* Posts by An0n C0w4rd

337 posts • joined 20 Sep 2011

Page:

IBM offloads Notes and Domino to India's HCL Technologies

An0n C0w4rd

Re: Notes wasn't a bad idea.

I suspect the Notes Applications is the one reason Notes still exists. Companies built their business processes around Notes Apps and it's too expensive to move off so they're stuck on the platform. It was certainly one of the big blockers to migrations off Notes in the companies I dealt with.

6
0

Dumb bug of the week: Outlook staples your encrypted emails to, er, plaintext copies when sending messages

An0n C0w4rd

Re: By design?

Is this the new FBI version of security?

6
1

Wonder why Congress doesn't clamp down on its gung-ho spies? Well, wonder no more

An0n C0w4rd

Re: Waste, fraud and abuse

Never happen

You know why? No politician wants to commit career suicide by voting to de-fund an agency that could prevent a terrorist attack, because if an attack happens then fingers will be pointed at the lack of funding.

It's the same reason that after every attack legislation is almost always passed to try and prevent another attack. Not because another attack is likely using the same method (apart from the truck attacks which appear to be the new favourite), but because they have to be seen to do SOMETHING. Even if it's completely ineffective, such as most of the security theatre put in place after September 11. Or the backscatter body perv scanners that were installed after the underwear bomber, that have been proved to let stuff past if you make it look like part of your body (e.g. fake belly).

7
0
An0n C0w4rd

Can't get congress to act on reports they can't see

One Congress-critter (can't remember whom) commented that one of the reasons that it's so difficult to get Congress to effectively review surveillance legislation is that the committees that review the secret reports cannot tell other members of Congress their contents, even in a general manner. They cannot take anything in to those briefings (so no notes or recordings), and there are never any nice handouts they can share afterwards.

So all those closed-door committee briefings? Completely worthless. The committee cannot report on what they were told, so the other people in Congress that get to vote on the legislation don't know about any transgressions (unless a whistleblower comes forward, and we all know how that ends), and therefore cannot do anything more than rubber stamp whatever the spy agencies want

I doubt any country is any better to be honest.

7
0

What's the biggest danger to the power grid? Hackers? Terrorists? Er, squirrels

An0n C0w4rd

Soldiers unaware of the Faraday cage

"In the same year, three Sri Lankan soldiers were electrocuted after a squirrel caused a fire that broke power lines – causing them to fall on the soldiers' vehicle."

From what I understand, the soldiers who died got out of the vehicle, and were therefore electrocuted. The other soldiers in the same vehicle who stayed inside survived.

4
0
An0n C0w4rd

Re: Or a shovel through a fibre/wire bundle

My favourite RFO* from a telco was that they found shotgun pellets embedded in the fibre. Someone had been taking pot shots at some fauna and had taken out the fibre instead. I guess it must have been hung from telephone poles, but can't remember to be honest

Yes, this was in the land where the 2nd amendment is used to justify way too much

* RFO = Reason For Outage

4
0

Search for MH370 called off after new theory about resting place is ruled out

An0n C0w4rd

Re: Commercial Aircraft Locations

@ The Man Who Fell To Earth

Hopefully accurate telemetry. I watched a 767 land at GLA airport a few years ago on a online plane tracker. Something in the ADS-B data path for the plane drifted as it held east of Glasgow while the runway was cleared of snow. Each loop around the hold patten the plane "drifted" a few miles north. In the end, when the landed at GLA the tracker showed in landing in the Trossachs! Probably badly calibrated inertial guidance system feeding the transponder. Since they landed safely, the cockpit crew must have been using a different navigation source, maybe relying on beacons instead of inertial navigation.

However, I agree. The Inmarsat data would have been much more useful had it included the ADS-B transponder data in a way that the cockpit could not disable. Doesn't have to be every few seconds like ADS-B, but every 15 minutes would suffice to narrow down the search area.

4
0
An0n C0w4rd

Assuming that the theoretical flight path from primary RADAR sources (after the transponder and ACARS systems were disabled) is correct, it is highly unlikely to have been an equipment malfunction. Equipment malfunctions generally don't route around populated areas and RADAR systems. If the plane was being controlled by someone, then routing around populated areas to crash land makes sense, but they never descended. If you lost radio comms, there are protocols in place for that (circle one way to say lost transmission, circle the other way to say lost both receive & transmit)

Autopilot could have flown the route, but only after someone told it to.

What's worse is that even if they find the wreckage they may still NOT figure out what happened. Even if the CVR & FDR survived, the CVR only records the last 30 minutes of cockpit noises. It was never designed for this scenario where something happened hours earlier. There is also no guarantee that the CVR and FDR weren't disabled also, there is (or was) a breaker in the cockpit that could be used to disable them. Not sure about the 777.

9
0

Flight 666 lands safely in HEL on Friday the 13th

An0n C0w4rd

Changes?

Sorry to ruin everyones joke comments by asking a question, but what changes to European flight numbering? Are the going to 4 digit numbers across the board or something?

6
0

Europe trials air-traffic-control-over-IP-and-satellite

An0n C0w4rd

The last I heard (which was admittedly a few years ago) was that NASA had set up a test bed which simulated pilots in an ATC zone and all the ATC comms associated with that (lots of people running FSX in a lab with 2 way headsets, and an ATC with some kind of virtual radar view of all the planes)

The one point of ATC instructions over data comms is that pilots lose situational awareness. By having all instructions broadcast, there is a second level of error checking going on because if ATC tells a plane to fly an altitude, a plane already at that altitude can hear the instruction and relay any concern about a possible conflict.

With data based ATC comms that was lost

Probably more of an issue for approach/departure controllers around an airport rather than at high altitude, but it is still a concern

3
0
An0n C0w4rd

Re: Am I missing something here?

@LeeE

Repeating back "Turning to 270" doesn't mean that the pilot has done it, but it does mean that the pilot has heard the instruction and at some level understood it. Hitting "OK" on the flight computer doesn't indicate understanding or even that the message was seen

2
0

Apple's 'lappable' iPad Pro concept is far from laughable

An0n C0w4rd

Re: file

Or they could use the keyboard to do text selection

shift + left or shift+right selects text one character at a time

command + left or command+right selects from the cursor to the start or end of the line

option + left or option + right selects the word to the left or right

3
0

Intel's Broadwell Xeon E5-2600 v4 chips: So what's in it for you, smartie-pants coders

An0n C0w4rd

Re: will do methinks for a new Mac Pro

you can never have enough cores!

1
0
An0n C0w4rd

working TSX?

Quote: "while teasing developers with goodies like posted interrupts, working TSX,"

Surely that should be

"while teasing developers with goodies like posted interrupts, allegedly working TSX,"

Pretty much every Intel chip product of the last decade (and probably longer) has had multiple errata, I suspect most of them found after release. I think claiming TSX is working is a bit premature until it's seen in the wild for a while.

2
0

Lights out for Space Vehicle Number 23: UK smacked when US sat threw GPS out of whack

An0n C0w4rd

Telecoms companies

I'm curious, what telecoms companies rely on GPS for any timekeeping? Muxes and the like (at least the ones I saw) had no external clock/timing source, and POTS exchanges (even digital ones) have been around long enough to pre-date such clock sources so I can't see them relying on that either (I've seen a few 5ESS systems in the USA, didn't go into the details of the different inputs)

Mobile phone companies maybe?

0
0

Inside Intel's CPU-level multi-factor auth (and why we've got deja vu)

An0n C0w4rd

Quote: "It's supposed to help employees who are bad at remembering complex passwords"

It will do, until they lose their phone, or the system breaks and goes into some failsafe mode that needs the password, and they then need to remember their long and complex password, which they haven't used at all so they have no hope of remembering it

Wait until the system breaks for everyone at the same time and then watch the helpdesk melt.

9
0

Oracle Java 'no longer the greatest risk' to US Windows PC users

An0n C0w4rd

Puzzled

secunia PSI warns you (and also scans once a week by default) about out of date software. So I'm puzzled by people who have PSI installed and don't keep up-to-date. They clearly had/have an interest in patching their systems, else why install PSI in the first place? Maybe the Windows habit of hiding tray icons by default contributes to delinquency?

3
0

Thousands cut off from email after EE bungles domain renewal

An0n C0w4rd

all ee domains seem to be 1 yr renewals

orange.co.uk, t-mobile.co.uk, ee.co.uk, etc, all expire in 2016. guess they're short of money.

2
0

Sign of the telly times: HDR shines, UHD Blu-ray slides at IFA

An0n C0w4rd

Re: When HDR becomes prevalent ...

Maybe Sky will also quit using 50i outputs and give decent data rates for their encoding so the picture doesn't look so crap

Who am I kidding. Never happen.

1
0

Microsoft backports data slurp to Windows 7 and 8 via patches

An0n C0w4rd

settings-win.data.microsoft.com.

anyone know how this is "hard coded"? Would blocking it on the DNS server work?

0
0

Chinese gang shoots down aerospace security with MSFT flaws

An0n C0w4rd

Re: Oh dear. Same old tricks still working.

CIO is probably not the problem. The CIO on their own is likely not sufficient to enact change as they still need to rely on budget approvals from other people. The CEO and the entire board of directors (including the chairman) need to be liable. Only then will START to change.

I am starting to think that people that say antivirus/antimalware/IDS and IPS are the wrong solution are correct. Antivirus/antimailware only work once the signature of an attack is known. Most IDS and IPS are set up the same way, look for known attack traffic and then respond.

No, you need to set up your systems to allow known legitimate traffic/files/applications and block everything else (i.e. whitelist good stuff, not blacklist known bad stuff). Only then will security start becoming effective.

3
0

German railways upgrade their comms tech from 2G to 4G

An0n C0w4rd

ECML

Recently read somewhere else a story about the Network Rail plan to switch the East Coast Main Line (between Kings Cross and Edinburgh) over to ERTMS, at least in the southern part of the route, due to European compatibility regulations

http://www.railengineer.uk/2015/03/18/the-challenge-of-ertms-on-the-ecml/

They specifically call out 2G based GSM-R as a problem. What's the bet that the Germans upgrade to 4G based radios and the UK subsequently installs a 2G based solution because we're idiots?

1
0

Never mind falling revenues, BT watchers, look at the footy offering

An0n C0w4rd

Re: Really...

"Apparently you need to have BT Internet service to take their TV!"

Not exactly a surprise. They can properly manage delivery of the service over their network (anything not picked up off Freeview is sent over IP). QoS and other stuff which allow you to prioritise delivery stops the second a packet leaves your network. Plus paying other broadband customers to deliver your TV service probably isn't in their model.

I have a sky box and it's plugged in to my home network, but I only let it through the firewall when I want to download a program. I don't want the damned thing sending/receiving data when I'm trying to do other stuff on my crappy bandwidth (the service itself is excellent, for a 10 year old tech, i.e. ADSL2+. pity NeverReach don't want to extend FTTC or FTTP to my street, and I'm not holding my breath for G.Fast to appear any time soon)

0
0
An0n C0w4rd

Re: It is NOT fibre ...

I know of a company which laid high speed Internet cables through some of the poorest areas of a given city just to pump up the "homes passed" figures. The people couldn't afford the basic service, let alone all the other stuff they were selling. It was mostly a waste of money, but it appeared good to investors.

The metric needs to be retired and replaced with something more meaningful which indicates the ability of the residents in the premises passed by a cable to actually afford one or more of the services provided.

0
0

Peering closer at 3D XPoint memory: What are Intel, Micron up to?

An0n C0w4rd

Re: Missed one mystery

To a degree it probably depends on the controller driving the chips. It looks like it could be more like RAM, but initial implementations may present it as a block device to aid adoption before trying to create new places in the storage stack for it.

0
0

It's OK – this was an entirely NEW type of cockup, says RBS

An0n C0w4rd

@J.G.Harston

If that's true, then they don't appear to have much slack in the system. It should surely be able to process more than another 150k transactions per window without melting?

2
0
An0n C0w4rd

Re: Oh yes it is

I've yet to meet a piece of software that has no bugs. You can put in DR and backup systems to your hearts content, but a single line of code can bring the entire lot crashing down around your head.

2
1

Vapourware no more: Let's Encrypt announces first cert dates

An0n C0w4rd

1) free (basic, i.e. not the EV ones that give the green flag on the address bar) are already available and honestly not that complicated to get (installation can still be a pain)

2) so far no-one seems to have solved the underlying trust issue (i.e. can we trust that the CA issued that cert to the entity you think you're connecting to), other than relying on dnssec, which isn't widespread enough yet to make a noticeable difference (RFC 6698). Even DANE is not without potential issues, since it can be used to make phishing sites look legitimate ( see https://www.imperialviolet.org/2011/06/16/dnssecchrome.html )

0
0

HGST says its NVMe flash card will manage 750,000 IOPS

An0n C0w4rd

Re: Very cool

Unless my calculations are out:

743,000 x 4k read ops/sec = 2,972,000 kb/sec = a shave under 3GBytes/sec

160,000 x 4k write ops/sec = 640,000 kb/sec = 625 MBytes/sec write

Without pondering PCIe bus saturation problems (only using 4 lanes of PCIe so there should still be capacity, in theory) I've definitely seen applications that could chew through those throughputs, or make a pretty sizeable dent in them anyway. Netflix Open Connect comes to mind as one of the more obvious applications.

Plus, it's not just the IOPS you need to consider. It's the latency. Even if you can't hit the IOPS, if you reduce the latency of your application 5x or more, the cost could be justified in various situations where the read or write of that piece of data is a blocking action for something else, e.g. a database. If you have to hit the DB 20x to do one action, you just sped that action up tremendously.

0
0

Vodafone: So what exactly is 'ludicrous' about the Frontier report?

An0n C0w4rd

Not entirely sure OpenReach as part of BT is the problem

There is little incentive to lay competing cable to reach consumers in the UK. The logical choice would be cable companies, but despite a large number of cable companies springing up in the UK during my lifetime, Sky drove most of them out of business, and the few that remained went to Virgin Media which hasn't really done much to invest in reaching more homes.

A large factor in that is the cost of laying cables, because that involves digging up streets to put in new ducting.

Perhaps separating ducting from the rest of the infrastructure would help so companies can rent/buy duct access to run their own cable if they wanted to, thereby providing true competition for the last mile instead of just letting OpenReach dictate what the UK should be offered.

1
0

This ISN'T Net Neutrality. This is Net Google. This is Net Netflix – the FCC's new masters

An0n C0w4rd
Trollface

Aha

So the real reason is revealed. The NSA lobbied the FCC to make sure that the companies that they scrape their data from are able to get the data to their warehouses from the consumers.

1
0

US air traffic control 'vulnerable to hackers' says watchdog

An0n C0w4rd

Sigh.

“Sophisticated terrorists could even steer planes into one another”

Really? Guess the Senator has never heard of TCAS then. You could probably try to get Cessna 152 and 172s to collide (no more than 4 people on board each plane), however they go slow enough that VFR visual scanning would normally catch the collision. Every scheduled passenger flight has TCAS by FAA mandate (and CAA in the UK, etc) which prevents that exact situation from happening.

You'd stand a better chance of CFIT (Controlled Flight Into Terrain) because there ARE some weaknesses in the prevention systems there, but you'd have to be in IFR conditions with no visibility and find a suitably steep mountain that wouldn't trigger the "Too low, terrain" warning until it's too late, at least until the GPS based terrain warning systems are available and generally used.

1
0
An0n C0w4rd

Re: Heathrow?

It is definitely LHR. You can see the T5 toast-rack configuration at the left and the T4 oddity at the bottom right. Must be an old pic because the new toast-rack for T2 is missing. I think the pic pre-dates T5C coming online actually.

1
0

EFF fears crims are getting smart to Superfish SSL flaws

An0n C0w4rd

Re: Who's laws would they be breaking?

@Bronek Kozicki

As far as I am aware, there is already legal precedence for the wiretap laws to be used for Internet traffic, and it doesn't have to be for SSL traffic, *all* IP traffic counts.

The trouble comes from the license agreement. As far as I understand it, enterprises can put fake SSL signing certs onto their computers so that they can intercept SSL connections at their IDS/IPS/filtering gateways so they can make sure that no malicious traffic is found because you likely agreed to it as part of the conditions of employment.

If Lenovo put that in the license agreement (that no-one ever reads) then they *may* have a get out of jail free card.

0
1

TalkTalk 'fesses up to MEGA data breach

An0n C0w4rd

Re: How did that actually work then?

@Lallabalalla

In theory direct debits should be secure as the signature on the authorisation form should be compared to what is on record at the bank. In practice I suspect that was never done.

Also, as far as I know there are now 100% electronic direct debit instructions, so in theory yes, a DD could be made just on sort code, account number and the name of the account holder.

1
1

Errant update borks Samsung 850 Pro SSDs

An0n C0w4rd

@Tubs

SSD manufacturers warn that FW upgrades MAY lose data, but only occasionally do they say a particular upgrade WILL lose data, and they tend to put big warnings around that.

I suspect the "MAY" comes from the fact it's difficult to prove a negative. You can't prove all SSDs in all systems will upgrade correctly without data loss, so the CYA option is to put the "we may wipe your drive" line in there.

3
0
An0n C0w4rd

Re: Think people

@gerdesj

I'd be curious why RAID with SSD is "really hard"? I've seen people claim that identical SSDs in RAID are a bad idea as they tend to fail (i.e. write lifetime expire) around the same time, but beyond that I'm not sure what you mean.

Also ZFS works with SSDs as a L2ARC or ZIL without a SAN and while it'll never fit on a laptop in that configuration, it'll work quite happily in a desktop without a big SAN.

5
0

Hacker hijack 'threat': Your car's security is Adobe Flash-grade BAD

An0n C0w4rd

Re: Missing data?

@Voland's right hand

Where does the dealer get the data from? It would have to be stored in the car. So the missing data source is still missing,unless I'm being dumb (always a possibility)

0
0
An0n C0w4rd
Big Brother

Missing data?

Quote: "On the privacy side, all of the 2014 models put out by car makers that responded to the survey collect some form of information from their customers, with 25 per cent storing it on the car and half transmitting it back to corporate servers, where it is kept for up to ten years in one case."

So if I am reading it correctly, all the 2014 models collect data, but 75% or less store it on the car and/or transmit it back to corporate servers. What do the rest do?

0
0

Blighty quietly signs deal to read giant EU border control database

An0n C0w4rd
WTF?

Why was some of this not in other databases?

"37,000 European Arrest Warrants and 60,000 missing children and vulnerable adults" - shouldn't that be in a police database that we already have access to?

Likewise the identity document alert we should have had access to when it's checked with the country of issue (which I hope we do for all the time people stand waiting at the border for the border computer to process the document). if not, wtf are we waiting for?

1
0

BBC bins pricey Windows Media, Audio Factory goes live

An0n C0w4rd

"Here is what we are doing, you will support it"

I like the bit at the end of the article that implies the BBC thinks that it is up to device manufacturers to support the way they are delivering content, rather than the BBC selecting already widely supported formats and distribution mechanisms.

7
3

FBI fingering Norks for Sony hack: The TRUTH – by the NSA's spyboss

An0n C0w4rd
WTF?

quote article: questioning the official FBI narrative was “counterproductive,"

yes, because blindly trusting everything the government says works so well?

Oppressive regimes, say like North Korea, would LOVE it if people just blindly believed the government. Are the Feds really trying to say they're somehow better?

16
1

One Sync to rule them all: How Microsoft plans to fix OneDrive

An0n C0w4rd

"Why did Microsoft ever think that two different cloud storage services with nearly the same name, but different clients, was a sensible idea?"

I guess you've never worked in marketing. Who cares what the technology is, must have a good name that people will recognise!

Which is, of course, why the marketing people will be first to be shot when the revolution comes.

6
0

EU-Canada airline passenger data-sharing is not a done deal

An0n C0w4rd

'merkins

The Americans will simply say "your airlines will share their PNR data or they won't be allowed over our airspace" and the EU will fall over itself to comply (again). I strongly suspect if you buy a ticket from a US airline (or on a US airline via a code share with an EU airline) your PNR data is already shared and there probably isn't much the EU can do there since you're dealing with a US entity, so it creates a situation where the US wins anyway - either the EU airlines share their PNR data, or they stop EU airlines flying to the USA and force people to buy tickets with airlines that DO comply.

I seem to remember the EU negotiated (allegedly) tougher set of restrictions on PNR sharing, and the US thanked the EU and then pointed out that nothing changed because of some get-out-clause, and in fact the "tougher" restrictions may have ended up being less restrictive as a result.

0
0

Net neutrality, Obama, FCC, Title II:Your ESSENTIAL guide to WTF is happening

An0n C0w4rd

Example of how well the laws work

Some of the late 80's/early 90's legislation opened the doors to having more than one provider in an area, e.g. if Comcast was the incumbent cable company then someone else could come along and build out a cable network and compete with Comcast (or VZ, or Cox, or AT&T, or SBC, etc).

This, in theory, was a great idea

In practice it had major issues because while the FCC let it happen at a national level, it could fail at a local level (but not always)

A company I know of tried to get permission to build out a competing network in Baltimore, MD. Despite multiple submissions to the city leaders, the decision got repeatedly delayed. And delayed. And delayed more. They were never explicitly told "no" from what I understand, but they were never told "yes" either. Why? The Comcast head office at the time was literally *across the street* from the city offices.

End result? Baltimore never got competing services.

There are other stories I've heard too about local interference for petty political reasons, ultimately to the detriment of consumers. Such as the incumbent cableco in another area didn't have an obligation to provide service to the entire county, but when a competing provider applied to build out service they were told they had to run cable to every property in the county. Fair? Don't think so.

Light regulation only works when everyone plays nicely together and has equally big bank accounts. When one provider is significantly bigger than another, regulation is needed to stop the big guy squishing the little guy like a bug on a window of a high speed train.

The last mile providers think they own the eyeballs and that since there tends to be no effective local competition they can do what they like to protect the revenue/profit stream they've set up. They need to be shown the error of their ways.

7
0

UK smart meters arrive in 2020. Hackers have ALREADY found a flaw

An0n C0w4rd

Re: fucking fucking retards

it will make a difference to consumption when the govt (or energy company or national grid) decide you're using too much electricity at a peak demand time and turn your supply off the "manage grid load", of course since this is done in the National Interest(TM) you have no choice but to accept it and no recourse for compensation, etc.

It's the only way that this can play out which will make any significant difference to energy usage.

5
0
An0n C0w4rd

Re: The actual government PDF makes for depressing reading

"Demand-side response involves electricity users shifting (or reducing) demand usually prompted by price"

the worrying thing is what the "unusual" methods are. I suspect "load shedding", in other words rolling blackouts to reduce grid load, probably using the smart meters to turn off your supply. possibly based on which tariff you are on (more expensive tariff = less likely to be turned off or something)

I'm sure the government will tout this as being green, but all that will happen is it will drive the sale of inefficient petrol, diesel or natural gas based generators to homes/business keep the lights on.

"Licence conditions allow suppliers to access monthly (or ‘less granular’ i.e. less frequent) consumption data for billing and other regulatory purposes without needing consent. There will be a clear opt-out for daily collection of data, and an opt-in will be required for use of the most detailed half-hourly consumption data"

How can a consumer prove one way or the other? if the meter reports hourly data no matter what, the provider can use that data and mask it behind something else.

3
0

APPLE support doc CONFIRMS 'ORGANIZED NETWORK ATTACKS'

An0n C0w4rd

Quote: "There is an ongoing battle between those who desire to capture information and those who desire to communicate without surveillance."

That's not limited to just China

5
0

Hey Apple, we're gonna tailor Swift as open source – indie devs throw down gauntlet

An0n C0w4rd

Re: not convinced

I honestly can't remember what the original BSD distributions from UCB CSRG used, but the F/OSS BSDs have traditionally used gcc.

1
0

Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan

An0n C0w4rd

Time

Right now there is still some public resentment about the NSA stories coming out post-Snowden. Wait a few months or maybe 1-2 years and then the Feds will be able to sneak anti-crypto legislation in without hitting the headlines.

The reason I say that is that it will give them enough time to invent some cases that prove that crypto that the Feds can't crack through a subpoena are causing people to be killed by kidnappers or causing children to be sold into prostitution (or whatever). The fact is right now the Feds cannot point out a SINGLE case where crypto prevented them from solving it, and the 3 cases Mr Comey (FBI Director) highlighted in a recent speech had nothing to do with crypto AT ALL ( see https://www.schneier.com/blog/archives/2014/10/more_crypto_war.html )

1
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017