* Posts by doke

44 posts • joined 10 Mar 2016

Euro consumer groups: We think Android tracking is illegal

doke

Re: The user has no freedom but to consent

The problem with hosts files is they don't allow wildcards. So when they point to you a dynamically made up server name, ie a43c56.adhack.com, it won't match. There are two better ways to do it. You can do wildcard matching in a proxy.pac file. You can create your own internal dns server, and create fake zone files that point *.doubleclick.net to 0.0.0.0. I like the second one because it automatically applies to all of my devices, tablets, phones, etc on the local network.

0
0
doke

Why does wifi scanning (for apps like wifi analyzer) need location turned on in android 6 and above? It wasn't needed in 5. It doesn't add any functionality for me. I just want to verify the wifi coverage for my users in their conference rooms.

0
0

In Windows 10 Update land, nobody can hear you scream

doke

Re: Windows 7 "outdated"?

"put your Win7 OS into a VM"

This has many other advantages. You can snapshot the VM before an upgrade, and roll back bad ones. You can filter the network connections. You can filter which usb devices are allowed to communicate with the VM. The virtual hardware is standardized, so you never need to worry about weird, broken drivers. You can clone the VM for a special purpose, or for two pieces of software that don't cooperate on DLLs or drivers.

The downside is VMs use a lot of memory.

13
0

'Oh sh..' – the moment an infosec bod realized he was tracking a cop car's movements by its leaky cellular gateway

doke

Re: Home Address?

I've been told many apartment complexes around here offer discounted rent to police officers who frequently bring home a marked car. The complex wants the crime deterrent.

11
0

You have GNU sense of humor! Glibc abortion 'joke' diff tiff leaves Richard Stallman miffed

doke

Re: There's no quality issue. It's a movement you benefit from.

FreeBSD recently adopted an appallingly bad code of conduct. The problems aren't as much with what it says, as what it doesn't. It has no transparency. There is no requirement that charges be publicly announced (in an anonymized fashion). There is no provision for defense. There is no requirement for the defendant to be informed that a charge is pending against them, so they are unable to plan our mount a defense. After the fact, appeals are allowed only to a tiny subset of penalties. Appeals are handled by the same committee. There is no way to appeal to a higher, or different, authority.

7
0

'Well intentioned lawmakers could stifle IoT innovation', warns bug bounty pioneer

doke

Re: "Well intentioned lawmakers could stifle IoT innovation"

"People Of Little Integrity, Tiny Intelligence, Colossal Incompetence, Achieving Nothing."

Milton wins!

3
0

Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...

doke

SCADA systems should never be connected to the internet. The vast majority of them have someone in a control booth 24x7. The boss can just call and ask "Is everything workiing?" If they insist on a status display, that should be done in a one-way export-only fashion, where the protected systems send status updates to an external web server. There's seldom that much status data to update, you could even do it with an RS-232 serial line, with the RX wire clipped.

5
0

Ubuntu 17.10 pulled: Linux OS knackers laptop BIOSes, Intel kernel driver fingered

doke

Re: Jumpers

Unfortunately, the write protect switch on an SD card doesn't connect to the circuitry inside it. It's just something the card slot detects. So the slot has the option to override it.

5
0

Docs ran a simulation of what would happen if really nasty malware hit a city's hospitals. RIP :(

doke

Re: WannaCry and NHS

"if any deaths occurred directly as a result of WannaCry"

If WannaCry caused any deaths in NHS, then how many lives did Marcus Hutchins save?

3
0

Behold, says robo-mall-cop maker: Our crime-busting dune buggy packed with spy gear

doke

Re: Limited growth company.

Also consider possible future expansions. They could get a daily upload of facial recognition data for known shoplifters from other locations. The human guards will recognize people they personally threw out before, but not ones from other malls or airports. They could also identify people by cell phone bluetooth beacons, wifi client addresses, car license plates, etc. All of that data would be very attractive to a mall. They could sell it to directed advertizers.

1
0
doke

Knight Rider reference

They should have named them the "Knight Industries Roving Robot" (KARR) and "Knight Industries Two Thousand" (KITT), in honor of the 80s tv show Knight Rider. They also need a scanning red led on the front.

0
0

Chirpy, chirpy, cheap, cheap: Printable IoT radios for 10 cents each

doke

Backscatter data retrieval has been around since the 1940s. In 1945 Theramin made a passive, unpowered bug that operated for about 7 years. These guys seem to have increased the bandwidth, but not the range.

https://en.wikipedia.org/wiki/The_Thing_%28listening_device%29

3
0

AI vans are real – but they'll make us suck at driving, warn boffins

doke

I really want an autonomous car.

There are many reasons I would want an autonomous car.

- It could drop me off at the store door, then go find parking. When I'm done, I would call it to come pick me up. I wouldn't have to carry my packages half a mile to my parking space.

- I could relax and watch video or something on long trips.

- It could drive me home after an evening out.

- I could send it off to get gas, or be serviced.

2
2
doke

Re: The future:

"people will discard food/drinks/garbage in the floorboard of an autocab"

They'll receive a bill for the cleaning, with attached video of them leaving a mess in the car. Probably multiple videos from different angles.

4
0

Banking websites are 'littered with trackers' ogling your credit risk

doke

Re: Are there any legitimate uses for client side scripts on a banking website?

One common use is "responsive web design" where the js modifies the page to fit various size screens under certain rules. Many designers think it's better to make one page full of "if"s and rules than to maintain separate desktop and mobile sites. I see points for both sides, I think it depends on the site.

4
0

EU security think tank ENISA looks for IoT security, can't find any

doke

Re: Oh no

IoT fad lack of security is life threatening?

It can be. Pacemaker hack can deliver deadly 830-volt jolt

3
0
doke

Re: please...

Rule 2) The device shall not become operational until the user has set up their own credentials.

This might be a bit much to expect from Grandma. It might be more user-friendly for every unit to have different default credentials, derived from the serial number, and printed on a card that comes with the device. If they lose the card, they can go to the company web site, enter the serial number, and get the default password. That also means the device can be used out of the box, without any setup that requires a computer they might not have.

0
0

Red alert! Intel patches remote execution hole that's been hidden in chips since 2010

doke

Intel's normal reaction is denial

These are the same people who said the the F00F bug would only affect scientific computation users.

14
0

Microsoft cracks open patch mega-bundles for biz admins, will separate security, stability fixes

doke

pendulum

The pendulum is starting to swing back. I feel like I'm in a pit...

0
0

FTP becoming Forgotten Transfer Protocol as Debian turns it off

doke

routers and embedded devices

These days I mostly use ftp to get firmware images and data on and off of routers, switches, and embedded devices. The simple protocol, and low cpu / memory requirements make it a good fit in bootloaders and rescue images. Virtually all of those transfers are to or from an anonymous ftp server on the same protected management lan.

ftp is sometimes problematic on the internet, because the firewall has to inspect the protocol and open the ports for the data channel. Passive mode will get around your firewall, but not the other end's firewall. Active mode is the other way around. In linux, as a client, you have to load a kernel module, nf_conntrack_ftp, to get iptables to do the inspection to make active mode work.

2
0

Skype-on-Linux graduates from Alpha to Beta status

doke

Re: What is the benefit putting a cloud in the middle?

Peer to Peer has trouble with firewalls, especially NATing ones. If both ends have a firewall that prohibits unsolicited inbound connections, then PtP can't establish a connection. The work around in some small routers is UPNP, which allows an application to register with the firewall for an inbound pass. However, that is generally considered very insecure, and most corporate firewalls turn it off.

0
0

We found a hidden backdoor in Chinese Internet of Things devices – researchers

doke

Re: 192.168.2.1

name me any business of over a very small size that's going to use the 192.168 range for it's LAN

That's the point, almost no corporate lans use 192.168.2.0/24, so it's wide open for another infected machine to assume that as a secondary IP.

We have to overlay 192.168.1.0/24 on one of our other subnets, on the same vlan, and provide a tftp server on it, for reinstalling certain voip phones. When you factory reset them, they don't even dhcp, they use a fixed ip on that subnet, and try to tftp their OS image from a fixed server ip.

0
0

Microsoft catches up to Valentine's Day Flash flaw massacre

doke

VMware Vcenter

I have one thing left that needs flash, VMware Vcenter. Unfortunately, I need to use it for work. I have a separate browser just for that.

That's one example of a growing problem. Many intranets contain legacy devices that need older protocols or ciphers, but for various reasons can't be easily replaced. As the browser companies delete support for those older features, we're forced to use obsolete browser versions to talk with these legacy systems. This becomes a big problem when you have to provide a secretary with two browsers, and tell them "only use browser B for X". They often forget, and venture out on the internet with the wrong browser.

0
0

Let's replace Ethernet with infrared light bouncing off mirrors!

doke

might be good for sensor networks

With all the reflections and interference, I wouldn't expect to get much bandwidth of of this system. However, there are things in a data center that only need limited, intermittent bandwidth, ie distributed temperature sensors.

0
0

Windows code-signing tweaks sure to irritate software developers

doke

Re: H/W vs S/W vs cloud

"a cloud service can be built to be much more secure than most people can build their own."

"can be built", "has been built", and "has been maintained" are all very different. I've seen several cloud services that were designed with good intentions, built with the best safeguards available, but then turned over to morons to operate and maintain. After a couple years, they're worse than useless.

1
0

Stop replying! pleads NetApp customer stuck in reply-allpocalypse

doke

IT people should be able to filter email

Anyone working in IT should know how to put filters on their email, and know not to reply all to this sort of thing. Anyone who replied into the mailbomb just announced their incompetence to the entire group.

3
0

Microsoft Germany says Windows 7 already unfit for business users

doke

MS Access

MS Access. Probably only serious data analysts really need it

No serious data analyst would ever use a toy like MS Access. They use Teradata, Oracle, etc. For smaller things, Postgresql and Mysql are great. A real object storage system, or relational database, combined with even a little elementary script coding is far more powerful than Access.

For other types of work, SAS or R are good. It depends on what you're doing.

I've occasionally had to deal with "applications" that a consultant had written in Access. They were always horrible, and scaled very badly. They always seem to try to develop with test data of a few hundred rows. Then they're surprised when the business dumps in 100,000 rows, and their app falls over.

2
0

US cops seek Amazon Echo data for murder inquiry

doke

buffer in ram

Why would there be anything to extract from the device? It should be keeping the audio buffer in RAM. If it were in flash, it would run through the erase cycles too quickly. So when the cops unplugged it, it should have blanked. If they left it plugged in, it should have overwritten that part of the circular buffer after a few minutes.

0
0

Christmas cheer for KCL staffers with gift of extra holiday after IT disaster

doke

Too little

Two days of paid vacation is a nice thank you, but hardly compensates for what I estimate was several weeks of unpaid overtime to fix this mess.

5
0

'So sorry' Evernote rips up privacy changes

doke

Replacements?

What are people using instead of Evernote? I'm playing with Turtl for anything private, and Google Keep for unimportant things (ie grocery lists).

1
0

Google proudly regards dented shovel as Flash lies supine on the floor

doke

Re: Chrome will run the auto-play video ad ...

For mozilla and palemoon, put this in your user.js, or do it through about:config.

user_pref("media.autoplay.enabled", false);

12
0

It’s Brexploitation! Microsoft punishes UK for Brexit with cloud price-gouging

doke

existing contracts and future instability

I suspect part of the price hike is to compensate for the existing contracts at lower prices. The new ones get gouged to make up for MS's losses on the old ones. Also, they may be factoring in some "insurance" for future instability in the UK pound vs the US dollar. Between BREXIT and Trump, the financial future is uncertain.

2
0

Experts to Congress: You must act on IoT security. Congress: Encourage industry to develop best practices, you say?

doke

Standards in the US would also affect china, due to dev costs

It's expensive to make multiple versions of code for an IoT device. So imposing security standards for selling into the US will cause the IoT developers to improve their code in products released worldwide.

The same thing happened when Europe legislated Reduction of Hazardous Substances. It took a few years, but now virtually all consumer electronics meet RoHS, regardless of the country they're sold into.

2
0

Ubuntu 16.10: Yakkety Yak... Unity 8's not wack

doke

snaps are a stupid way to badly reinvent LD_LIBRARY_PATH

For over 20 years, every version of unix I'm aware of has supported using the LD_LIBRARY_PATH environment variable to avoid library conflicts. If you need a specific version of libjpeg, just put it in it's own directory, and set the variable.

10
0

US government wants Microsoft 'Irish email' case reopened

doke

Re: users don't control where data resides?

These large multinationals have billions in cash reserves. Why don't they buy an island, make their own country, and move their HQs there?

1
0

Having offended everyone else in the world, Linus Torvalds calls own lawyers a 'nasty festering disease'

doke

lawyers scare deveopers into leaving projects

Linus is right about the BusyBox GPL lawsuit. Bringing in lawyers scared the developers into leaving. That ended up hurting everyone.

Programmers usually don't understand or trust lawyers. There have been too many stories about people losing everything. The developers don't want to be caught in the splash zone, so they abandon the project. It can take years to recover.

0
0

Kindle Paperwhites turn Windows 10 PCs into paperweights: Plugging one in 'triggers a BSOD'

doke

Re: a slow motion trainwreck

"And then COME BACK because the software they need doesn't run anywhere else. You might as well be Walking on the Sun..."

Why do people keep repeating this FUD? I'm a network and systems administrator. There are only two applications I still need for work that require windows. I very seldom use either. Both run fine in VirtualBox VMs. One actually runs better in a VM than on bare metal, due to quirks in how it's networking interacts with VPNs. There used to be more, but most of them now have Linux replacements. My need for windows has shrunk dramatically over the years.

0
0
doke

Re: is there a comprehensive list of cockups?

I would suggest VirtualBox, VMplayer, or something similar, to run windows VMs as guests on your Linux system. You can snapshot the windows image, and back out when it eats itself. It gives windows a simpler, virtual, "hardware" platform with more common drivers. It lets you sharply limit access to attached devices. For example, you can explicitly list which USB devices the VM can see. I have two of these guest VMs, one for each windows only software application I still need. Keeping them separate also keeps the apps from fighting over DLLs.

0
0

Apple is making life terrible in its factories – labor rights warriors

doke

statistics are inadequate to draw any conclusion

This report is based on too little data to mean anything, nor draw any conclusions. On page 1 of the pdf, "http://www.chinalaborwatch.org/upfile/2016_08_23/Pegatron-report%20FlAug.pdf", the report says "Pegatron is one of Apple's major suppliers, employing almost one hundred thousand workers in Mainland China". Most of the numbers in the report are based on paystub data. However, on page 5, there is a table showing how many paystubs they analysed. Over 10 months, they collected a total of 2015 paystubs. One month, Jun 2015, they got only 4 paystubs. The peak was 1064 in Oct 2015. The average number of paystubs they got per month was 202. That is only 0.20 % of the workforce. That is not enough data to be a worthwhile statistical universe.

I have no doubt Apple is pressuring them to reduce costs. Conditions there might well be awful. However, I can't tell one way or the other from this study, because it's statistics are insufficient.

1
0

Microsoft tweaks TCP stack in Windows Server and Windows 10

doke

Re: Of course...

I understand you're joking. However, Linux has had most of these things for years. The exception is LEDBAT, RFC 6817. The actual dates are

RFC 7413 TCP Fast Open (TFO): kernel 3.13, 19 Jan 2014, https://kernelnewbies.org/Linux_3.13

Initial Congestion Window 10 (ICW10): kernel 2.6.39, 18 May 2011, https://kernelnewbies.org/Linux_2_6_39

TCP Recent ACKnowledgment: 4.4, 10 Jan 2016, https://kernelnewbies.org/Linux_4.4

Tail Loss Probe: 3.10, 30 Jun 2013, https://kernelnewbies.org/Linux_3.10

TCP LEDBAT RFC 6817: As far as I can tell, Linux does not have this yet.

7
1

Linux letting go: 32-bit builds on the way out

doke

Re: Fair Enough

adafruit has an article on making a raspberry pi notebook kit. I don't think it's going to compete with a real notebook anytime soon. However, it looks like an interesting toy.

https://learn.adafruit.com/mini-raspberry-pi-handheld-notebook-palmtop/overview

0
0

Looking good, Gnome: Digesting the Delhi in our belly

doke

appearance over function

Gnome has a long standing problem with valuing appearance over functionality. They keep making big, fat titlebars on everything that eat up screen real-estate. Yet, their image app is just now obtaining some of the functionality that xv had in 1993.

They don't understand that a window manager should be a tool that helps you get things done, but otherwise gets out of your way.

They also have an arrogant belief that their graphic design and use cases are the only things users will ever need. They have been actively deleting customization options.

9
0

Adobe...sigh...issues critical patch...sigh...for Flash Player zero day

doke

vCenter and Pandora

VMware vCenter and Pandora run in Flash. Sigh.

0
0

Cisco says CLI becoming interface of last resort

doke

GUIs don't scale

I've got over 1000 switches, and 60+ routers, firewalls, and load balancers from 5 different vendors. I've never seen a GUI that comes close to handling all that. We used to have CiscoWorks, but it only applied to our Cisco devices, only did a few things, and didn't do those well. I don't have time to repeat a gui action on hundreds of devices. I _need_ to use APIs, and scriptable CLIs.

0
0

Biting the hand that feeds IT © 1998–2018