with a J, rhymes with crock of sh...

bpfh Bronze badge

Re: Adverts

You can’t block wildcard sub domains with the hosts file. I ended up using uBlock to finally nail doubleclick and a handful of others ...

After outrage over Chrome ad-block block plan, Google backs away from crippling web advert, content filters

bpfh Bronze badge

Back to Firefox...

After being an IE fanboy for years due to Firefox becoming a memory hogging monster , Chrome was a big surprise and I jumped on it in a big way, but the increasing data slurp, memory issues, lack of flexibility in declaring internal sites as trusted and save, I ended up a couple of months ago trying out Firefox again, and was pleasantly surprised. I did have a moment of doubt when I got a notification that firebug was going to have issues but the built in tools were good. I am now only using FF and happy with it.

Crash, bang, wallop: What a power-down. But what hit the kill switch?

bpfh Bronze badge

North of Mexico which is south of New England with is west of England, which is east of South Wales which is north of New South Wales...

Sysadmin's three-line 'annoyance-buster' busts painstakingly crafted, crucial policy

bpfh Bronze badge

Don’t break their skulls...

Odin frowns upon his followers who cannot drink to his health from the skulls of their ennemies.

Lock em’ in the server room in a T-shirt for a couple of hours before releasing the FM200 instead.

I'm a crime-fighter, says FamilyTreeDNA boss after being caught giving folks' DNA data to FBI

bpfh Bronze badge

Technically...

Your fathers source code was committed to your mothers repo, and merged with hers, then was managed and developed further by her until you arrived as a 1.0 release about 9 months later (or possibly public beta if the product was delivered early but unfinished and asking the community for assistance to complete the product. Which raises some ethical questions about your public licence...

So, aside from the initial commit and merge, all the development into a viable product was done by yo moma, so I would say she is responsible for the original work and holds the copyright and enforced her legal ownership until copyright expiration after between the legal 18 and 21 years expiration date!

Data hackers are like toilet ninjas. This is not a clean crime, you know

bpfh Bronze badge
Headmaster

Re: Inquiring minds want to know...

"password": This password has been seen 3 645 804 times before

"password123": This password has been seen 116 847 times before

Of course, this is over the whole HIBP database from all loaded leak, not just the latest one.

https://haveibeenpwned.com/Passwords

bpfh Bronze badge

Re: But...

Difficult really, as Dabbsy is here once a week, and Simon about twice a year...

Then again, I did notice that Alistair seems to have been getting his inspiration from somewhere in his recent articles. We will know when we see the article about the client getting pushed down the stairs, stuck in a lift over a long weekend or getting home-made ECT in the unlit underground car park...

bpfh Bronze badge
Joke

Re: Cow orker

Cow Orking. Still legal in parts of Wales.

Core blimey... When is an AMD CPU core not a CPU core? It's now up to a jury of 12 to decide

bpfh Bronze badge
Joke

As much as they can.... Probably 16 cores for Oracle, as many cores as they can and x2 for a vague definition of hyperthreading :p

Ever feel like all your prayers go unheard? The Catholic Church has an app for that

bpfh Bronze badge

Re: Wrong App?

I thought you were not supposed to pick the Apple...

Apple hardware priced so high that no one wants to buy it? It's 1983 all over again

bpfh Bronze badge

Re: A reminder of how crap Apple products are

386 dx could go to 40 mhz or is my memory playing tricks - it was long time ago !

Lawyers' secure email network goes down, firm says it'll take 2 weeks to restore

bpfh Bronze badge

Correct. The pentagram and chanting is used to summon Oracle. Or BT depending on the chant.

AI snaps business titan jaywalking

bpfh Bronze badge
Joke

Did they really display...

A big dong on the screen ?

I’ll get my coat...

You were told to clean up our systems, not delete 8,000 crucial files

bpfh Bronze badge

At IBM in 1998...

When a 1994 era 540 meg drive failed it got a direct upgrade to 2 gb as there were no smaller FRU HDD’s available as replacement stock, and we had 4 gb Aptiva’s floating around being deployed new.

Oregon can't stop people from calling themselves engineers, judge rules in Traffic-Light-Math-Gate

bpfh Bronze badge
Trollface

Re: A lot of snobs in here today.

"Plagiarize

Let no one else's work evade your eyes

Remember why the good Lord made your eyes

So don't shade your eyes

But plagiarize, plagiarize, plagiarize

Only be sure always to call it please "research" "

- https://www.youtube.com/watch?v=UQHaGhC7C2E

bpfh Bronze badge
Joke

Re: OMG

Those who can, do

Those who can't, teach

Those who can't teach become politicians...

What happens when a Royal Navy warship sees a NATO task force headed straight for it? A crash course in Morse

bpfh Bronze badge

Re: NATO task force can't read Morse code?

I guess it’s as the backup. When all computers and electronics have failed for whatever reason, a good old light bulb and a battery will get the job done as long as there is a bald monkey around to hook it up and press the tit.

Could you speak up a bit? I didn't catch your password

bpfh Bronze badge
Mushroom

Ahhh Biometric Gates

Make passport control easier. And Faster. And is the reason why i "by mistake" take the non-EU channel for the Eurostar both in Paris and London as invariably the manual from one passport control agent go faster than the forest of bloody "automatic" gates...

Is Google purposefully breaking Microsoft, Apple browsers on its websites? Some insiders are confident it is

bpfh Bronze badge

Re: Brittle software?

No, Opera complained that some Microsoft web pages served borked html when Opera said it was opera, but when Opera changed its browser ID string to say it was IE, it got parseable HTML that worked as expected

EU politely asks if China could stop snaffling IP as precondition for doing business

bpfh Bronze badge

Re: Questionable quality...

Good old may by J. A. Pan. Now it's all made from premium quality chinesuim.

London's Gatwick airport suspends all flights after 'multiple' reports of drones

bpfh Bronze badge
Mushroom

Find the culprits...

And have Sussex Police deliver them to the departure lounge for an hour or two before hauling them off to trial. If there is anything left of them...

Dev's telnet tinkering lands him on out-of-hour conference call with CEO, CTO, MD

bpfh Bronze badge

Re: Well, there was this time...

Cold chisel? I used a shotgun...

https://www.youtube.com/watch?v=r7GZlHmLDWg

Time for a cracker joke: What's got one ball and buttons in the wrong place?

bpfh Bronze badge

And if you are really motivated...

on the old Latitude D610's (IIRC), if you tried very very hard, you could force an ethernet plug into the air vent before calling the helldesk that I needed to check the meeting room network connectivity from our database sales manager...

Windows 10 can carry on slurping even when you're sure you yelled STOP!

bpfh Bronze badge

Re: Easy Instructions

I followed your instructions but I don’t have a browser on my c drive to download anything after point 3, but I do have a ton of free space now!

Doom at 25: The FPS that wowed players, gummed up servers, and enraged admins

bpfh Bronze badge
Mushroom

Re: Dear God

It's worth installing, especially now that more modern versions have X and Y axis aiming, and more weapons to put your friendly neighbourhood imps through the meat grinder.

BOFH: State of a job, eh? Roll the Endless Requests for Further Information protocol

bpfh Bronze badge

Re: Depressingly accurate

Obviously you have not had any recent database normalisation errors recently. Or your management are on the ground floor or have windows that don’t open, even with assistance from the maintenance guy at 9pm along for the promised bottle of whiskey...

Page:

Biting the hand that feeds IT © 1998–2019