nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Daniel B.

3162 posts • joined 12 Oct 2007

Hacky hack on whack 'Hacky Hack Hack' Mac chaps hack attack rap cut some slack

Daniel B.

Well done

This is now my top El Reg headline!

Google Spectre whizz kicked out of Caesars, blocked from DEF CON over hack 'attack' tweet

Daniel B.

Re: Security did no homework, just gut reaction

Defcon security did get involved and cleared out the issue.

Daniel B.

Re: And the airlines are wrong

There’s DEFCON China now, but if anything that’s an actual oppressive regime you’d be dealing with.

iPhone 8 now outsells X, and every other phone

Daniel B.
Boffin

Re: Has nothing to do with "first batch product"

StarTac probably didn't make it to the UK due to it being an analog phone (AMPS/NAMPS) released at a time when the EU had already jumped to GSM.

As for iPhones: I just upgraded from the 5s to a 6s. Why? Because the 6s is the last one that has the jack, and the 7 and 8 are still stupidly expensive at this point. And the X is already a non-starter as it removed the Home button and it has that horrible notch thing. I can cheer for Apple though, thanks to the X any non-X iPhone user is now less prone to being mugged or getting their phone stolen. The X is now the ultimate "mug me, I'm rich!" sign.

Other than that, I find it really dumb to splurge so much money on a smartphone. Especially when it's ugly.

Eclipse Foundation pushes faster, cloudier Jakarta EE

Daniel B.
Boffin

Lennart Poettering

I wouldn't sic Lennart Poettering even on my worst enemy. He's already ruined my formerly favorite OS with systemd, I'm not letting him touch anything related to computers.

Reg writer Richard went to the cupboard, seeking a Windows Phone...

Daniel B.
Boffin

Blackberry OS

Well, the old school Blackberry OS did have quite a number of apps, and at some point they were very useful for everyone. But they fumbled because the Blackberries were horribly underspecced and the "classic" OS was slow as hell. By the time they pushed out BlackBerry 10 it was too late, and their "clean slate" approach to apps (instead of offering a migration path) pretty much doomed them at a time when iOS and Android were taking the top spots for devs. Had they released BB10 back in 2009, when they were still one of the top players, they might've survived.

Hell, Nokia was on the right track on this; they were improving Symbian and cooking up a Plan B OS (Maemo, Harmattan) in case Symbian didn't survive. They were even looking into a migration path from Symbian to Maemo/Meego/Harmattan. It wasn't until Elop came in and set everything on fire that Nokia went down hard. All because Elop had to Borg Nokia for his Microsoft masters. Fortunately Nokia was able to jettison the diseased arm before it took them down.

Daniel B.
FAIL

Re: I use windows phones (because no one else will)

But then, there's many of us who don't give a crap about apps. We just want a mobile phone to use as a phone, not some dinky, overpriced, portable computer.

That doesn't counter the previous user's comments though. He specifically mentioned a Smartphone, not a regular phone. If you want just the phone part of the thing, that's what feature phones, or even dumb cellphones are for. They're even coming back, through the revived not-quite-Nokia resurrection which is now free from Microsoft's claws.

Cloudflare touts privacy-friendly 1.1.1.1 public DNS service. Hmm, let's take a closer look at that

Daniel B.
Boffin

Re: 1.1.1.1 conflict

There was some experiment a couple of years ago (2010) where whoever owned the 1.0.0.0/8 block experimented with advertising the 1.1.1.0/24 and 1.2.3.0/24 routes to the 'net. They got hit with a massive flow of garbage traffic due to these kind of stupid configs. It was so bad that they had to give up using those blocks. Wonder if that has been "solved" recently?

This is the experiment.

Daniel B.
Boffin

Re: Still no go

And where does your DNS get its resolution from? What is it’s parent? Or are you one of those muppets that are hammering the root servers directly?

Proper DNS implementation should be hammering the root servers directly. The only time you should be using a "parent" DNS is when you have your own complex DNS infrastructure inside the organization. Most orgs only have one or two DNS servers, in which case using the root.hints is the proper way of doing stuff.

Super Cali neutral traffic bill makes web throttling bogus

Daniel B.

Re: Doubling down?

Double down is recognized by pretty much anyone.

Daniel B.

Re: Secession by San Andreas

I'd rather not have California secede, precisely because they serve as a counterbalance to the Trumpster madness in the rest of the US.

They're not alone, the Northeastern Corridor also keeps mostly blue, but their 55 EC votes are necessary.

Windows Mixed Reality: Windows Mobile deja vu?

Daniel B.
Boffin

Re: Just the usual then ....

Ok, my previous comment may have sounded like unfounded hate for the platform ... but that wasn't the case in the beginning. Remember HPCs? Those sounded awesome, and that was what Windows CE was made for. I even owned an HP Jornada at some point, which was pretty good for its time. I was more of a Palm guy myself, but those ceased to be good when they went WinMo. The HP Jornada, however, never ceased to be good.

I actually think that the downturn came around the time they decided to morph Windows CE into Windows Mobile. From there they started doing weird things with the platform, then decided to kill it and create Windows Phone ... and everything from there was just pure crap.

I had quite a number of friends using Windows Mobile phones, mostly latecomers to Palm and a couple of pre-Android Samsung handsets. I only got to see a single person using a Windows Phone handset, and he hated its guts.

Daniel B.
Devil

Re: On the positive side...

Their mentality was as though they had dominance. It was so arrogant, it was embarrassing. One of the (many) things that's made me move away from Windows development.

They're used to that arrogance; somehow they don't realize that outside of the desktop/laptop PC OS and office productivity software, they're far from being the predominant player.

See how they pissed away their market share by trying to pull off the DRM fiasco and then ram Kinect down everyone's throats. By the time they relented, it was too late and the PS4 was outselling them 2:1. Even the Switch has sold more units, and that platform was released years after the XBone(d).

Daniel B.
Boffin

Re: Just the usual then ....

Agree with everything but this:

Kill Windows Mobile which with proper development would have been a major competitor for Google / Apple

Nope, Windows Mobile was a stillborn platform. Only Microsoft could believe that anyone would voluntarily get suckered into "that shit OS that always crashes on PCs". They went through many iterations of it and all of them failed. Windows CE. Windows Mobile. Windows Phone. Windows RT. The only thing where they succeeded was in killing any sucker that bet on the platform for their hardware: Sendo, Palm, Nokia. At least Nokia was able to jettison the diseased post-Elopocalypse crap before it took them down.

Europe is living in the past (by nearly six minutes) thanks to Serbia and Kosovo

Daniel B.
Coat

I know what happened

It's Hackerman, he hacked too much time!

Mine's the one with the Kung Fury logo.

James Damore's labor complaint went over about as well as his trash diversity manifesto

Daniel B.

I suspect this article caught the eye of the MRAs, MGTOW and their ilk, which would explain why the comments section seems odd compared to the regular commentards.

X.509 metadata can carry information through the firewall

Daniel B.
Boffin

Re: Erm...

> If you even remotely care about security, you’ll need to check the client certificate at the firewall

You can't do that unless your firewall is performing a man-in-the-middle attack on the session - that is, spoofing a false server certificate back to the client, which the client is configured to trust.

Both are sort of right. You can check both client and server certificates at the firewall, because at that point, the communication is still being made in cleartext. Certificate exchanges are sent as part of the initial handshake. Firewalls are capable of MITMing stuff... however, parsing an X.509 certificate and validating it is going to be resource intensive. It's less the job of a regular firewall and more of an IDS/IPS thing, and even then it's going to be so resource intensive that it'll slow down all outgoing traffic. Why? Because you'll need to check all outgoing traffic, see if it's an SSL/TLS handshake, then check the handshake itself, parse the X.509 certs, validate them .... you get the idea.

This is going to suck, because the only way I see this being mitigated is by forcing all traffic to go through proxies, then having those proxies offload all CONNECT requests to an IPS. There's a lot of software out there that shits itself whenever you try to make it go through a proxy...

Daniel B.

Re: Erm...

The certificate contains the data because that way, you can initiate a TLS connection, have it fail and the firewalls and IDS/IPS systems will only register a failed connection. However, the data dump will already have been sent.

It's sending information on a channel nobody's expecting to actually contain data.

What did we say about Tesla's self-driving tech? SpaceX Roadster skips Mars, steers to asteroids

Daniel B.
Unhappy

Re: "a space-faring publication"?

On a side note, whatever happened to LOHAN?

There hasn't been an update since 2016.

Lester died in 2016; thus the project died with him.

Pro tip: You can log into macOS High Sierra as root with no password

Daniel B.

Re: version?

Ah, someone has been paying attention to the internal Office version shown in the Registry.

Daniel B.
Boffin

OSX user here, and it's a vulnerability. It's probably somewhat mitigated in the sense that setting a password for root plugs the hole, but it's still an embarassment. Not sure if it's remotely exploitable, which would be bad. If it allows for su - without a password, it's probably bad, but it would still require someone to log in with a valid username/password before exploiting it.

If someone already has physical access to the system, there are larger issues at hand.

Dick move: Navy flyboy flings firmament phallus for flabbergasted folk

Daniel B.

Re: Is it too late...

I did use that reference when I retweeted it.

Daniel B.

Superb skills

I hope he doesn't lose his flight status due to that dick move. He's pretty talented to be able to draw that dog with his dong^Wjets, I mean, jets.

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

Daniel B.

Not quite

X.509 *certs* are usually valid for 1 or 2 years. The actual keys can be reused and in fact many companies do so because they don't have to generate another CSR if they do so. Bad practice? Sure. But not uncommon.

A draft US law to secure election computers that isn't braindead. Well, I'm stunned! I gotta lie down

Daniel B.
Coffee/keyboard

President Pence

Now that made my day! And also buy a new keyboard!

Malware hidden in vid app is so nasty, victims should wipe their Macs

Daniel B.

Re: A complete wipe?

Internet recovery is only used if the user explicitly chooses it, or when there is no recovery partition on the HDD/SSD.

Dumb bug of the week: Apple's macOS reveals your encrypted drive's password in the hint box

Daniel B.

The Neutered Disk Utility

I knew I couldn't be the only one mad at this change. I actually held off upgrading to El Capitan because of it. Ended up jumping from Yosemite to Sierra on April because APFS was actually piquing my interest. I didn't really expect it to be released with these kind of bugs, though.

Azure fell over for 7 hours in Europe because someone accidentally set off the fire extinguishers

Daniel B.

BOFH

So I guess we now know where the BOFH is working at these days!

Why the Apple Watch with LTE means a very Apple-y sort of freedom

Daniel B.
Boffin

Re: Heh. A no-win situation with El Reg

Mobile operators have been clinging desperately to physical SIMs in order to prevent customers from switching easily.

Quite the opposite. Mobile operators would love for someone to make non-removable SIMs a thing as that would mean they would get handset lockdown for free. That's what used to happen in the pre-GSM world, and what has been going on for decades in the US with the horrible CDMA carriers.

I hope this crap doesn't take off, because the moment this jumps into GSM handsets, operators will lock 'em down hard. And all because Apple has to keep their control freakery alive.

Fancy that! Craft which float over everything on a cushion of air

Daniel B.
Boffin

I remember them

First learned about them thanks to Quest magazine, which showcased how they worked. Though I had seen them in the Snoopy feature where the Peanuts gang goes to France. Back then, the magazine was also talking about a huge engineering feat: the construction of the Chunnel.

Google sued by Gab over Play Store booting

Daniel B.
Trollface

Gab?

What's that?

Given that the examples for social networking they used are far from being the predominant players anywhere (even Google has realized that Google+ is just not going to take off), it'll probably be dismissed.

We don't need another hero: Huawei overtakes Apple – even without a big-hitter

Daniel B.

@Hans 1

Interesting story.

I've got a 5s as well, and it still works pretty well; I got mine in 2015 as I didn't want the monster sized screens. It still works, the only caveat being the 16Gb storage (should've gone for 64Gb) but other than that, it works. And yes, I've got the latest iOS version installed.

Compare to my wife's Huawei, which is sluggish and keeps crashing even though it's just a year old.

Honestly the only ones I haven't seen go bad are the Samsung phones. Most cheap android devices just stop working as intended after the first year.

WikiLeaks a 'hostile intelligence service', SS7 spying, Russian money laundering – all now on US Congress todo list

Daniel B.

Re: Do you realize...

Ask Karen Silkwood how that works out.

Nokia's comeback is on: The flagship 8 emerges

Daniel B.

Lumia

Please don't talk about those. I consider them the reason why Nokia nearly died, as they were the ones made after the Elopocalypse.

Red Hat banishes Btrfs from RHEL

Daniel B.
Happy

Re: Anyone else just use ext4?

Ah, I thought I was the only one keeping to RHEL/CentOS 6 to avoid the systemd crap. I'm using a mix of ext4 and xfs on those systems. :)

Daniel B.
Boffin

Re: I <3 btrfs

Light years ahead of anything Windows can do.

Everything is light years ahead of anything Windows, period.

As for snapshots, that's available on ZFS too, mostly because btrfs was originally born as an Open Source equivalent to ZFS, mostly sponsored by Oracle. But then Oracle bought Sun and they got access to ZFS, so btrfs was "no longer important". :(

I did try btrfs at some point, but it just didn't work well, so I had to move to ZFS. The latter is supported on pretty much every single OS except Windows (again, everyone's light years ahead of Redmond's OS) so it also serves as a multiplatform FS.

Daniel B.
Boffin

Re: ZFS is the right choice for a server system

For a start. The very founding principle of ZFS (that many people forget) is that it was designed as, and continues to be maintained as a JBOD DAS file system.

This is actually a feature. You simply stick disks into your system, and set up zpools with RAIDZ1/2/3 instead. You'll get exactly the same functionality offered by RAID5/6, but without the dependency on the RAID controller. Ever had a RAID controller failure? Back in 2009, I found out that fakeraid controllers do weird stuff and thus their "RAID" arrays can't be read by other controllers, only the ones from the same brand/chipset you originally used.

ZFS pools can be imported to any system and will always work.

So yes, I'd rather have ZFS on raidz2 than a RAID controller that might leave me SOL if it breaks down and I can't get the same chipset when it does.

World's largest private submarine in mystery sink accident

Daniel B.

Re: Pictures

It's the caterpillar drive, of course!

WannaCry kill-switch hero Marcus Hutchins collared by FBI on way home from DEF CON

Daniel B.
Meh

Welp

This kinda makes me feel better I didn't make it to DEFCON25. But damn, this has all the hallmarks of sloppy investigation. Why would a malware author willingly travel into the US?

50th anniversary of the ATM opens debate about mobile payments

Daniel B.

Naaaah

I know a lot of people that aren't ever going to let go of cash.

Daniel B.
Joke

Well...

Every time I read "cheque" in an English article, I'm wondering if Spanish is really taking over the language...

Create a user called '0day', get bonus root privs – thanks, Systemd!

Daniel B.
FAIL

Re: POSIX

Y'all be joking about 1234 as a password, but I once worked at a place where the "secure" default password was 1223, because "everyone might try 1234, but they won't think about 1223! See, secure!

Daniel B.

Burn it

Please just kill the ducking thing. Get rid of systemd and bring back upstart. This is getting stupid.

Daniel B.

Re: POSIX

I actually know some companies where your login is your employee id. Yes, including in UNIX systems.

Feelin' safe and snug on Linux while the Windows world burns? Stop that

Daniel B.
Boffin

Re: Market share? What market?

Having worked in some fairly large enterprises, I have typically seen from 100% Windows to about 60-70% Windows. That's including ~1,500+ server estates with ~1k Windows and ~400 Linux - the rest were either big strange beasts (mainframe and similar) or VMware hosts.

Financial sector here. Large banks, and I mean large enough to be known globally, have all their stuff running on UNIX. At a certain bank where I worked at, the majority of servers were Sun hardware running Solaris, IBM blades running Linux, and a dozen Windows servers used as domain controllers. And of course, the core systems running on IBM Mainframes.

But really, the ratio of UNIX-to-Windows was something like 300 to 10, and I'm probably being generous to Microsoft.

Daniel B.

Re: about 12 per cent of servers run non-Windows OSs!?

Someone was wearing the Microsoft-tinted glasses when they made those stats.

U wot M8? Oracle chip designers quietly work on new SPARC CPU

Daniel B.

Me likey

Any going forward with RISC non-Craptel stuff is good. :)

Microsoft boasted it had rebuilt Skype 'from the ground up'. Instead, it should have buried it

Daniel B.

Not surprised

Remember, this is the company that came out with the Ribbon, the Windows 8 UI and thought that anti-consumer DRM was an awesome feature for their next generation gaming console.

Daniel B.

Re: Completely normal from Microsoft

Also known as the Xbox moment, when you realize that your shit sandwich only made everyone flock to the PS4.

Daniel B.

Re: midas != microsoft

There's an emoji for that!

The Register - Independent news and views for the tech community. Part of Situation Publishing