Posts by I Am Spartacus 201 posts • joined 17 May 2012
The MPS has had a guard on the Ecuadorian Embassy dor for some time and racked up considerable cost to the British Taxpayer. We did this because there was an arrest warrant for Assange (TM).
Now that they have just dropped the case, we are left with the bill. Shouldn't the Swedes pay the cost of this?
If a robot tries to fsck you after sex, I would be seriously worried.
I understand the concept and technology behind Blockchains. It is an interesting way to handle transactional data where the audit log has to be inviolate. It works very well where there is a contract of some sort (I sell you some medical records, you provide me with some money).
But as a way to exchange sensitive information? I just don't get this. For a start, medical records are large. Huge. Especially if they have scans that need to be transferred. This is not a suitable use of a blockchain;
Then there is the distributed nature of the information. Yes, it's great against failure provided you have enough participants. But it does mean that anyone who can join the chain can request to see anything that they want. So, the data needs to be encrypted against unauthorised access. So, now you have the issue of key management and key distribution. In the meantime, I can see the data, albeit encrypted, and I can start cracking it.
Or is that what they are actually doing: making the encrypted data available, and then sending the key, itself encrypted, via blockchain. Now that might actually make some sense, as now we have a record of who has seen the keys. Using blockchain as an audit.
Honestly, this all sounds as though IBM have a solution and now every problem they come up against needs a blockchain as a solution.
It used to be that the solution was IMS; then it was DB2; then it was MQ-Series; now its blockchain.
Or am I being overly cynical?
"Yes, some of those will be it's-late-December-and-there's-less-news-to-write-so-let's-pad-things-out-with-On-call efforts."
Have a pint for this!
I would give up my iPhone if it had DUAL sim.
Otherwise it is a "me too" device.
A previous commentator said that they had seen no evidence of hacking a smart meter. This may be true, but once the whole of the UK is on Smart Meters, there will be a desire to hack them.
Imagine this: A hacker uses a botnet to break the master key. It then turns off a number and changes the "secure" password. Then it tells the electricity company to pony up a couple of billion in bitcoins to get the keys back, or they will switch off some more. Which because the leccy company are such ludittes they prevaricate, so the hackers switch off a couple of thousand or so.
The press gets to hear about it now, and all hell breaks lose and every one on el reg says "told you so".
Let's get real: These are devices on an open network. Yes, they may have encryption, but how long will it take to hack?
How long will it take to hack when Quantum Computers become affordable to a rogue nation state?
How will we cope with out the combined Intelligence from Europol that did so much to stop the terror attacks in Paris, Paris again, Brussels, Nice.
We're doomed, doomed I say.
Really? Has anyone stopped to think quite HOW this rule will be enacted? It's one thing to say that because people don't publish their conversations or web browsing that, a) they must be nefarious, and thus b) We have to know who, what, why and where, and the c) [the hard part] actually doing this.
First, to find out who this TOR user is and where they are located is not trivial. It requires either back tracking packets coming in to the network, or having a serious attempt to poison TOR. Neither are trivial to do. Use a TOR enabled browser and your packets payload get encrypted from the moment they are generated, making this much, much harder.
Second, if TOR is routing around the world, any attempt by the FBI it act outside of its jurisdiction is liable to have them breaking other countries laws.
But OK, they have done six impossible things before breakfast, and found out who you are and where yiou are. Now they want to gain access to your machine. So, they need a hole or backdoor. And this is going to come from where? Can you see Apple building this in to OSX and IOS? Micro$soft may be, but even they have some scruples. Linux? Never.
And then, they are in to your host. They have to now break your own encryption key on your disk.
Eventually, they find out that all they have is some teenager looking at p0rn but not wanting his parents to know (because the only reason they didn't do so is because the web wasn't invented then).
Next someone will tell me that any encryption from outside the US is purely theoretical.
I think I have found my own golden goose:
1: Think of a new Taylor Swift-based domain name.
2: Register it
3: wait for her lawyers to want to take control
4: sell it
5: P R O F I T
6: go to 1
But did you read the paper? I am guessing that about half the people on this thread didn't, and of those who opened the paper, 99.999% said 'stuff this - it's all number theory'.
And it is, very advanced number theory.
But I agree with you, There is definite prior art on this.
" if only they had a lot more RAM"
How many times did I say that????
IBM Shareholders up in arms about drop in sales profits.
Salesmen put it down to no one being able to print any IBM sales material, manuals, etc because they all contain IBM copyright images and/or text.
Shareholders shoot IBM printer division en-mass.
Well duh?
I know it's rather new and you might not have heard about it, but there is wonderful website call "Google". Expert commentards often refer to the act of looking up something in Google as "To Google".
Doing this simple task, that is, googling NEO4J, before you post will give people the impression you are intelligent by not asking damn fool questions.
All of this can be rolled in to one pithy little sentence: You can lead a horse to water, but not a knobhead to google.
I upgraded by desktop, and bleeding edge XUbuntu to 16.04 last week and it was fine. No problems at all. It just worked. Very happy.
So I upgraded the LTS server from 14.04 to 16.04.
There are various sites that say you need to update to 15.10 before you go to 16.04. That would seem to defeat the whole idea of LTS, so I ignored them.
Why did I want to upgrade? I wanted the support for LXD. Then I can partition the server workflow in to separate units that do Mail, HTTP, proxy, file server, media server, etc. More isolation, so that a fault in one does not impact on any others.
That could have gone better. First it nuked MySql, and said I had two versions running simultaneously. Loads of errors, including a reference to the fact that it could link to to DropBox. MySql? DropBox? No., I didn't get that one either. Official advice is to uninstall MySql, and all its components. That means uninstalling all the Postfix/courier/authDeamon stuff that also links to MySql.
Did that, and MySql came back sweet as you like.
Then reinstalled all the other gubbins, and mail went down. Hard down. Nothing. Nada Spent the next 6 hours trying to get mail back. First postfix came up pretty fine and could receive emails. But no mail client could connect. Sometime in, I realised that Thunderbird could not connect, but all the Mac's and iPhones could.
Then I got Thunderhead connected, can receive email, but can't send.
Then it all started working. I still have no idea what I did, or why it was broken in the first place, or how I fixed it. But it's working.
All apart from SquirrelMail. That has some very wierd TLS messages.
Message: Works well on Desktops. Take care on servers. But I can now stay on 16.04 for the next 4 years at least, and by then that server should be on the cloud anyway.
As for Systemd. it's fine. No issues. It works well. I don't see any degredation.
No, seriously. There is a ship based system for tracking vessels called AIS. See www.marinetraffic.com (and others). This uses VHF radio transmission. It has long been known that around Skaw and the Skagerrak there is a dead spot. It is why there are so many shore based transponders in the region.
Some year ago, ESA funded an investigation in the effect, using a radar research plane, flying grid patterns in the area. It was found that there is a radar lobe in just this area, which is believed to be caused by the Russians version of the COBRA DANE radar outside Moscow.
Turning that up could have caused some problems in the area at that time.
Just because Cassini is not affected does not mean the planet does not exist.
If the planet is in conjunction to Saturn it would have minimal affect on Cassini.
I watched a guy who had just come back from a VAX/VMS system admin course trying to set up mirrored disk - what DEC called RAID-1.
Before I could stop him, he had mirrored the system disk with a blank disk, but had the blank disk as the master. We watched as the system slowly evaporated and crashed.
Ahh an evening with TU45's loading VMS again.
Nice to know el reg will not have a visit to the chair because of this,
Come on, lets leave the rodent stuff alone
Who feels like installing this and test the new Flash friendly file system? On Ubuntu 15.10 ?
Seriously? You walked with an internal company security audit?
Perhaps because no-one in Government IT can write a contract worth it's salt.
Of the time of the Hurricane in '87. I was at hope wondering how to get the tree off my roof. Got a phone call from the office to tell me that one of the data centres was down (yeah, that's the one that had no electrical backup).
I told the lowly IT bod that I could not make it, and that he should go round the systems and turn all the power switches to off. And to only turn them on, one by one, when the power came back on. Of course, he was overruled because "when the power comes back we need all the systems back on line quickly".
Well, the power did come back on. Fortunately no-one was in the computer suite at the time. This was the time of Vax's, with those old disk systems that look like top loading washing machines. They all power up at the same time. About 40 of them. And there was a huge power surge that the power switch board really didn't like. So much so that it leapt three feet off the wall and fused the whole building.
It took us three weeks to get that lot wired up again!
I resigned shortly after this.
https://www.youtube.com/watch?v=clmfdmSAcNE
That is all.
Ah, I see you have the old head-in-the-sand approach to security.
Everyone says that "this is a bad thing", but because you don;t understand how the M-I-T-M attack works and why a compromised root CA cert is not a good thing, then it can't be a problem.
Tell me, out of interest, are you related to the e Ravenous Bugblatter Beast of Traal (such a mind-bogglingly stupid animal, it assumes that if you can't see it, it can't see you — daft as a brush, but very very ravenous)?
Before you do, take the 1990's style blink tags off your web page. It's horrible.
@Simon Harris
You sir, owe me a new keyboard. Mine is covered in coffee.
You would expect that GCHQ would really want to build underground, thus avoiding any prying eyes, long lenses, or ARIEL photography.
All big spy organisations should have an underground lair
..... and a man with a monocle
..... and a white cat. Got to have a white cat.
Some time ago, got to be at about 20 years, I was involved in putting in an Energy Management System for the late lamented BNFL. Due to some incompetence of the prime contractor for Sizewell B that was being constructed at the time, we almost scrammed the reactor.
Said top-notch boffin saw that we had established connectivity to the mock-up test rig at Sisewell. We were behind schedule (way be hand schedule) and left the test rig our end running through a whole suite of automated tests overnight. This being the Nuclear industry, they could afford the very best VAX kit in a clustered environment, with a wonderful custom made teak and mahogany desks, but not a lock for the computer room.
Well, the Americal white coated to boffin thought that, as we had a connected pc, he could rip it apart and clone all the other PC's from the hard disk. Which he duly did. And then powered all 8 of them on. All with the same network address.
The protocol was designed to check and double check that the reactor unit was going to do what you told it. So there was multiple challenge/responses, designed to ensure that there were no mistakes.
Boffin issued his first command. "Show Status". Reactor mockup says "I think you asked me to show status". PC 1 says "YES". PCs 2-8 all respond "What? no.". Reactor "Are you sure, you asked me to show status". PC 1 says "Yes, get on with it". PCs 2-8 all respond, "Sorry Squire, not us. You are under attack". Reactor: "Ok, I am under attack SCRAMM"
And that was when I got paged as to why I my companies software had tried to shut down East Anglia.
You refer to " three & four letter agencies (TLAs & FLAs) ". You should note that FLA is a TLA. Talking about a four letter agency as TLA is confusing.
The accepted term is that they are an Extended Three Letter Agency, ie an ETLA.
Fixed that for you.
"The Met Office makes use of a state-of-the-art climate model to provide near term climate
predictions"
We Guessed (but used a very expensive computer to do it).
All models are just that, an informed guess. They are NOT accurate predictions.
"As it was mentioned by Anonymous generaly is a very bad idea to use mail server on a broadband connection"
Rubbish. I have a mail server, very similar to what is being proposed in the article, running at home. It is also an FTP Server, Cloud Server, Media Server, Shared folder server, etc. It runs on Broadband, is behind a firewall, and has a dynamic IP.
It simply works. Has done for years. It got fried by a power spike and took less than a day to recover from the encrypted backups on Amazon S3.
It doesn't get any problems with Google, Amazon, Hotmail etc. It gets tested once a week to ensure it is not an open relay.
And it hosts multiple mail domains easily.
Why do this? Because its my data, in my hands. If any three letter agency wants access, they have to come to me to get it, so I will know.
Just because you couldn't set it up yourself is not a reason to tell others not to try.
After searching on a judicious typo, I came across Wind River, who sell a version of their Linux Kernel with an embedded GRSecurity module.
http://www.windriver.com/announces/security_carrier_grade_profile/
Where did that name pop up from? Or was it the standard "evil company" that is used as a general go to?
Citation needed.
from 1996 - Now that was visionary:
"The Net interprets censorship as damage and routes around it".
If it is late, over budget and not fit for purpose, presumably the contract will allow the client to demand all money paid to be primary contractor (ATOS) to be repaid.
Wait - I forget that this is a government IT system and they don't do that sort of thing. They just ask the tax payer for more money.
A company I know has to keep ALL email, regardless of whether it is relevant, useful, incriminating or porn. This is done so that they can go in to court and say, truthfully, that all legal discovery is complete and comprehensive. This is a requirement for their business. It takes a lot of work (compliance, legal, operations, IT) to actually get an email deleted (like the one where bonus numbers were stored in a public store not a private one) and the culprit WILL get a disciplinary for needing this.
Yes, it would be a lot of data, but storage is cheap.
Nice to know the government that enforced this lives by the same rules.
Anonymous, because whilst I don;t work for the company, I don;t want my contact there fired.
The Register - Independent news and views for the tech sector. Part of Situation Publishing
Join our daily or weekly newsletters, subscribe to a specific section or set News alerts
Subscribe
