* Posts by -v(o.o)v-

62 posts • joined 17 Oct 2013


Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security


Re: AD != AD

Indeed, since when has Azure Active Directory been called AD? AD = Active Directory.

Very confusing and I hope it is only the clueless writer and not MS muddying the waters further.

Bug? Feature? Power users baffled as BitLocker update switch-off continues


Re: Why does anyone trust Bitlocker?

I can only think of one reason to use BitLocker over Veracrypt - and it's a big 'un.

GPT is not supported for FDE, only encrypting partitions. BitLocker makes it very easy for a user to encrypt GPT disks.

Drink this potion, Linux kernel, and tomorrow you'll wake up with a WireGuard VPN driver


Re: Why?

Those multi GB ISOs also include many packages. Like thousands it tens of thousands.

Skype Classic headed for the chopping block on September 1


Skype 8 is disgusting. Cannot even search the chat history. I now open it only when I must - when some client or partner has told me that we need to continue in Skype.

You wanna be an alpha... tester of The Register's redesign? Step this way


IPv6 support?!

They grow up so fast: Spam magnet Hotmail turned 22 today


Re: Spam, Spam, Spam, Spam...

I remember being excited when HoTMaiL (get it?), which was how it was initially stylized, IIRC, came available. It was pretty revolutionary: web interface, free.

Whippersnappers of today have no idea how it was back then and how useful Hotmail was.

Outlook.com has one extremely useful feature that the free Gmail axed: use your own domain name.

Arm emits Cortex-A76 – its first 64-bit-only CPU core (in kernel mode)


Re: CoreMark anyone, anyone ?

How do you suppose to do that when the things are not available yet?

The focus of the article was very clear: the technical architecture. And it was excellent.


Excellent article and there should be more of these

I might remember wrong, but I recall El Reg having a lot more of these really in-depth technical articles in the past that went way beyond the usual rehashing of PR material.

More of this please!!

About to install the Windows 10 April 2018 Update? You might want to wait a little bit longer


We were testing the 1803 upgrade on 6 PC out of 150.

So far 3 PC upgraded without issues, 2 not upgraded yet, and 1 has similar problem. Black screen after login, but no error messages and keys like Win-R do nothing. So we cannot try to process listed on many sites (run setup.exe from installation media).

Thanks MS... I have pushed back the phased deployment schedule for at least 1 month for the next phase, waiting for June's Patch Tuesday.

Twitter goes titsup


...to the IRC, of course.

Happy 30th birthday, IETF: The engineers who made the 'net happen


"White Americans only"???

Wow - I am offended. Even the current chair is Scandinavian. Many chairs where not white and/or American.

Cloud Security Alliance says infosec wonks would pay $1m ransoms


I won't comment on spacing on "$1m", but at least capitalize the M since it supposedly means millions not millis?

BlackBerry baffled by Dutch cops' phone encryption cracked brag


Must be an implementation problem, wasn't crypto supposedly still secure as per Mr. Snowden?

Or they got to the private keys.

Ten years in, ultra-high-def gets a standard


Re: @Pete H

Better buy that HDFury box soon then, before US content producers torpedo it.

Windows' authentication 'flaw' exposed in detail


Re: My "kerberos for Dummies" question ...

This whole krbtgt debacle is usually misunderstood. Same as the last two Reg articles about the same 2 years old+ "new" vulnerability.

This is mostly a persistence mechanism. After a DC is popped the access can be regained unless krbtgt is changed.

(Over-)Pass the hash is even older technique.


This "news" is over year old. Mimikatz did this long time ago. Not sure why this is in headlines again.

ASCII @dventure game NetHack gets first upgrade in ten years


Re: Past obsession

You ascend to a status of demi-god.

Free HTTPS certs for all – Let's Encrypt opens doors to world+dog


Re: At Last!

It is not that simple - often it is not a question of skills. Often the hosting clients demand a control panel so they can create mailboxes etc. by themselves.

Cisco's telco-grade uber-routers can make almost anyone root


Re: Root requires a LICENSE?!

There is no enforcement, the licensing is "honour based".

Also, Cisco must provide security updates for everyone.


Not really - even the 1001 can do minimum 2.5 Gbps to max 5 Gbps and the 1001-X up to 20 Gbps. The largest model does 400+.

Ice cold: How hard man of storage made Everest climb look easy


Great article Chris, one of your best. But maybe one day you will learn to turn off the wavy lines of spell checker from the diagrams...

Google cloud outage caused by failure that saw admins run it manually ... and fail



Route leaks have nothing to do with Sony


Get deploying that RPKI.

Superfish 2.0 worsens: Dell's dodgy security certificate is an unkillable zombie


HPKP would detect and block this MITM as long as the MITM does not strip the header. And again DANE would have completely mitigated this.

Windows 10: Major update on the Threshold as build 10586 hits Insiders


Re: zzzzzzzzzzzzzzzz

"Systemd on desktop" - but that's just one of its big problems. It is developed almost solely to desktops. While most of us run servers that gain nothing useful from it.

Last week's cookie-vuln won't be the last, security bod says


HSTS means HTTP Strict Transport Security - not "HTTP Secure Transport Security" as mentioned in the article.

India to cripple its tech sector with proposed encryption crackdown


RIM/Blackberry bent over for India's previous job. Why would they not again?

IETF doc proposes fix to stop descent into data centre 'address hell'


FDB means forwarding database

Wait, what? TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin


As per NSA: go around the crypto, my guess is they either found the password hardcopy or they found the "rescue" disk.

Congratulations! You survived the leap secondocalypse


Re: All is not well, though

Everyone knows what Poettering is like. But it is a new low. Does Debian's systemd still use Google DNS even though several people complain about it?

Cisco in single SSH key security stuff-up


Re: Suggestion

One obvious benefit (coming from ISP/IXP world here) for Cisco is that it is easy to hire people who can manage it. And when the tech team grows that is very important.

Secure web? That'll cost you, thanks to Mozilla's HTTPS plan


Re: Bring up DANE


DANE is indeed the solution but it is not getting client support. Chrome had it in a test build once. Wonder why - vested commercial interests?

What the BLEEP? BitTorrent's secure messaging app arrives


Just what the world needs: another closed source chat app with closed spec and not interoperable. No thanks, I won't be installing yet another chat app.

HGST says its NVMe flash card will manage 750,000 IOPS


Re: Very cool

Not really. SLOG is very small in size and is better served with RAM based products not NAND flash. L2ARC requires some system RAM for structures and to effectively use such large L2ARC would need tons of it. Not a cost-effective product for ZFS caching IMO.

Troubleshooting feature on Cisco routers is open to data-slurp abuse


Most ridiculous "research" in field of IT security in a while, if Reg's summary is correct. Like above posters had said, what about tcpdump in *nix, pcap in all systems etc.

It is really laughable and puts the whole "cconference" where it was presented in bad light.


Re: Cable pr0n?

Cisco 7609-S with top bezel removed, dual RSP-720.

Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe


Re: Thawte et al, hand-rubbing

I've said it before and I'll say it again:

We *must* have push for client support for DANE, TLSA records in DNSSEC. That will solve a whole heap of problems including deprecating the sloppy CA system.

Hawk like an Egyptian: Google is HOPPING MAD over fake SSL certs


HTTP public key pinning (HPKP) could help, unless the "DPI box" would strip the header.

Insert 'Skeleton Key', unlock Microsoft Active Directory. Simples – hackers


Re: domain controller is restarted

You can argue on semantics (and downvote) but each of the FSMO roles can run on only one DC per forest/domain (some are per forest some per domain) as you clearly know.

My reply was about the "only one DC" which clearly was not true in the case of Ops Masters. Of course they should be transferred out before boot but the OP did not mention it.


Re: domain controller is restarted

"There are no functions that either one can't do on its own or you can live without for the time for a reboot."

Untrue. FSMO roles run on only one DC. In large enough domain/forest they become important enough that they cannot be restarted just like that.

Demon Internet goes TITSUP: Outage borks ancient ISP


Localisation of issues

"According to Demon, engineers have localised the issue"

Me? I always localise issues to Burmese. 'Cause I'm cool like that. Sometimes I even locate issues if I feel like fixing stuff.

That 8TB Seagate MONSTER? It's HERE... (You'll have to squint, 'cos there are no specs)


Re: Now you can lose 8TB of data in one shot instead of just 4!

But these cheap SSDs will only last a while when written to heavily so they are suitable only for home use.

Look, no client! Not quite: the long road to a webbified Vim


With today's complex dynamic websites I do not see a browser becoming a Web server (with PHP, rails or even more complex languages) and a database server so that you could just point it to a directory.

But one can dream, yes.

Time to ditch HTTP – govt malware injection kit thrust into spotlight


DANE is the solution

In my opinion DANE/TLSA records in DNSSEC signed zones would be the answer.

Self-sign the cert but put cert thumbprint in DNS - browser verifies the cert from HTTPS matches what is in TLSA. Would also work against dodgy CAs and loading own CA-certs as is done by enterprises using SSL decryption systems.

Uptake of this has been glacially slow. I do wonder why......

The internet just BROKE under its own weight – we explain how


Luckily there are systems out there doing NAT66 for those that need it even though it is not "pretty".

Canadian ISP Shaw falls over with 'routing' sickness




Several routers have FIB capacity of 512k routes as either hard limit or configurable limit where memory from other types (IPv6, VPNv4/6) can be reduced and given to IPv4. TCAM is expensive so lower end routers like 3B/3C non-XL models of Cisco 7600 PFC are at capacity.

Indie ISP to Netflix: Give it a rest about 'net neutrality' – and get your checkbook out


Re: wireless

Last mile in the US is a disgrace, according to many well-known Americans in the industry. See any of the numerous threads on N---G mailing list for example.


Re: That's rather interesting

Ok, I'll try. I work at a very small ISP around the world but try to follow what is happening in the West.

Big problems with the U.S. Netflix situation are geographical and "telco-political" (yeah I made that up, deal with it). Very large country, largely sparsely populated where these micro/nano-ISPs (often wireless/WISP) provide only viable service that could described as "approaching broadband". Other option would be the incumbent and bad DSL over bad copper, often at ridiculous prices. To someone not from US it may seem unbelievable that even in middle of urban area, say Silicon Valley, there might be only one provider who can service you with residential fibre or high-speed cable.

The other issue is importance of private peering over Internet Exchanges. In Europe large amount of interconnection between providers is done at IXPs. At US there are very few IXPs and providers have their own private peering arrangements. Add to this the geographical/competetive situation and politics of peering by the big (at least a local monopoly really) players and what is left is the 1000 mile dark fibre from the rural WISP to Netflix.

FRIKKIN' LASERS could REPLACE fibre-optic comms cables


Re: Actually light doesn't "bounce off" the edges of a fibre optic cable....

Multi-mode fibre does "bounce" the light around whereas single mode fibre acts as you had described. MMF is still widely used in data centres (with SR optics) though many people has realized that for green-field it makes sense to go all-SMF (LR equivalent optics on-premises and shorter distances outside; ER, ZR etc. for long-haul).

Apple gets patent for WRIST-PUTER: iTime for a smartwatch


Re: I don't get the moaning

You seem to have mistaken that a US patent is a simple thing to do. It is not.


Biting the hand that feeds IT © 1998–2019