* Posts by Mr. Flibble

36 posts • joined 23 Aug 2011

In hilariously petulant move, Apple shuts Texas stores and reopens them few miles down the road – for patent reasons

Mr. Flibble

Re: re: worst parasites

That's exactly what happens, watch this: https://www.thepatentscam.com

Hold horror stories: Chief, we've got a f*cking idiot on line 1. Oh, you heard all that

Mr. Flibble

German Bastards

Our HQ was in Germany, so were usually an hour ahead of us in the UK.

Once we had a network problem, so I rang them up at about 4.25pm (UK time) to let them know. The phone rang, and then silence.

So I rang again, same thing. I thought they'd all disappeared off home early, and muttered "Bastards!" as I hung up.....

....

A few minutes later, someone rang my number and said "er... hello.... you called us bastards?"..... It turned out they were still in the office, it was just they could hear me, and I couldn't hear them... oops!

I apologised profusely, and they were surprisingly OK about it.

For several weeks afterwards they signed off their emails to me with "from the German Bastards" :)

Marriott: Good news. Hackers only took 383 million booking records ... and 5.3m unencrypted passport numbers

Mr. Flibble

Re: Stored data

PCI-dss compliance centrally? No idea.

At certain starwood hotels i was working at this year, they clearly weren't, which was a little surprising. PCI-dss was a big deal at IHG a few years ago (maybe because they'd been hacked in the past and knew they'd be fined next time).

Marriott's Starwood hotels mega-hack: Half a BILLION guests' deets exposed over 4 years

Mr. Flibble

Re: Remind me

Because you could have legged with with all the bathrobes/been smoking in a non-smoking room/trashed the place.

None of this will be found until hours after checkout when housekeeping goes round to clean rooms etc.

Mr. Flibble

Re: Card numbers

1. Not all hotels have Opera cloudy servers. Some are still physically at the hotel.

2. It's quite possible that they breached "Valhalla", their back-end reservations database. This is probably why it is limited to Starwood hotels and not the whole group, as Marriott use a different system.

Mr. Flibble

police-requested guest registration

Italy does this too, but they only get transferred from the hotel systems "on request".

PINs and needled: Experian site blabbed codes to unlock credit accounts for fraudsters

Mr. Flibble

Re: Can someone tell me why?

I agree with most of your points, however, once I swapped my bank (savings only), and they spent ages giving back my personal details, so I went into complain, and they said they were sorry, but they were waiting for a credit check to complete.

When I asked them why that was needed as it was only a savings account, they said it was in because they were also offering a non-savings account at the same time (which I didn't want, and didn't ask for), so there's no guarentee this wont happen when you open a normal account.

Remember that lost memory stick from Heathrow Airport? The terrorist's wet dream? So does the ICO

Mr. Flibble

Re: You only need a single hole in security to lose

Security Theatre? That's airports generally... Well, and beig full of pointless no-cheaper-than-elsewhere shops...

Civil rights group Liberty walks out on British cops' database consultation

Mr. Flibble

Re: GDPR

Yes, it's great, but will any of them pay out?

UK chip and PIN readers fall ill: Don't switch off that terminal!

Mr. Flibble

We have been told it's a certificate problem....

Gent had a power cut yesterday, and now all the hotels of a certain owner can't process cards :(

Oops.

We got 2 replacements for our devices taxied to Brussels from Luxembourg yesterday to fix 2 that were broken here, but I doubt anyone else is that lucky.

We were lucky cos we were doing a migration at the time, and our provider (3C) thought that they had caused the issue I assume.

At least the replacements worked or that would be 1 more hotel broken.

Apparently I'm not allowed to reflash the broken devices myself for security reasons, which is a bit shit, as surely everything is cryptographically signed anyway isn't it??......... <tumbleweed>.......

Hackers able to turbo-charge DJI drones way beyond what's legal

Mr. Flibble

Re: unfortunately unsurprising

Nice!

That reminds /me/ of a time when I was using cheap walkie talkies at a horse jumping day to talk to my dad. After a few minutes a soldier came over to ask if we could stop using them as it was interfering with his trailer-mounted, army issue radio... oops!

We were slightly concerned that our crappy device could distrupt army comms :(

Apple will throw forensics cops off the iPhone Lightning port every hour

Mr. Flibble

Re: Easy good passwords, here I go again...

Which is fine unless you have to use foreign keyboards regularly, and then it becomes a bloody nightmare.....

US websites block netizens in Europe: Why are they ghosting EU? It's not you, it's GDPR

Mr. Flibble

Re: they waited 2 years for EU to fund the conversion...EU FAILED

Just because regulations change doesn't mean affected parties should get handouts.

Oracle sued over claims of shoddy service, licensing designed to force adoption of its kit

Mr. Flibble

@AC

Don't get me wrong, I like /Oracle/ products. It was so horrible going from Oracle DBs at Uni to MS Access in my job. (Yes I know they work at different scales (in terms of both capacity and cost), but it was a shock moving from a decent product to "My First Database Application").

It will be a happy day when I do not have to deal with Micros products ever again. Sadly that day is a long way off.

Mr. Flibble
Flame

In this case, POS does not mean "Point of Sale"....

Don't get me started, oh, wait, you did... sorry:

Someone told me recently that the only reason Oracle bought Micros was to lower their tax bill...

And no, he didn't seem to be joking.

Micros Fidelio support has been crap for as long as I have had to deal with them, but according to ex-colleagues they've got worse still, which is hard to believe is possible.

Their tills are ridiculously expensive for their specs, and when I contacted them about a directory traversal attack on their crappy software, I was told that it wasn't a security problem and to go away!

Oh, and don't get me started about that piece of crap Property Management System called Opera that they keep saying only supports an antiquated version of Java, and needs 15 specific browser settings and IE in compatibility mode to work properly....

I mean, sheeet, the company is too tight to even buy a SSL Cert from a company that any browsers know about, and that's their cloudy platform, not just some random internal server!

Last year, a project was delayed because Oracle shut down their ordering systems for a month so we couldn't order any upgrades! What sane company does that???

</rant>

'A sledgehammer to crack a nut': Charities slam UK voter ID trials

Mr. Flibble

Significant barrier?

"Voter ID reforms present a significant barrier to democratic engagement and could disadvantage young people, older people, disabled, transgender, BAME communities and the homeless"

I'm confused, I thought you had to have an address to vote anyway, so that won't make it any worse for the homeless, surely? (Not that I'm for or against Voter ID at the moment).

Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone

Mr. Flibble

Re: Can't even be arsed to use an Equifax cert?

Yes, Quite. Sometimes I think I'm in a very small minority when I suggest this to people - they usually just look at me funny like i've said something insane.....

Connectivity's value is almost erased by the costs it can impose

Mr. Flibble

Re: Amazingly still not going dark...

Our house is rapidly turning into that due to us adding that aluminium foil-backed celotex/quinn therm insulation :(

If we're not careful we'll need an AP in each room and an expensive controller :(

Skype-on-Linux graduates from Alpha to Beta status

Mr. Flibble

Re: I would be interested to know...

It's still in heavy development.

For me it's a toss-up between ring and tox (https://tox.chat).

They are both promising, and I'm running a relay for tox to help out (and for ring if OpenDHT will behave on my system).

The major problem on both is lack of caching messages for someone if they are offline. When that gets fixed they will be awesome!

Go ahead, build better security: it just makes crims try harder

Mr. Flibble

“All [better security] it means is that you will piss of the bad guys and they will become more sophisticated.”

Isn't that the idea?

Sophistication usually means more effort is required, and therefore surely some will give up or choose another less-well secured company?

Patch Cisco ASA ASAP: DNS, DHCPv6, UDP packets will crash them

Mr. Flibble

Re: Too bad they charge for updates

Yes, unfortunately they are.

However, at least their website lists the checksums for free, so at least you can erm, find the files from other sources and check they aren't backdoored...

Is Kazakhstan about to man-in-the-middle diddle all of its internet traffic with dodgy root certs?

Mr. Flibble

Re: South Korea is already doing it.

To be fair to them, the current CA (valid from 2014 to 2017) is only for "*.gvpn.go.kr"

Windows 10 is an antique (and you might be too) says Google man

Mr. Flibble

Re: Revisionist

Yes, and no need to reboot lameness if you change your DNS servers or add a modem etc. like on NT4

Anons blow Japanese airports off-course in dolphin cull protest

Mr. Flibble

@AC - whale oil beef hooked

<shrug> Oh well, at least it's bringing attention to the situation as the government isn't likely to do anything about it without extra pressure, so that's fine with me.

Oracle pulls CSO's BONKERS anti-bug bounty and infosec rant

Mr. Flibble

Re: why do theese people rise to the top in companies?

Maybe she's a leftover from the merger with Micros Fidelio - I didn't have a particularly high regard of them in terms of security either...

Guardian: 'Oil reserves will soon be worth NOTHING!' (A bit like their stock tips, really)

Mr. Flibble

Shell's Reserves

"Before we all march off to laugh at the dunderheads eating their crayons over at the Guardian let's just do a check on this idea. Shell's reserves (just reserves, not resources) in 2013 were some 14 billion barrels of oil equivalent."

So shell says....

Both reserves and resources have been overstated in the past by oil companies, and it seems difficult to verify (on purpose, I expect).

From the Shell disclaimer on their report:

"Neither the Company nor any of its subsidiaries undertake any obligation to publicly update or revise any forward-looking statement as a result of new information, future events or other information. In light of these risks, results could differ materially from those stated, implied or inferred from the forward-looking statements contained in this Report."

So it could all be BS anyway.

Vint Cerf: Everything we do will be ERASED! You can't even find last 2 times I said this

Mr. Flibble

Re: Remember the Domesday Disc anyone???

Part of the problem is that copyright was not specifically waived, so while conversion could be done, from a legal POV copies are not allowed without contacting the original sources for the information:

https://en.wikipedia.org/wiki/BBC_Domesday_Project#Preservation

Which of UK's major ISPs will let you have exotic p0rn? NONE OF THEM

Mr. Flibble

Re: Sweet...

@linicks - The BBC have changed their API and that doesn't work any more :(

Shame, it was dead useful and you'd get all the metadata too.

NORKS ban Wi-Fi and satellite internet at embassies

Mr. Flibble

Re: Easy

Good luck with that.

Iridium block access from North Korea due to the embargo. Inmarsat is similar, so there's not much choice left....

REVEALED: Google's proposed indie music-killing contract terms

Mr. Flibble
Thumb Down

"Convenant not to sue" worse than just the headline

"Page" 15:

"Provider covenants for itself and respective agents and representatives not to.... directly or indirectly support, assist, fund, lend resources to, or otherwise participate in any litigation...... alleging any form of copyright infringement arising from Google's exploitation of the rights licensed by the provider....."

So it's specifically about copyright infringement, not any other part of the contract, but still, it means if one of your mates (or a group you are member of) has a beef about it, u can't even help...

As WinXP death looms, Microsoft releases its operating system SOURCE CODE for free

Mr. Flibble

Re: It was known for being followed by 2.1 and 2.11

Novell DOS 7 was waaay better than 6.22 (unless you tried to use the multitasking part, which was rather buggy)....

Hey banks: Use Win XP after deadline? You'll PAY if card data's snaffled

Mr. Flibble

Re: Scaremongering

Anything that isn't under support, and is within the "PCI Scope", IE processes or transfers credit card data, will fail PCI-DSS.

At our company a few years ago, we had loads of Windows 2000 servers, which of course were going to be out of support. We looked at paying MS for extended support as they ran some rather critical stuff that was within PCI scope, but as that would come in at about $100k, we sacked off that idea.

Somehow we managed to pass PCI anyway, and we have now finally upgraded, so it doesn't matter, but the point still stands, if your vendor wont support a particular version past a certain date, then you can't be PCI compliant after that date.

We've now got the fun prospect of upgrading all our old cisco switches as they go out of support soon too, and they are also are in the PCI Scope.

The key seems to be making your PCI scope as small as possible, which isn't a bad idea in theory, it just causes problems if you've got a flatish network and loads of dependant systems.

OK, so we paid a bill late, but did BT have to do this?

Mr. Flibble

Re: Not just broadband

Well, what my email said was that because of problems, accounts that hadn't upgraded wouldn't be disconnected today (16th Sept).

I know when I tried a few weeks ago, the link to the T&Cs didn't work, and when I contacted one of those "live chat" people, they said to try again in a few days.

Today I notice the ordering interface is similar, but it won't take my DD account number, so I still can't sign up for it, there's also no mention of T&Cs, which is a bit concerning....

Shrinking market doesn't scare the NASty boys of storage

Mr. Flibble
Thumb Up

Re: No thanks

I've got a Thecus N7700+ from a few years ago.

Runs some kind of linux 2.6 from flash, has a nice lot of modules, supports iscsi, and i've seen reports of people upgrading the CPU from a celery to a dual core something or other and increasing the RAM from 2 to 3 gb.

I might do this at some point to increase the performance.

I've got 7 x 2gb WD "Green Power" drives in it, running RAID5 and encryption, and it's great.

Max read rates are ~50mb/sec for me, which isn't bad I think from an encrypted ZFS drive and software raid (there's 2 marvell RAID cards in there running md).

The interface isn't great - it uses flash (yuk), and the "English" can be a bit confusing, esp. if you're hesitating about swapping a failed drive, but from a HW point of view, I love it.

Encryption's great as you just boot it with a usb stick with the key stored on it, and then remove it once booted.

I've had 2 drive failures, and swapping them has been dead easy, although at 2tb each, rebuilds take around a day.

I'm seriously thinking of getting another one, and you can connect 15 of them together with iSCSI, which is nice.

They are doing rack mount beasties now up to 16 drives, which is good too, the only problem is their newer offerings don't support ZFS as far as I can tell, which is a real shame, and they are starting to include HDMI and audio ports, which is a bit pointless for a NAS, IMO.

I guess they are just using standard motherboards so don't have much choice.

Why do these traders get billions to play with, unchecked?

Mr. Flibble

@deshepherd

Interesting!

Any chance of telling us the date of the programme or where to get the podcast from?

BBC's website only has the last 5 days-worth :(

Thanks,

WikiLeaks admits insider deleted loads of its data

Mr. Flibble

When will organizations learn?

This kind of problem is why they should use freenet or something similar....

Biting the hand that feeds IT © 1998–2019