* Posts by Adam 1

2064 posts • joined 7 May 2012

Tech firms take down WireX Android botnet

Adam 1
Silver badge

> The botnet was used to launch distributed denial of service attacks by spamming out HTTP GET requests until website connections crumbled under the load

I would have thought that a slowloris DDOS would have been more effective from a mobile device and much harder to detect.

0
0
Adam 1
Silver badge

Re: Patched?

I don't imagine such a patch (for the attack vector) involves pushing anything to a phone. More likely to be patching their automated scanner for their play store with some heuristics to flag up such techniques. But criticism about the difficulty Android manufacturers seem to have in promptly providing patches is definitely warranted.

3
0

New York Police scrap 36,000 Windows smartphones

Adam 1
Silver badge

Re: iPhone?

Well now they have Jesus deciding on the phone so it makes sense. And now Cook is in charge, he doesn't need to enter into arguments over who is the Messiah.

5
1

NSA ramps up PR campaign to keep its mass spying powers

Adam 1
Silver badge

Rank amateurs

If they want public support, they are going to need to do better than "Section 702 Saves Lives, Protects the Nation and Allies". Try something a bit more personable like Slurpy McSlurpface.

1
0

WannaCrypt NHS victim Lanarkshire infected by malware again

Adam 1
Silver badge

Re: Utter Bastards

> And where the fuck are the people at GHCQ when we need them?

Er, 'bout that. Maybe you don't want to look at where the Wannacry miscreants stole that exploit from. I'm sure GCHQ would love to give them a stern talking to, just as soon as they finish handing over all the security researchers who have been assisting in other investigations.

18
0

China to identify commentards with real‑name policy

Adam 1
Silver badge

匿名懦夫

Coming soon to elreg.cn

6
0

Chrome wants to remember which Websites to silence

Adam 1
Silver badge

Re: Hallelujah

Sorry guys. We've just been so busy figuring out how to compile a list of the most visited sites out there, we haven't had the time to pop a checkbox on the options page.

3
0

Ad blocking basically doesn't exist on mobile

Adam 1
Silver badge

Re: Finally I'm the 1%

uBlock origin (for example) is on github and is GPLv3. The moment they stay any funny business will be the same moment the project gets forked. Whilst I'm sure they would appreciate your donations (and need some), the amount they actually need to survive and even thrive works out to be a very small amount by a very small percentage of users.

Asking "how does this thing make money" is never a bad idea though.

2
0

Forget trigonometry, 'cos Babylonians did it better 3,700 years ago – by counting in base 60!

Adam 1
Silver badge

Re: a reasonable builder's approximation

7 * 7 = 50, but only for sufficiently large values of 7

6
0

Node.js forks again – this time it's a war of words over anti-sex-pest codes of conduct

Adam 1
Silver badge

Re: "there are downsides to codes of conduct"

> participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation

Shirley it should include the full harassment free experience whether one pads left or right

/I'll grab my coat

10
0

El Reg gets schooled on why SSDs will NOT kill off the trusty hard drive

Adam 1
Silver badge

Re: What's in it for me?

A media server with 10TB of storage isn't mainstream. HDD will own that market for a few years. Whilst you are correct that SSD is more likely to just die without warning, you also assume there that a typical user will take action the first time they see an OS not detected press F1 message on boot or hear the click of death. Sorry, not buying it. My experience of typical users has been "oh yeah it did make a funny sound, blue screen, tell me there was no os last week, but I reboot it again and it seemed fine". Even a highly paid software engineer who I was working with (who definitely should have known better) had the click of death whilst I was checking something with her. I said that doesn't sound good. So she did absolutely nothing until a week later when it failed and she lost a day's work. So it's only an advantage if you act on it.

On price, the floor is much lower than a HDD. Whilst they can make a 32GB HDD, they can't do it at the price of the same capacity flash drive. At some point, the amount of storage that your Dell/hp whack into their desktops by default is going to be the same price point. The default purchase will then be a SSD, and you will flick to HDD if you need additional capacity. I don't think that is as far away as presented in the article.

3
0

Mozilla ponders making telemetry opt-out, 'cos hardly anyone opted in

Adam 1
Silver badge

Re: NO!

Sure. My issue isn't with being asked. It is with the behaviour when the user doesn't know the option exists. Simply, they are solving the wrong problem. Imagine that you saw the following message after an upgrade.

"We'd love your help. We think we can improve your experience/achieve peace in the Middle East/whatever if we collect information about the websites that you visit.

This is what we will gather...

This is how we will protect your privacy...

Can you help us?

* Yes, sure

* No thanks

* Busy now, ask me tomorrow

As long as Yes, sure is *not* checked by default unless you have previously opted in, I am totally happy to be asked. I will still answer No (which may well be an El Reg commentard thing), but I have no objections being asked.

4
0
Adam 1
Silver badge

NO!

Don't do it.

> because so few have opted in that it's hard for developers to get a good sample of what causes problems.

Did it occur to them that so few have opted in BECAUSE they don't want it on? If we want to be slurped we would just use chrome.

38
0

ASUS smoking hashes with 19-GPU, 24,000-core motherboard

Adam 1
Silver badge

Love how you can be down voted for asking a question that isn't answered by TFA.

A short correction to my post. It would be 35,000x faster than this (mixing up my GHs and THs). If you mention crypto currency and you aren't talking about Bitcoin, you actually need to state what you mean.

0
0
Adam 1
Silver badge

> The result? 407 megahashes per second, if the planets align

That math doesn't look right. The antminer s9 is allegedly good for 14THs (call it 35x faster for somewhere around US $2500). If we're comparing apples and apples then you are going to want a pretty special price or at least another zero in the hashes per second stakes.

0
1

Germans force Microsoft to scrap future pushy Windows 10 upgrades

Adam 1
Silver badge

sweet

Now I just need to learn German.

6
0

Speaking in Tech: I am Wink, Wink.i.am, do you dig my smart home jam?

Adam 1
Silver badge

Not sure who is writing/doodling on their papers during the recording but it is quite noticeable (eg 44 minutes in). Unless it's Greg trying to get out the boot/trunk.

0
0

Lottery-hacking sysadmin's unlucky number comes up: 25 years in the slammer

Adam 1
Silver badge

Using the time as a seed is a bad idea™ when you know the time it will be run (or at least can narrow it down to a relatively small window). It lets you rule out a whole swath of possibilities.

0
0
Adam 1
Silver badge

Shirley, his lawyer, could have got him off with a little more creativity. Your honour, my client was asked to write a function that returns a random number. This was a simple misunderstanding, nothing more.

2
0

IBM likely to close Australian data centre

Adam 1
Silver badge

> but is over 25km and an hour's drive from Sydney's central business district, and 90 minutes from its airport at peak times. ®

Or about 5 minutes drive from Castle Hill station which is opening in a year or two.

0
0

75 years ago, one Allied radar techie changed the course of WW2

Adam 1
Silver badge

I don't know. Socrates is all Greek to me.

/Sorry, I'll grab my toga*

*which you'll no doubt point is Roman rather than Greek.

3
0
Adam 1
Silver badge

"The children now love luxury; they have bad manners, contempt for authority; they show disrespect for elders and love chatter in place of exercise. Children are now tyrants, not the servants of their households. They no longer rise when elders enter the room. They contradict their parents, chatter before company, gobble up dainties at the table, cross their legs, and tyrannize their teachers."

-Socrates (469–399 B.C.)

/Now get off my lawn

31
0

Foxit PDF Reader is well and truly foxed up, but vendor won't patch

Adam 1
Silver badge

Re: dropped it a few years back

Worse. I actually enjoyed your joke, but I think there is a fundamental difference between adware, creepy tracky browsers and something that silently scans your PC to see what is installed, changes your homepage/desktop/toolbars as it sees fit. In one case it is the price* they are asking to use the software. In the other, they are not upfront.

*Whether that price represents good value is left as a judgement call on the reader.

1
0
Adam 1
Silver badge

dropped it a few years back

As soon as they started bundling spyware in their installer.

13
0

Linux-loving lecturer 'lost' email, was actually confused by Outlook

Adam 1
Silver badge

You didn't show him how to change the font to white?

7
0

Intel's 8th-gen CPUs are called Ice Lake. And so are the 9th-gen

Adam 1
Silver badge

Re: The Answer You're Looking For

Hey, get off my lake!

1
0

Nokia's comeback is on: The flagship 8 emerges

Adam 1
Silver badge

Re: No wireless charging? No sale.

Also, some newer cars have a Qi pad built into the little nook where you chuck the phone. Sure there's USB ports in there too, but we're talking about the 15 seconds of nuisance every time you hop in and out. Shirley the harder needed would be under a dollar. There are plenty of things I'd lose* before wireless charging.

*Sadly, my Nexus 5 finally succumbed to a dead screen. I could deal with the broken power button, the broken mic, and 2 hour battery life, but I had to say bye when the screen died replacing the battery. New cheapo doesn't have wireless charging. First world problems totally, but I do miss it.

2
0

Outage outed: Bing dinged, Microsoft portal mortal, DuckDuckGo becomes DuckDuckNo

Adam 1
Silver badge

Re: @Justin

> At best sites can find out that you used DuckDuck somewhere in the past

Shirley it is just DuckDuckGo that can read that cookie (save some XSS bug obviously).

4
0
Adam 1
Silver badge

Re: "CMOS" as a sample test query?

I always use a phrase that is sure to be on my browser cache.

1
0

Slurping people's info without a warrant? That's OUR JOB, Google, Facebook et al tell US Supreme Court

Adam 1
Silver badge

> Slurping people's info without a warrant? That's OUR JOB, Google, Facebook et al tell US Supreme Court

There is a fundamental difference between making an active decision to share information about yourself in exchange for a service you think you want* and being compelled to share such information with a government. I can decide not to use twitface if I don't think that trade-off is reasonable. I am not compelled to use it and they are not able to incarcerate me** or fine me***. The state however can demand my information from me or my service providers, arrest or fine me or apply some other form of punishment. As that power can be abused, we have separation of powers to limit what any arm can do. A warrant is simply the judicial arm agreeing with the police that the restrictions that should normally apply can be overridden in this specific case, with limitations (it's not a free for all). Again, this is to protect society from a rogue police chief. The fact that it limits their capabilities is not an oversight but a core design principle.

*Irrespective about my view on whether it's think that you are making a wise choice.

**Can't really comment on what is possible in THE LAND OF THE FREE.

***Any "fines" they can issue me are only possible because I have entered into a contract with them, so it is underwritten by a legal framework which the companies do not write (although see previous point (

1
0

Brit firms warned over hidden costs of wiping data squeaky clean before privacy rules hit

Adam 1
Silver badge

Re: It is just not going to happen

@drsyntax

> it will then have a bearing on competitiveness

Exactly as I wrote:

> Unless one of the competitors can actually figure out a cost effective way to comply which is cheaper than the fines

There is no bearing on competitiveness unless someone is able to come up with a more efficient way to comply (or a loophole that means they don't need to).

Otherwise the cost will either be absorbed by the shareholders or the customers. Maybe some companies might strategically sacrifice shareholders' profit to grow market share but eventually customers will pay. If I sell a service for 50 quid a month and my competitors are similar in price and I have a new regulation that costs 5 quid a month, I can either raise prices to 55, decide to live on 45 paying the 5 out of my own pocket or leave it at 50 and hope I don't get caught. Perversely, the latter will also grow market share from those who do comply. Laws of unintended consequences and all that...

0
0
Adam 1
Silver badge

Re: It is just not going to happen

Fines will be treated as a cost of business and passed on to customers. Whilst supply and demand curves should see a reduction in demand if price rises, that can in practice take a while to flow through because of inertia and frankly some services would still be valued at the higher price point.

You see this all the time as currency movements make imports or exports cheaper or dearer. Unless one of the competitors can actually figure out a cost effective way to comply which is cheaper than the fines, the customer will pay the fines. Maybe in the short term some vendors might make a sell at a loss market share ploy giving the best of both worlds (ie, compliance + no price increase), but I wouldn't hang my hat on it lasting.

2
0

US military spies: We'll capture enemy malware, tweak it, lob it right back at our adversaries

Adam 1
Silver badge

> Once we've isolated malware, I want to reengineer it and prep to use it against the same adversary who sought to use against us

What does the DoD have against NSA?

8
0

World's largest private submarine in mystery sink accident

Adam 1
Silver badge

I sea what you did there

/I'll grab my wetsuit

1
0

Infosec eggheads rig USB desk lamp to leak passwords via Bluetooth

Adam 1
Silver badge

Re: Uh-oh!

Pfft. Easily defeated with a piece of cardboard and sticky tape. Real l337 haxors would ramp the CPU load up and down to encode the HDD data using fan speed and the mic on a nearby machine as a pick-up.

2
0
Adam 1
Silver badge

Wait what!? You want FireWire rather than USB because you think it's more secure?

Er, no. It gets a DMA side channel that can bypass pretty much any OS level control. The bypassing the OS bit is why it is (or at least was) so much faster than other standards of its day.

https://github.com/carmaa/inception

1
0

Ancient IETF 'teapot' gag preserved for posterity as a standard

Adam 1
Silver badge

more important than ever

Shirley the need for a 418 response is more justified than ever before given the vast growth of IoT interconnectivity.

9
0

Good Lord: Former UK spy boss backs crypto

Adam 1
Silver badge

Re: Won't make any difference.

You guys are lucky. At least you have the commendable laws of mathematics. We don't get them here.

6
0

Schoolboy bags $10,000 reward from Google with easy HTTP Host bypass

Adam 1
Silver badge

Re: Kudos to all involved

Google has well thought out policies about what is permissible. The $10K looks to be for "Logic flaw bugs leaking or bypassing significant security controls" with "remote user impersonation" listed explicitly as an example. If you were strictly applying the rules you could argue that "Never attempt to access anyone else's data" wasn't followed, but there is also an argument that he couldn't know he would be accessing confidential data before it redirected him, so it isn't like he's trying to access another user's Gmail or something I think they probably just appreciated that they know about it before* it was maliciously exploited.

*Probably

1
0
Adam 1
Silver badge

Re: Kudos to all involved

Responsible disclosure. Freaking autocarrot.

9
0
Adam 1
Silver badge

Kudos to all involved

Firstly, to the kid for responsive disclosure and for being so level headed ("I just think it was a very simple bug")

Secondly to Google for just paying the bounty. Certain other companies would try and get the kid hit with some ridiculous charge or threaten if he so much as farts in public they'll throw the book at him.

Textbook stuff.

32
0

US court system bug opened hole for hackers to scoop up legal docs for free on victims' dime

Adam 1
Silver badge

Is that why ...

... they needed Hutchins for the weekend?

0
0

Horsemen of the disk-drive apocalypse will ride upon 256TB SSDs

Adam 1
Silver badge

Re: What do you mean...

No not the one with the entire British library, the other one with the 8K VR video stream of kittens riding on Roombas.

11
0

Microsoft bins unloved Chinese cert shops

Adam 1
Silver badge

A CA has one job

Guarantee me that the certificate provided by the website belongs to the folk that control that website. If what you do means that yes might not actually mean yes then you are failing at your one and only job. You are simply wasting space in my cert store.

5
0

Marcus Hutchins free for now as infosec world rallies around suspected banking malware dev

Adam 1
Silver badge

Re: Blind support

> He is is definitely innocent, since he has not been proven guilty

He is not definitely innocent. Simply, no judgement about his innocence/guilt has occurred. He retains the same right to be treated as innocent as someone who has not been accused. By the way, my sentence you quoted is out of context without the one that followed pointing out that every person is in one of those categories.

> since one is presumed to be innocent, there is no need to be declared 'innocent'

Correct. I used declare in the context of the English translation of the Latin quote to tie it together. Basically, being accused of something doesn't imply anything about your guilt. Big problem is that it doesn't stop people inferring it, which is why reporting about it is such a difficult thing to get right.

1
0
Adam 1
Silver badge

That is quite unjust. I get that bail offices need to close, particularly in smaller regions*, but given the probability** that the accused may turn out to be innocent, there has got to be a better way. Again, assuming that all is in place except the money, why can't they accept payments via bitcoin or direct transfer or PayPal or ...... Of course some of these won't work, but it's worth trying to make the process a bit fairer.

* Not that this is the case here

** Even if it is small, it is definitely non-zero

2
0
Adam 1
Silver badge

Re: Who hasn't written "malware" code?

I once wrote a small service that ran on a colleague's machine. When issued a command from a client application running in my system tray, it would eject his CD ROM tray. Entertained us for the better part of a week. Now I'm older and wiser, I wish to publicly apologise for authoring botnet.beverageHolder

8
0
Adam 1
Silver badge

Re: Blind support

> innocent until proven guilty

If you squint the right way that phrase is ok. The problem with it is that there is an indirect implication of guilt and the problem is simply proving that.

> innocent unless proven guilty

That phrasing is better but it still allows people (usually the shock jocks) to focus on the proven bit and not the innocent/guilty question. "We know t'was you what done it. We just aren't allowed to waterboard a confession (mutters something about partisan activist judges).

I prefer something like "starts from the presumption of innocence". The exact legal principle we are talking about comes from the Latin

"ei incumbit probatio qui dicit, non qui negat"

The burden of proof is on the one who declares, not on one who denies

It is based on the knowledge that our capabilities to investigate are limited by skills, resources, technology and environmental factors. Because of these limitations, sometimes we cannot know for sure one way or the other. Sometimes we might be 99% sure of innocence or 99.99% sure of guilt, but convicting an innocent person is much more abhorrent than wrongly releasing a guilty person.

I'm proud of that legal tradition. It's a shame that our elected representatives so often come up with brain farts that counter this principle.

So on this case, Hutchins denies the charge. He might be innocent. He might be guilty. Each and every reader of this comment is in one of those two categories for this crime. He has been charged (declared), so at least the authority there thinks that they have a case. Well fine, but theirs is the burden of proof, not him.

12
0

FBI's spyware-laden video claims another scalp: Alleged sextortionist charged

Adam 1
Silver badge

> The NIT involves a specially crafted video file – such as this one

I was half expecting to be Rick rolled there.

12
0

A sarcasm detector bot? That sounds absolutely brilliant. Definitely

Adam 1
Silver badge

Just makes me want to use a message containing a bunch of U+2395 characters (⎕) for the perverse thrill of watching the recipient try to find a font that can display it.

Still not quite as evil as this.

1
0

Forums

Biting the hand that feeds IT © 1998–2017