Four hundred quid to become a nominet member, then a hundred quid a year.
Cheaper than I expected.
29 posts • joined 28 Apr 2011
Moxie Marlinspike, known for signal messenger and entertaining blogging about ocean sailing, has a bit of history with Gandi.
Marlinspike make a browser plug-in that anonymized google searches. Ghandi broke it by cancelling the SSL certificate without warning.
A decade ago he found that they accepted null characters in SSL certificates, allowing the issue of certificates that some browsers accepted as being for someone else's website. Ghandi locked his account without warning and customer service later told him he was personally banned.
When the certificates were approaching expiry Ghandi sent him emails suggesting renewals, with links that worked to renew the certificates
El reg passim links
This was a deliberate choice, someone could run a program that looks like the normal login screen which actually steals usernames and passwords. Ctrl-alt-del can't be intercepted by a user-mode program.
Larry Osterman wrote a blog post about this in 2005.
So much horror in the blog.
A minor IT aspect: The system ran on Windows NT until 2010 (according to Nick Wallis in a BBC interview), five or six years after the end of extended support for that OS,then after a 2015 deal with IBM collapsed it was upgraded to windows 8 (according to computer weekly)
If it was locked down and firewalled appropriately then that may not have been particularly risky, and the upgrade cost would have been huge, but it's not exactly confidence inspiring.
Big lead-acid batteries, as used in large UPS systems, are really heavy.
A person who routinely tried to cut corners, usually resulting in aggrieved customers and the rest of us having to do much more work than it would have taken to do things properly the first time, borrowed a milk trolley, a five foot tall metal cage on wheels, loaded it with about 150KG of batteries, got it going down a slope at speed then ran over his own foot.
His broken toes caused him a lot of pain for a while but did not improve his attitude.
I think Microsoft overpaid for github. Microsoft appears primarily driven by a desire for revenue these days.
I consider it very likely that in the next three years some big change will be made at github and people won't like it. I don't know what it will be but some middle manager or bean counter is going to come up with something that he hopes will get him a promotion.
Long term there is a good chance of it being as independent as hotmail now is.
I'm reminded of the launch of WAP phones twenty years ago. At the time, I found it baffling that Cellnet spent very large amounts of money on something that a typical person played with for ten minutes and concluded was rubbish and too expensive.
I have since accepted that it is just a normal consequence of human nature that the people in charge of things are usually clueless nitwits.
There is an interesting paper on the subject of the link between the cost of wine and how much people enjoy it when they don't know how much it costs.
"In a sample of more than 6,000 blind tastings, we find that the correlation between price and overall rating is small and negative, suggesting that individuals on average enjoy more expensive wines slightly less."
Link to the paper:
Since 2012 it has been my opinion that only wildly impetuous people set up bitcoin exchanges.
It was highly amusing to read about for years, I lost interest a while back.
I recall Amir using his personal bank account to operate Britcoin. The days when mtgox frequently fell over quite often, if Karpeles was asleep people on the bitcoin IRC channel would call his mobile phone until he woke up. He appeared to do no testing of changes to his software before making it live.
I recall the Polish exchange that disappeared one day, the young men running it tried to increase the RAM on the single virtual server it ran on and accidentally reinstalled it. They had no backup and the private keys for about a hundred thousand BTC were lost. They went silent for a couple of weeks, when they reappeared they claimed they had got drunk for a few days when they lost hope of recovering the bitcoin.
Several hacks of bitcoinica, culminating in the time the source code was deliberately released but contained an important password which was rapidly used to steal the bitcoin.
Nefario setting up his own stock market and being genuinely surprised when he got some legal advice and was told that there are lots of regulations that he should have been following.
There was the exchange that thought they were super secure because only a few laptops could access the servers. The laptops had windows, microsoft office and skype installed. A staff member accepted a document from a phisher on skype and ran it with macros enabled, bye bye bitcoin.
The risks, difficulties and regulatory uncertainty mean that only wildly impetuous people set up bitcoin exchanges resulting in bitcoin exchanges being run by impetuous people who commit terrible blunders and try to keep going.
If you want to store some bitcoin and conclude that keeping it in an exchange account or wallet run by someone else is a terrible idea then running bitcoin software yourself seems like quite a hassle. You need to figure out which version of the software to use if there is currently a battle between different factions over block size or something then download, verify (days of 100% cpu) and store 200GB of blockchain. If you want to receive some BTC and you have not run your software for a while then you may have to wait hours for it to get recent blocks.
I personally find the Ubuntu graphical user interface to be infuriating and laggy. I have installed various versions of ubuntu on virtualbox, KVM and an old desktop and had problems with the display not redrawing properly. Debian with XFCE works and does not annoy me so that is what I use.
On an older version of Ububtu on the old desktop I use for testing unplugging a USB keyboard repeatable caused xwindow to crash.
I know a couple of people who think Ubuntu is great, maybe it's just me.
Am I the only one cynical enough to think that persistent memory is inevitably going to lead to situations where you power the computer off and back on and it remains stuck in an unintended dysfunctional state?
I'm sure they are unusual cases where it is really useful, I just can't see it being worthwhile for typical computer use.
This reminds me of the year 2000 Hope conference at the Hotel Pensylvania in New York City.
The phone company circulated a memo to their employees warning about hackers in town.
Conference organiser Emmanuel Goldstein kicked off the social engineering session by telephoning the telco security person who issued the memo and asking about it. After a minute or two the teleco person said something like "I'm not seeing you on the list of employees.."
According to Goldstein the hotel management later got a call complaining that H2K people where trying to hack their mainframe and took it to mean that someone was physically breaking into telco equipment with an axe.
Google security researcher Tavis Ormandy just discovered a load of security holes in code used in Norton antivirus, Symantec Endpoint (All Platforms), SMSME, SSE and probably other products of the "when your antivirus scans a file from email/web/usb-stick software in the file can get running on your machine with full privileges" variety, thus making your machine more vulnerable than it would be without security software.
Sadly this is not going to affect their business.
i seem to recall that around twenty years ago someone found a way to get thunderbyte antivirus to run code from a file that it was scanning, it's not a new problem. Almost nobody is able to usefully assess security software or pays any attention to it's problems. In a rational market McAfee (now Intel security) and symantec would be out of business instead of making billions.
CVE assignments is easily a full time job for a couple of people if they are cranking them out with very little verification.
There were about 6000 issued in 2015. (the highest numbered is CVE-2015-8822 but they didn't use some numbers).
Just weeding out duplicates, invalid reports, trolls and jokes and publishing a coherent summary will easily take an hour each. That is nowhere near enough time to actually install some software and see if a bug is real.
Raymond Chen of Microsoft, blogging as OldNewThing, complains that Microsoft get a lot of invalid security-hold reports that can be summed up as "if you already have admin privilege you can do blah".
People with enough knowledge to do anything beyond saying "Eh, sounds plausible, have a number" are uncommon and can be out earning money.
I am doubtful about them getting enough volunteer labour to replace the work of Mitre corp.
There is an open source clone of slack called mattermost. It's seems ok, I'v spun it up and played with it for half an hour. I got no futher because the standard way of using it seems to be to use docker. I havn't had the enthusiasm to spend a day learning docker yet, I would have no idea how to fix the mattermost container if it just stopped booting, how to keep it backed up and patched.
Slack costs hundreds of dollars a month for a couple of dozen users. The cost is high enough that getting someone to set up mattermost is a reasonable alternative.
Initially the networks allowed interworking by gentlemen’s agreement and an understanding that it was in everyone’s best interest to just accept and deliver messages.
Until 1999 the UK GM networks did not deliver messages from one network to another, you could only send a text to someone on the same network. They started exchanging messages between networks very reluctantly.
Travis Goodspeed described an amusing smart TV hack in one of talks (it's on youtube).
The TV can load firmware updates from a USB stick. It only accepts updates signed by the manufacturer. It reads the file once to check the signature then again to load it into the TV. A little microcontroller board emulating a USB stick that sends different data the second time makes it possible to load alternative firmware.
Personally I feel no desire to buy a TV anytime soon.
Biting the hand that feeds IT © 1998–2020