* Posts by zb42

29 posts • joined 28 Apr 2011

It’s not true no one wants .uk domains – just look at all these Bulgarians who signed up to nab expired addresses

zb42

cost

Four hundred quid to become a nominet member, then a hundred quid a year.

Cheaper than I expected.

Chrome suddenly using Bing after installing Office 365 Pro Plus... Yeah, that might have been us, mumbles Microsoft

zb42

Re: Slurp -

I believe the legal term is "tortious interference".

'No BS' web host Gandi lives up to half of its motto... Some customer data wiped out in storage server meltdown

zb42

Moxie Marlinspike, known for signal messenger and entertaining blogging about ocean sailing, has a bit of history with Gandi.

Marlinspike make a browser plug-in that anonymized google searches. Ghandi broke it by cancelling the SSL certificate without warning.

A decade ago he found that they accepted null characters in SSL certificates, allowing the issue of certificates that some browsers accepted as being for someone else's website. Ghandi locked his account without warning and customer service later told him he was personally banned.

When the certificates were approaching expiry Ghandi sent him emails suggesting renewals, with links that worked to renew the certificates

El reg passim links

https://www.theregister.co.uk/2010/04/05/googlesharing_cert_revoked/

https://www.theregister.co.uk/2009/07/30/universal_ssl_certificate/

Beware the three-finger-salute, or 'How I Got The Keys To The Kingdom'

zb42

Re: ...why Microsoft taught people to hit Ctl-Alt-Del...

This was a deliberate choice, someone could run a program that looks like the normal login screen which actually steals usernames and passwords. Ctrl-alt-del can't be intercepted by a user-mode program.

Larry Osterman wrote a blog post about this in 2005.

https://blogs.msdn.microsoft.com/larryosterman/2005/01/24/why-is-control-alt-delete-the-secure-attention-sequence-sas/

Post Office faces potential criminal probe over Fujitsu IT system's accounting failures

zb42

A minor IT angle

So much horror in the blog.

A minor IT aspect: The system ran on Windows NT until 2010 (according to Nick Wallis in a BBC interview), five or six years after the end of extended support for that OS,then after a 2015 deal with IBM collapsed it was upgraded to windows 8 (according to computer weekly)

If it was locked down and firewalled appropriately then that may not have been particularly risky, and the upgrade cost would have been huge, but it's not exactly confidence inspiring.

Sod 3G, that can go, but don't rush to turn off 2G, UK still needs it – report

zb42

My 2G phone works for three weeks between charges, making a couple of short calls.

The dread sound of the squeaking caster in the humming data centre

zb42

Big lead-acid batteries, as used in large UPS systems, are really heavy.

A person who routinely tried to cut corners, usually resulting in aggrieved customers and the rest of us having to do much more work than it would have taken to do things properly the first time, borrowed a milk trolley, a five foot tall metal cage on wheels, loaded it with about 150KG of batteries, got it going down a slope at speed then ran over his own foot.

His broken toes caused him a lot of pain for a while but did not improve his attitude.

Microsoft? Oh it's just another partnership, insists GitHub CEO

zb42

I think Microsoft overpaid for github. Microsoft appears primarily driven by a desire for revenue these days.

I consider it very likely that in the next three years some big change will be made at github and people won't like it. I don't know what it will be but some middle manager or bean counter is going to come up with something that he hopes will get him a promotion.

Long term there is a good chance of it being as independent as hotmail now is.

EE switches on 5G: Oi, where are your Mates? Yes, we mean the Huawei phones

zb42

I'm reminded of the launch of WAP phones twenty years ago. At the time, I found it baffling that Cellnet spent very large amounts of money on something that a typical person played with for ten minutes and concluded was rubbish and too expensive.

I have since accepted that it is just a normal consequence of human nature that the people in charge of things are usually clueless nitwits.

Wine? No, posh noshery in high spirits despite giving away £4,500 bottle of Bordeaux

zb42

A relevant study

There is an interesting paper on the subject of the link between the cost of wine and how much people enjoy it when they don't know how much it costs.

"In a sample of more than 6,000 blind tastings, we find that the correlation between price and overall rating is small and negative, suggesting that individuals on average enjoy more expensive wines slightly less."

Link to the paper:

Do More Expensive Wines Taste Better? Evidence from a Large Sample of Blind Tastings

Bitcoin drops 7 per cent on New York Attorney General's allegations of $850m fraud by Bitfinex

zb42

Since 2012 it has been my opinion that only wildly impetuous people set up bitcoin exchanges.

It was highly amusing to read about for years, I lost interest a while back.

I recall Amir using his personal bank account to operate Britcoin. The days when mtgox frequently fell over quite often, if Karpeles was asleep people on the bitcoin IRC channel would call his mobile phone until he woke up. He appeared to do no testing of changes to his software before making it live.

I recall the Polish exchange that disappeared one day, the young men running it tried to increase the RAM on the single virtual server it ran on and accidentally reinstalled it. They had no backup and the private keys for about a hundred thousand BTC were lost. They went silent for a couple of weeks, when they reappeared they claimed they had got drunk for a few days when they lost hope of recovering the bitcoin.

Several hacks of bitcoinica, culminating in the time the source code was deliberately released but contained an important password which was rapidly used to steal the bitcoin.

Nefario setting up his own stock market and being genuinely surprised when he got some legal advice and was told that there are lots of regulations that he should have been following.

There was the exchange that thought they were super secure because only a few laptops could access the servers. The laptops had windows, microsoft office and skype installed. A staff member accepted a document from a phisher on skype and ran it with macros enabled, bye bye bitcoin.

The risks, difficulties and regulatory uncertainty mean that only wildly impetuous people set up bitcoin exchanges resulting in bitcoin exchanges being run by impetuous people who commit terrible blunders and try to keep going.

If you want to store some bitcoin and conclude that keeping it in an exchange account or wallet run by someone else is a terrible idea then running bitcoin software yourself seems like quite a hassle. You need to figure out which version of the software to use if there is currently a battle between different factions over block size or something then download, verify (days of 100% cpu) and store 200GB of blockchain. If you want to receive some BTC and you have not run your software for a while then you may have to wait hours for it to get recent blocks.

Disco Dingo fever: Ubuntu 19.04 has an infrastructure bent, snappier GNOME and another stupid name

zb42

I personally find the Ubuntu graphical user interface to be infuriating and laggy. I have installed various versions of ubuntu on virtualbox, KVM and an old desktop and had problems with the display not redrawing properly. Debian with XFCE works and does not annoy me so that is what I use.

On an older version of Ububtu on the old desktop I use for testing unplugging a USB keyboard repeatable caused xwindow to crash.

I know a couple of people who think Ubuntu is great, maybe it's just me.

And here's Intel's Epyc response: Up-to 56-core, 4GHz 14nm second-gen Xeon SP chips, Agilex FPGAs, persistent mem

zb42

Am I the only one cynical enough to think that persistent memory is inevitably going to lead to situations where you power the computer off and back on and it remains stuck in an unintended dysfunctional state?

I'm sure they are unusual cases where it is really useful, I just can't see it being worthwhile for typical computer use.

John McAfee is 'liable' for 2012 death of Belize neighbour, rules court

zb42

I'v read the slashdot interview with McAfee where he talked about smuggling drugs through south america, I'm still in awe of his tweet about entering a whale F%!$ing contest but he has topped that now. Failing to defend a civil lawsuit in the USA is the most impetuous thing he has done so far.

Windows 0-day pops up out of nowhere Twitter

zb42

first windows LPE that I remember

The first windows LPE exploit that I was aware of was released in February 1999 by Dildog of the L0pht, almost twenty years ago.

Google Spectre whizz kicked out of Caesars, blocked from DEF CON over hack 'attack' tweet

zb42

H2K NYC

This reminds me of the year 2000 Hope conference at the Hotel Pensylvania in New York City.

The phone company circulated a memo to their employees warning about hackers in town.

Conference organiser Emmanuel Goldstein kicked off the social engineering session by telephoning the telco security person who issued the memo and asking about it. After a minute or two the teleco person said something like "I'm not seeing you on the list of employees.."

According to Goldstein the hotel management later got a call complaining that H2K people where trying to hack their mainframe and took it to mean that someone was physically breaking into telco equipment with an axe.

Why you shouldn't trust a stranger's VPN: Plenty leak your IP addresses

zb42

This article puts the blame on the wrong people. VPN services should not be messing with your traffic to block webRTC.

Blame the broswer makers for this.

If you follow el reg's advice at the bottom of the article to set up your own vpn using the openvpn software then it will not block webRTC.

Nutanix: Yup, OK, we gobbled PernixData, Calm.io. What you gonna do about it?

zb42

For those of us who are not not visualization and storage wonks... what do they sell?

It's... some sort of thing that makes virtual machines faster?

Symantec: I know we said things'd get better when we sold Veritas...

zb42

also horrendous security holes in their products

Google security researcher Tavis Ormandy just discovered a load of security holes in code used in Norton antivirus, Symantec Endpoint (All Platforms), SMSME, SSE and probably other products of the "when your antivirus scans a file from email/web/usb-stick software in the file can get running on your machine with full privileges" variety, thus making your machine more vulnerable than it would be without security software.

Sadly this is not going to affect their business.

i seem to recall that around twenty years ago someone found a way to get thunderbyte antivirus to run code from a file that it was scanning, it's not a new problem. Almost nobody is able to usefully assess security software or pays any attention to it's problems. In a rational market McAfee (now Intel security) and symantec would be out of business instead of making billions.

CVE bug system has bugs – quick, use this alternative, say hackers

zb42

Distributed Weakness Filing, enough volunteer labour

CVE assignments is easily a full time job for a couple of people if they are cranking them out with very little verification.

There were about 6000 issued in 2015. (the highest numbered is CVE-2015-8822 but they didn't use some numbers).

Just weeding out duplicates, invalid reports, trolls and jokes and publishing a coherent summary will easily take an hour each. That is nowhere near enough time to actually install some software and see if a bug is real.

Raymond Chen of Microsoft, blogging as OldNewThing, complains that Microsoft get a lot of invalid security-hold reports that can be summed up as "if you already have admin privilege you can do blah".

People with enough knowledge to do anything beyond saying "Eh, sounds plausible, have a number" are uncommon and can be out earning money.

I am doubtful about them getting enough volunteer labour to replace the work of Mitre corp.

'$5bn for Slack?! I refuse to pay!' You don't pay – and that's its biggest problem

zb42
Linux

Mattermost, opewn-souce clone of slack

There is an open source clone of slack called mattermost. It's seems ok, I'v spun it up and played with it for half an hour. I got no futher because the standard way of using it seems to be to use docker. I havn't had the enthusiasm to spend a day learning docker yet, I would have no idea how to fix the mattermost container if it just stopped booting, how to keep it backed up and patched.

Slack costs hundreds of dollars a month for a couple of dozen users. The cost is high enough that getting someone to set up mattermost is a reasonable alternative.

Ancient pager tech SMS: It works, it's fab, but wow, get a load of that incoming SPAM

zb42

Initially the networks allowed interworking by gentlemen’s agreement and an understanding that it was in everyone’s best interest to just accept and deliver messages.

Until 1999 the UK GM networks did not deliver messages from one network to another, you could only send a text to someone on the same network. They started exchanging messages between networks very reluctantly.

Smart TVs riddled with DUMB security holes

zb42

amusing smart TV hack

Travis Goodspeed described an amusing smart TV hack in one of talks (it's on youtube).

The TV can load firmware updates from a USB stick. It only accepts updates signed by the manufacturer. It reads the file once to check the signature then again to load it into the TV. A little microcontroller board emulating a USB stick that sends different data the second time makes it possible to load alternative firmware.

Personally I feel no desire to buy a TV anytime soon.

Raspberry Pi puts holes in China's Great Firewall

zb42
Facepalm

PPTP usually uses MS-CHAP authentication so in most cases the encryption is breakable with modest effort.

Perhaps PPTP is sometimes allowed because they prefer to watch what people are doing over it instead of blocking it.

Marks & Sparks accused of silently bonking punters over the tills

zb42

it isn't radio waves

To be pedantic about the physics the communication between the terminal and card isn't a radio wave, it's a high frequency magnetic field. It's radio frequency but not a radio wave in the sense of a propagating electromagnetic wave.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020