* Posts by patrickstar

524 posts • joined 2 Nov 2015

Page:

FTP becoming Forgotten Transfer Protocol as Debian turns it off

patrickstar
Bronze badge

Re: Actually..

The problem with running the FTP control channel over SSL/TLS (or encrypting it in general) is that it breaks NAT protocol handling. Which is fine as long as the relevant data transfer ports on the FTP server are accessible and the client configured properly regarding active vs. passive mode, but still.

0
0

Oracle throws weight behind draft US law to curtail web sexploitation

patrickstar
Bronze badge

Ignoring the particulars of the case for a moment: Do you really, honestly, believe that going after Backpage and similar sites in any way would help rescue trafficked children?

Or is it just that it makes you feel all warm and fuzzy inside knowing that someone is "doing something" about something bad?

Even when that "something" would potentially have very far-reaching negative effects?

Have you even read any of the very well written and argued articles in opposition to this...?

Are the EFF, Cato Institute, et al. simply wrong when they claim this legislation would potentially be disastrous? Can you suggest a group that would be more qualified to determine that than the EFF?

"Advocates for Backpage point out that by carefully scrutinizing each posting in the Adult section before it is posted, removing questionable posts and reporting potential cases of the trafficking of minors to the authorities and NGOs such as NCMEC, Backpage is aiding in the fight against this activity. In addition, they argue that by providing prompt and detailed information about postings to law enforcement when asked to do so (including phone numbers, credit card numbers and IP addresses), Backpage aids law enforcement in protecting minors from such activity. "

What more do you want them, or other sites, to do exactly?

0
0
patrickstar
Bronze badge

Re: further proof

Serious question: Have you bothered to try forming a balanced opinion, by say, reading something else than one-sided propaganda from people on a personal crusade against Backpage in particular and Internet services in general?

Some quotes to shine a _slightly_ different light on this:

'In total the complaint mentions nine ads, for which Backpage received $79.60. It does not allege that Ferrer, Lacey, or Larkin knew the ad-posters were discreetly offering sex for cash, knew the ad posters personally at all, had ever seen the ads in question, or had any direct knowledge of these ads.'

'Ferrer and his co-defendants, Michael Lacey and James Larkin, were booked for pimping, pimping a minor, attempted pimping of a minor, and conspiracy, based on the state's contention that they know some of the tens of millions of user-generated posts on Backpage.com are veiled ads for prostitution, sometimes involving teenagers.

As evidence of this, the state pointed out that Backpage blocks ads explicitly offering prostitution, states clearly that ads in the "adult" section can only be posted by adults, and promptly removes posts that are reported to advertise sex or underage women. In the topsy-turvy logic of the criminal complaint, the fact that Backpage policies are designed to prevent commercial-sex advertising and the prostitution of minors shows that execs actually condone these things, because said policies encourage posters of illicit sex ads to conceal their true intentions.'

'The former Backpage owners suggested that California's AG knows she won't prevail here but doesn't care because conviction isn't the point. Their arrest in early October generated massive publicity for Harris just before the election, almost universally portraying her actions in a positive light.'

0
1
patrickstar
Bronze badge

I can recommend actually reading up on what the anti-SESTA crowd has to say about this.

Start with http://www.thedailybeast.com/the-bogus-war-on-internet-sex-work and then the Reason articles about the attempts, led by a single AG on a witch-hunt, to prosecute Backpage, starting with http://reason.com/blog/2017/08/31/california-drops-kamala-harris-pimping

TL;DR Sex trafficking can already be prosecuted, including going after sites involved in it, Backpage aren't the bad guys, and this legislation would be very harmful without offering any benefit whatsoever.

For someone who remembers the fight against the anti-indecency provisions in the original CDA, it's really sad to see that so many commentards here seem totally oblivious to the potential consequences of introducing liability for intermediaries.

N.B. I hate Google and Facebook with a passion - certainly more than I hate Oracle - but some supporters/opponents of this being crooks is not an argument in itself.

1
1

AMD Ryzen beats Intel Core i7 as a heater (that's also a server)

patrickstar
Bronze badge

Here it's pretty common to sell the heat produced by a DC to the municipal heating network.

No idea what the ROI looks like, since installation usually involves actually digging for pipes to the heat exchanger, but it's a neat concept.

3
0

Developer swings DMCA sueball at foul-mouthed streamer PewDiePie

patrickstar
Bronze badge

The whole point of freedom of speech is that you are allowed to say things even if someone finds them offensive. This includes writing political satire even if someone doesn't find it funny, as well. It doesn't matter if what you have to say somehow risks increasing some more or less fuzzy thing that's generally considered bad. Or that some of your readers do stupid things afterwards, as long as you are not very directly inciting specific criminal acts.

Freedom of speech even includes allowing people to do what you are doing here - advocating for it being abolished. Even though this has proven to be far more dangerous than writing mean things about dead people and their families.

That Google, Facebook et al. are all doing something should be a huge warning flag, not something to be applauded.

1
1

This post has been deleted by a moderator

patrickstar
Bronze badge

You not appreciating the humor of Pewdiepie does, of course, not in any way affect the validity of DMCA claims against his videos. If you don't like it, I can suggest not watching his videos.

Kinda like how you not appreciating the humor of Daily Stormer does not in any way affect the legality of the site in question. Wait... you are aware it's satire, right? Right?

In any case, if you don't like the humor of that site (which is far, far "worse" than anything Pewdiepie has published) I can suggest not visiting it as well.

(DMCA claims against someone streaming gameplay as part of review or commentary would be utterly bollocks, by the way. The basic issue has been settled pretty darn well in court long ago - before the DMCA or even before the Internet. Most recently we saw this with "reaction" videos which have far less added work than this.)

2
5

Petition calls for Adobe Flash to survive as open source zombie

patrickstar
Bronze badge

Re: Much of the Flash ...

Vector graphics tend to look crappy if encoded as normal video (those sharp edges aren't really appreciated by most video codecs).

And Flash is a lot, lot more than just a vector animation toolkit.

0
0

Scotiabank internet whizzkids screw up their HTTPS security certs

patrickstar
Bronze badge

Re: I would point the finger at the web hosting company first.

Possibly the guy who complained is using HTTPS Everywhere or similar, so it defaults to try HTTPS first for everything.

1
0

Google bins white supremacist site after it tries to host-hop away from GoDaddy

patrickstar
Bronze badge

Public service announcement:

This is not about whether Google should have the absolute right to refuse to do business with someone.

This is about whether Google should have the right to arbitrarily steal customers' domains because they don't like the contents.

Google has put dailystormer.com in "client hold" status. Which means that it's not in DNS and can't be moved away from Google to another registrar.

And it's still, almost a month later, in that status.

This is clearly not OK or acceptable business practices in any way regardless of someone's personal opinion about the (fully legal, by the way) contents of Daily Stormer.

In other words, they are not only refusing to do business with Daily Stormer, but also actively preventing them from doing business with anyone else. They have absolutely no right, under law or any of the relevant agreements including their own ToS, to do this.

The only reason Google can do this is becaues they are big and well-financed enough that they don't have to give a flying f*ck about any legal consequences. Sounds perfectly reasonable to you...?

0
0
patrickstar
Bronze badge

Re: So, about this free speech thing?

They are of course free to refuse to do business with anyone.

They are however certainly not free to prevent that person from doing business with anyone else. Which is what they are doing in this case.

0
0
patrickstar
Bronze badge

Re: Is this a free speech issue?

Yes - that Google is currently holding the domain name hostage, preventing it from being transferred to another registrar.

0
0
patrickstar
Bronze badge

Have you visited the site in question? Where's the incitement to violence, and if it was there, why hasn't anyone been prosecuted for it during the many years it has been online?

You also happened to miss the big text to the right clearly stating they are opposed to violence and that anyone calling for it will be banned?

0
0
patrickstar
Bronze badge

Re: Not hosting is not "banning"

At the moment Google is basically holding the domain hostage, so yes, they are effectively banning it. There seems to be very little in either Google's ToS or the ICANN rules that would allow them to act in this manner.

And at no point has Google (or GoDaddy for that matter) been the 'host' of the domain. This is only about the domain registration.

To take it in offline terms, imagine this being about a phone book listing. Google has first accepted submitting them to get listed in the phone book. Then they turned around and changed their listing to a non-working number and so far they aren't letting anyone else change it back.

2
0
patrickstar
Bronze badge

I actually can't figure out why the registration used the privacy service in the first place. The previous registration (at GoDaddy) wasn't private, and the owner of the site (Andrew Anglin) has never been shy about his name, postal address (PO box) or even photos.

0
0
patrickstar
Bronze badge

Re: Oh well...

This is about domain registration, not hosting.

2
0

Secure microkernel in a KVM switch offers spy-grade app virtualization

patrickstar
Bronze badge

Re: What I don't understand is why that needs an OS kernel?

Apparently the MegaCD had a grand total of 128KB firmware ROM. Not sure how much of it was actually used.

1
0
patrickstar
Bronze badge

Re: What I don't understand is why that needs an OS kernel?

The MegaCD was an add-on. I'm not too familiar with its internals but I assume it had atleast some firmware to control the CD drive and loading enough data from the CD to boot.

The Megadrive/Genesis console itself certainly didn't have an OS, and the only firmware was for the copy protection (see Trademark Security System and the resulting legal case).

The actual game code simply accessed all hardware directly. Including programming the audio/video controllers which did the sort of work (sprite management, transparency, layering, etc) that the original question was about. I suppose the official SDK had some library routines for common tasks, but it's certainly nothing like an OS.

You can find commented disassemblies of some of the Sonic games for Megadrive/Genesis here: http://info.sonicretro.org/Disassemblies

Note the total absence of any sort of OS services being invoked. Note also that even very low-level stuff that would presumably be common across all games, like trap handlers, is handled by the game code itself.

There simply wasn't any need for an OS or even hardware abstraction, since the hardware was identical from the programmers viewpoint, and reasonably easy to work with (unlike modern GPUs for example).

I'm not intimately familiar with the Playstation but I would be very surprised if it too didn't have things like transparency support in hardware even though it has more of an "OS" (which IIRC is basically just a bootloader and system services).

1
0
patrickstar
Bronze badge

Re: What I don't understand is why that needs an OS kernel?

These consoles typically didn't have an OS, firmware or microcode... at most just a small bootloader to check that the game cartridge was properly licensed.

And you have to remember that CPUs were very much slower back then, so the tradeoff for when things were worth doing in hardware was very different.

All of them had at least sprites implemented in hardware. And that implies having transparency and frequently also some sort of layer management (even if it's just a defined order the hardware sprites are drawn in).

1
0

'Independent' gov law reviewer wants users preemptively identified before they're 'allowed' to use encryption

patrickstar
Bronze badge

Re: What about private ciphers?

Yes - that's pretty much the whole point of one time pads.

But then you need a key the same length as the message.

1
0
patrickstar
Bronze badge

Re: What about private ciphers?

Sir. We have probable cause to believe that the contents of that are instructions for carrying out a terrorist attack.

Please provide the means to decrypt it or we will keep you locked up for 5 years.

After which we'll repeat the demand and lock you up for 5 more if you still insist it was just randomly generated gobbledygook.

Best regards,

Your friendly neighborhood anti-terror police

13
0

Malware writer offers free trojan to hackers ... with one small drawback

patrickstar
Bronze badge

Re: bleugh

There has been a number of conceptually similar things for Linux, actually.

The most successful one was probably a trojaned SSH exploit that was also a file infector (Virus for Linux! Unpossible!111oneone) and remote backdoor.

0
1

US government: We can jail you indefinitely for not decrypting your data

patrickstar
Bronze badge

Every techie I know has atleast one crypto disk with the password forgotten, typically old backups and such. And typically kept around in case they remember it in the future. That could end badly it seems...

'

19
0

Japanese sat tech sinks Sea Shepherd anti-whaling activists' hopes

patrickstar
Bronze badge

Re: a matter of pride?

A single study about a single vaccine does not prove your point for vaccines in general in any way.

Regarding forced vaccinations - this should probably be solved at a contractual level. If you want your kids to go to school, having them vaccinated would be part of the contractual obligations to enroll them.

0
0
patrickstar
Bronze badge

Re: a matter of pride?

Vaccines are often not 100% effective, so yes, your vaccinated kid can end up infected by the unvaccinated neighbor. Plus many vaccines aren't effective for all eternity but need to be renewed, which may or may not take place, etc.

That's why you have the whole concept of herd immunity - once the vaccination level in a population reaches a certain threshold, it doesn't matter that the protection isn't 100% protected because a disease won't be able to spread through it.

21
0

Google routing blunder sent Japan's Internet dark on Friday

patrickstar
Bronze badge

Re: Attack vector?

You need to compromise (or otherwise control) networks that peer with, buy transit from, or sell transit to, your targets. Or do so with networks that in turn do it with your targets, etc.

And your desired announcements need to be accepted by whatever filters (prefix, AS path and/or max prefix limit) that may or may not be in place along the way.

Generally, if you just buy a transit connection you will only be able to announce specifc pre-arranged prefixes (you'd typically have them accept your prefixes and those of your customers - often this will need to be authenticated with corresponding RIPE database entries and such). The network you're buying transit from might then very well have to go through the same process with THEIR upstreams.

For filtering not to apply to you, you need to be a BIG network (so that it's too hard to maintain filter lists) and/or have stupid/lazy upstream providers.

With peers (like via an internet exchange point or private peering hooked up in some DC cross-connect/meet-me room) however, filtering is often not as strict. Far too often it will only consist of a hard limit for the maximum amount of prefixes, to protect against accidental misconfiguration (like announcing a full table, i.e. the entire Internet, to your peer).

Then after it's in place, the questions are how far your announcements will spread and if they will be preferred over the originals. The latter you can typically affect as a malicious actor by announcing more specific prefixes (for example, if your target announces a /22, you can announce four /24's) since the most specific route is preferred.

Localized routing disasters (like several networks peering with some fat-fingered guy at one or several IXes) are pretty common, but for global scale you need at least one of the big players to pick up the bogus announcements, and this is actually pretty rare. Maybe a few major incidents per year globally?

0
0
patrickstar
Bronze badge

Re: Can "border gateway protocol (BGP) advertisements" be spoofed?

BGP announcements are not signed or authenticated in any way in most cases.

And this is the very protocol that allows the Internet to route around damage. To be able to do that, you need dynamic routing. It could certainly be argued that a protocol with specified primary and secondary routes would be harder to screw up (a lot of telco stuff works like that), but then you wouldn't have an Internet as we know it.

0
0
patrickstar
Bronze badge

The source is having actually worked with several major European networks. The consensus has always been that private peering carries the majority of traffic exchange - certainly for the larger players.

I'm sure you can find someone to confirm this if you ask around - the fact itself isn't exactly a secret.

Yes - DE-CIX, AMSIX and LINX carry a lot of traffic. Private peers carry a lot more than that.

Fun game: Select a major network that hasn't anonymized its port statistics at the major IXes. Sum up all traffic on them. Note that it's far, far less (order of magnitude in some cases) than what you'd expect a network of that size to exchange with the others.

(Note that I haven't really been involved in the ISP business for several years, so theoretically there's a possibility that this has changed since then. But I seriously doubt it.)

2
0
patrickstar
Bronze badge

Most traffic in Europé is over private peering, not public exchanges. There simply isn't enough capacity on the public ones.

And some exchanges (like NetNod) are far too expensive to justify hooking up unless you have very special requirements.

Plus larger networks tend to have very restrictive peering policies, as usual.

And really - as a smaller actor today, peering rarely makes sense financially since transit is so cheap and peering comes with a significant chunk of added complexity.

For most of them, it's basically only relevant if you happen to be in the right place and your NOC has spare time to kill. A lot of those that still do it are mostly doing so out of habit. A few of the others have specific requirements (latency and such) to justify it.

As to automatic route filtering via the RIPE DB - it's certainly done by some, but not many. Definitely not a universal practice.

3
1

Cloudflare: We dumped Daily Stormer not because they're Nazis but because they said we love Nazis

patrickstar
Bronze badge

So, noone else is bothered by the fact that it seems CloudFlare's CEO flat out lied about his reason for pulling the plug on Daily Stormer? Or has this mysterious post where Anglin and weev claim he is a closet Nazi somehow surfaced?

0
0
patrickstar
Bronze badge

So, anyone has a screenshot of where the Daily Stormer staff claims that Cloudflare are a bunch of nazi-supporters? No?

If such a post actually existed, wouldn't you have expected the Cloudflare CEO to save it for posterity before having his staff pull the plug on the site?

For some well-balanced criticism of Cloudflare's decision to suddenly start playing politics, you can start with Ryan Lackey and Peter Van Buren:

https://twitter.com/octal

https://twitter.com/WeMeantWell

Neither of which is someone you can accuse of being Neo-Nazi White Supremacists, by the way.

0
4

I fought Ohm's Law and the law won: Drone crash takes out power to Silicon Valley homes

patrickstar
Bronze badge

Re: Conspiracy Theory

Any half-assed alarm system will have battery backup. Though there is no guarantee that the batteries in a given system are fresh, it's hard to find that out without inside help. And kinda stupid to risk the penalties of bringing down power to the entire neighborhood just to find out.

0
0

DreamHost smashed in DDoS attack: Who's to blame? Take a guess...

patrickstar
Bronze badge

I can recommend reading what the founder/owner of Daily Stormer has to write about this: https://andrewanglinblog.wordpress.com/2017/08/25/on-the-current-status-of-the-daily-stormer-and-the-weird-events-surrounding-it/

0
0

Uncle Sam outlines evidence against British security whiz Hutchins

patrickstar
Bronze badge

From the actual document (hey, am I the only one who actually read it?):

"To date, the defendant has provided the defense with the following:

- 1 CD with post arrest statements

- CD with 2 audio recordings from the county jail in Nevada. (The government is awaiting a written transcript from the FBI.)"

Is that a typo or was it really the defendant that requested these be included in the evidence?

In which case I'd assume that they consist of him trying to tell them they got the wrong guy... Like, for example, explaining why his code ended up in the trojan in question.

Even if not and it's actually a typo (quite a critical one in the wrong context!) interrogations generally end up in the case evidence/discovery regardless of whether they are incriminating or not (or even if they consist of responding "No comment" to everything, in countries where you don't have the right to refuse questioning outright).

Or maybe they think they can prove his answers wrong at a latter time, etc.

0
0

Sysadmins told to update their software or risk killing the internet

patrickstar
Bronze badge

Re: Simple Fix

I'd rather eat my own appendages than run BIND anywhere for any reason.

And what problem does DNSSEC solve exactly?

The endemic DNS spoofing problems of old are basically worked around since many years. And I'm assuming admins generally don't want to fiddle around physically at HSMs when making DNS changes, so the keys for most zones are likely to be accessible if you compromise the relevant servers/admin workstations.

I consider DNS to essentially be part of untrusted transport. We have fixed the whole issue of untrusted transport by applying cryptographic protocols on top of it.

Really, I don't want a frigging PKI in my DNS.

PS. I certainly don't need to change any keys in any resolver I admin. Though I will have a second look next week to make sure DNSSEC is actually disabled in the few that do support it.

0
0

What weighs 800kg and runs Windows XP? How to buy an ATM for fun and profit

patrickstar
Bronze badge

Re: So Mr Darmore, girls are not fit for IT?

Probably troll, but I'll bite...

For your information, as well as anyone else reading this, he has at no point claimed anything even remotely similar to that.

If you think I'm wrong (presumably because you read it in some "trustworthy" publication), please feel free to point out exactly where in the memo he claims that - it's online at https://firedfortruth.com/

5
2

PayPal, accused of facilitating neo-Nazi rally, promises to deny hate groups service

patrickstar
Bronze badge

Re: In the long run

And throw piss and shit.

And throw acid, blinding one...

1
0
patrickstar
Bronze badge

Re: In the long run

What if they start openly advocating and using violence? Oh wait, both groups have done that already. But apparently it's the GOOD kind of violence according to some people...

6
5

New MH370 analysis again suggests plane came down outside search area

patrickstar
Bronze badge

One of the AF447 recorders (don't recall whether it was the FDR or CVR) was mildly beaten up and some of the chips needed reworking before being read out. Otherwise it was all fine.

1
0

If Anonymous 'pwnd' the Daily Stormer, they did a spectacularly awful job

patrickstar
Bronze badge

Re: As for free speech

No - they are just being mean to people. Really mean in certain cases, but it still falls under freedom of speech under US law *.

Note also that there is no need for the use of past tense - the site is up, including the article that started this little spectacle with their previous domain registrar.

DS has been around for something like 5 years. This is far from the worst controversy they've been in.

* Or not according to the recent lawsuit about DS inciting harassment against the woman who tried to blackmail Richard Spencers mom, but it seems to be on pretty darn shaky ground legally.

0
0
patrickstar
Bronze badge

Surely any Reg reader is able to figure out who the registrar of a domain name is without relying on second hand information?

Hint: Learn to use WHOIS.

4
0
patrickstar
Bronze badge

Not relevant, of course, since the same WHOIS lookup that told you GoDaddy was the domain registrar would've also told you who hosts their DNS, and that's not GoDaddy. The host of the DNS also happens to align perfectly with the IP addresses it belongs to.

If GoDaddy hosted the DNS, then the next step would - of course - be looking up the IP address to find the actual web host regardless.

Plus GoDaddy's domain registration business is significantly larger than their webhosting business, atleast in terms of number of domains. I would have slightly more understanding for such a mistake if it was about a company that's mostly known for doing web hosting and primarily register domains for their web hosting customers, but that's clearly not the case here. (And it would still be very sloppy.)

Not that I mind GoDaddy getting a bit of flak, since I personally have nothing but bad experience with them...

1
0
patrickstar
Bronze badge

For your information, GoDaddy was the domain registrar, not the host.

Quite a big difference.

Skipping the discussion of whether domain registrars should give a flying f*ck about what the domains they sell are used for, and whether content like the Daily Stormer should be allowed anywhere, I can note that the domain has already been transferred from GoDaddy (to Google! Probably not a coincidence...). Thus this is totally irrelevant. It might even have been totally irrelevant by the time the article was written. ('Updated' timestamp on the domain is 14:51 UTC and article is 14:23, presumably UTC, but it was pending transfer before that)

Really - El Reg, shouldn't you (plural) be able to tell the difference between a domain registrar and a web host? It's pretty basic stuff when reporting on web sites...

12
0

WannaCry-slayer Marcus Hutchins 'built Kronos banking trojan' – FBI

patrickstar
Bronze badge

The problem in this case (and the other similar cases that have been prosecuted) is that it was sold specifically for looting bank accounts. You could presumably build software with most if not all functionality identical without any crime being committed if done differently.

3
0

Chrome web dev plugin with 1m+ users hijacked, crams ads into browsers

patrickstar
Bronze badge

Re: Signing Sigh

I don't know how it works for Chrome Extensions, but atleast for the Apple App Store (and I think for Google Play as well, but I'm senile) you can generate a new key and have it signed with just the normal account login.

Some of these things are even worse - they generate the keys server-side and send you the private key!

Great security in either case...

0
0
patrickstar
Bronze badge

Re: track down the perps!

Most ad fraud certainly doesn't. Typically they spawn a browser on a separate desktop or such to do their dirty deeds.

I don't know much about the Chrome extension architecture, but I suspect the reason they are visible in this case was that as an extension it doesn't have the tools needed to properly simulate user behavior. Ad slingers use a lot of JS/tracking/other stuff to try to weed out fakers.

0
0

Google launches root certificate authority

patrickstar
Bronze badge

Re: google authentication

No, unless you have some magic ability to get your root cert into the major browsers without spending a lot of money. Which you probably don't.

However, there are CAs that issue certs for free. Lets Encrypt ( http://www.letsencrypt.org ) being the standard one.

0
0

AI quickly cooks malware that AV software can't spot

patrickstar
Bronze badge

Re: "I felt like a punk ..."

Uhm, it's Gibson alright... but it's from Burning Chrome.

(I initially thought it was from Count Zero due to the characters and story, but it's not written in first-person perspective).

2
0
patrickstar
Bronze badge

Re: Details?

I assume it should say 'random changes that maintain the same functionality'.

And you can actually have entire programs 'written' by an evolutionary algorithm. Add random code, run it, see if it does something closer to what you want the end result be, try again if it doesn't.

It just takes a lot of time. I recall that this is how "Hello World" in Malbolge was written.

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017