* Posts by Frumious Bandersnatch

2662 publicly visible posts • joined 8 Nov 2007

Five-eyes nations want comms providers to bust crypto for them

Frumious Bandersnatch

"deal with the relentless threats of terrorism"

When are our legislators going to declare war on rust? Rust never sleeps, and neither should we. Someone should do something! It's a travesty!

Don't panic, but Linux's Systemd can be pwned via an evil DNS query

Frumious Bandersnatch

At some point in the article

I shifted to voicing this in my head to sound like an overeager game show host. Come on down! Systemd, you're a winner! Remember, you can't get these prizes anywhere else, because, systemd, there is no other game in town! Applause! That's right. Yeah!

Ever wondered why the universe only has black holes in S or XXXL? No? Boffins have an answer

Frumious Bandersnatch

Baby Astrolab

http://www.lyrics.com/lyric/1223049

US engineer in the clink for wrecking ex-bosses' smart meter radio masts with Pink Floyd lyrics

Frumious Bandersnatch

The story (and post about "shorter sentences") reminds me ...

A story I heard on the radio in Ireland. A certain station master was responsible for making reports to head office whenever there was a train accident or derailment. Had something of a literary bent, it seems, because his reports ran into several pages of quite descriptive prose about the ins and outs of the incidents and the actions taken to get things back on track.

Head office got a bit pissed off with the length of his reports and asked him to be a bit more to the point. The station master complied, and the next time there was a derailment (in 1921), his report simply stated: "Off again. On again. Gone again. Flanagan"

UK Parliament hack: Really, a brute-force attack? Really?

Frumious Bandersnatch

Re: Not only missing 2FA

That was my first thought. My second is to only allow password-less logins via the MP creating a public/private key pair and handing over the public key to the IT guys in a controlled setting.

Works fine for ssh (where I can upload my key and store it in the authorized_keys file, then disable login via a password), so I'm pretty sure that it should work for TLS/SSL as well (and is apparently resistant to MITM, with ssh, at least). You might have a bit more work to do with regard revocation of an authorised login key, but that's par for the course.

Lordy! Trump admits there are no tapes of his chats with Comey

Frumious Bandersnatch

Trump "admits"

Should be "Trump 'claims'"

Using "admits" suggests truthfulness on the part of the person who made the statement.

<crickets>

Speaking in Tech: IT's a GaaS with Trump at top

Frumious Bandersnatch

Re: GaaS

Gallium Arsenide? Guests as a Service? Gas as a Service (Grace ala Soylent)? Gateaux as a Service (with simultaneous option of eating and having)?

Ah, it's "Government as a Service".

Breach at UK.gov's Cyber Essentials scheme exposes users to phishing attacks

Frumious Bandersnatch

the Morissette Scale?

You mean that song with a list of non-ironic things interspersed with a refrain of "Isn't it ironic?"

No, Alanis, it is/they are not.

Labour says it will vote against DUP's proposed TV Licence reforms

Frumious Bandersnatch

Re: Amazon and Netflix?

every programme seemed to revolve around how technology would destroy the world.

And we didn't listen! <fist shake>

Frumious Bandersnatch

Re: News to me

Funny. I watch it on FreeSat and I don't have a licence. I live in the RoI, and I guess that many Europeans can pick up the same signal without paying anything. Same with C4, which also gets some of the licence fee, AIUI.

Raspberry Pi sours thanks to mining malware

Frumious Bandersnatch

"Raspberry Pi sours"

https://www.quora.com/What-do-blueberries-raspberries-and-blackberries-taste-like

Raspberries are already sour ("sauer" being the German for "acid[ic]")

Frumious Bandersnatch

"Change your default user name"

You mean "change your default password".

Jeez.

Frumious Bandersnatch

change the password for the username “Pi” to

You mean "pi". (yes, I used "logical" quoting there)

Two leading ladies of Europe warn that internet regulation is coming

Frumious Bandersnatch

"Don't mess with Merkel"

Well, if she wants her own May-style folly, bring it on. Hubris has no borders.

In detail: How we are all pushed, filed, stamped, indexed, briefed, debriefed or numbered – by online biz all day

Frumious Bandersnatch

Living and non-living things keep exchanging properties.

DUP site crashes after UK general election

Frumious Bandersnatch

> Ulster Unionists != DUP

You mean "Ulster Unionist Party" != "Democratic Unionist Party"

Being picky "Ulster unionists" is probably the better correction here. Just giving the OP the benefit of the doubt, here.

Donald Trumped: Comey says Prez is a liar – and admits he's a leaker

Frumious Bandersnatch

Re: Two things..

But if it's the other side, if it is Trump who has the recordings, then why not release them? He's clearly not one for keeping quiet about anything he thinks might make him look good or might sound "heroic", no matter how much it actually backfires.

Dougal: Actually, Ted, you've done this to me before, so I took the liberty of taping the conversation

Now, we'll just have a listen...

(starts tape) "..."

Dougal: I stand corrected

https://www.youtube.com/watch?v=hPCH4rZU-3Q

Frumious Bandersnatch

Needlessly ambiguous terms

https://www.youtube.com/watch?v=U6cake3bwnY

This is going to be that "let's hope Professor Rickson meets with a little accident" all over again.

Australia to float 'not backdoors' that behave just like backdoors to Five-Eyes meeting

Frumious Bandersnatch

Re: To be fair...

> Some of the really sneaky ones don't even use proper letters

なんてこと、あのやろう!

Frumious Bandersnatch

Marmite In The Middle

Trust the Antipodeans to support this sort of thing.

Oh, wait. I think I was confusing it with Vegemite.

NSA leaker bust gets weirder: Senator claims hacking is wider than leak revealed

Frumious Bandersnatch

curiouser and curiouser

I seem to have fallen down a rabbit hole.

UK PM Theresa May's response to terror attacks 'shortsighted'

Frumious Bandersnatch

> Encryption = mathematics + a tiny bit of programming

I'm probably as smart as the next guy (or even more so), but I could never get my head around Galois field extensions in AES.

Still, I can always download the free libs ...

Frumious Bandersnatch

as a non-Brit

I suggest tactical voting: pick whichever local candidate is most likely to prevent hollow May from getting a working majority.

Strong and Stable my arse. Don't you think she looks tired?

Go and vote!

Silicon Graphics' IRIX and Magic Desktop return as Linux desktop

Frumious Bandersnatch

Re: Too long ago to remeber exactly what it was

use of 'xhost +' or 'rsh' considered dangerous, perhaps?

8 out of 10 cats fear statistics – AI doesn't have this problem

Frumious Bandersnatch

Re: Statistics killed Jesus

I think that you'll find that it's "someone's karma ran over his dogma"

Frumious Bandersnatch

Re: Oh the irony

Absolutely.

The way to look at this is to calculate the margin of error for this sample.

The sample size is 2692+2128 = 4820

We calculate the 95% margin for error as 1.96 * sqrt(0.5 * (1.0 - 0.5) / 4820) (footnote)

This gives 0.0141157044469341 which says that 95% of the time, the expected number of women will be within 50 +/- 1.412%. This translates to a range of 4820/2 +/- 68 people, or [2342,2482]. The value 2,128 is outside this range so all we can say is that using a 95% confidence interval, the assertion that males and females are equally represented (p=0.5) is not supported by the sample.

Chi-squared is slightly different since it's a measure of fit of a set of individual observations to the expected, but the above is effectively its application to the average case (ie, it ignores the spread of individual samples). Neither provides a measure of how unrealistic/unexpected the result [set] is, as Vaidotas Zemlys has pointed out.

footnote: http://www.dummies.com/education/math/statistics/how-to-calculate-the-margin-of-error-for-a-sample-proportion/

Florida court's schizophrenic rulings throw mobe passcode privacy into doubt

Frumious Bandersnatch

Re: Big Surprise

Yeah. I came comment along the same lines... Where's the Florida tag? That's a thing, right?

NASA Sun probe named for solar wind boffin Eugene Parker

Frumious Bandersnatch

Chris Waddle

This post must contain a body.

How the Facebook money funnel is shaping British elections

Frumious Bandersnatch

another guardian article

Makes for pretty chilling reading:

https://www.theguardian.com/technology/2017/may/07/the-great-british-brexit-robbery-hijacked-democracy

I notice that any article that mentions Cambridge Analytica over at the Graun has a new note at the top stating:

This article is the subject of separate legal complaints on behalf of Cambridge Analytica LLC [and SCL Elections Limited, and Sophie Schmidt.]

(the "and" bit might vary across articles, but you get the gist)

While spending over campaign limits because Facebook and so on aren't covered by regulations is one thing, the use of targeted ads that use bulk, aggregated data about individuals is what's really scary. The fact that this also seems to be done outside the EU, and so isn't subject to privacy laws should be giving everyone cause for concern.

EU axes geo-blocking: Upsets studios, delights consumers

Frumious Bandersnatch

doesn't go far enough

I set up ipv6 recently, over a Hurricane Electric tunnel. I'm in Ireland and I picked a tunnel endpoint in England. I could have picked Ireland or Holland or anywhere, really. However, whichever one I picked, it would have fucked up a perfectly valid and legal Netflix subscription because they consider me as being someone who's using a proxy to defeat their region locks. Bit of a sledgehammer approach.

I can understand the old processes involved in setting up contracts for regional distribution of films and such, but seriously, in this day and age with so much old content and internet-based delivery, why should we still have geoblocking on so much stuff? The argument about promotion and localisation in each region is bogus so long as the channel provider is still counting eyeballs and paying up as they should. I don't need to see promo material for shit that I watch. I just want to be able to watch shit and have the channel make sure that the content creators get paid. Sort of like a FRAND for consumable digital content. Is that so hard?

I need an ISP that offers IPv6. Virgin Media: Whatevs, nerd

Frumious Bandersnatch

Re: need? really?

Hard to imagine there would be any services out there that would be IPv6 only.

The biggest plus for home users, as far as I can see, is that if you want to run servers from your home network, then going ipv4 means that you need a static ipv4 address which costs more. If you have native ipv6 and a reasonable amount of tech knowledge you can partition your network and transition from an ipv4-style DMZ into the equivalent ipv6 version. So, all those family-shared photos can go straight to your secure ftp/webdav server instead of Facebook or other cloud servers.

I'm pretty sure that a big factor in ISPs not supporting ipv6 is that they realise that it means that they won't be able to charge extra for static IPs. That, and not wanting to spend money on staff training.

Frumious Bandersnatch

Re: If in the UK, I recommend

Surely that should be AAAA? We are still talking about ipv6, no?

Windows is now built on Git, but Microsoft has found some bottlenecks

Frumious Bandersnatch

premature optimisation

Is the root of all evil

UK ministers to push anti-encryption laws after election

Frumious Bandersnatch

Re: I agree

Johnny's in the basement, mixing up the medicine

I'm on the pavement, thinkin' bout government ...

... bad bill ... wants to get it paid off ...

Gravitational waves permanently change spacetime, say astroboffins

Frumious Bandersnatch

Re: So,

Hmm. I read it as meaning that the aether is thixotropic . You never know... dark matter (or maybe dark aether) may end up being anti-thixotropic, solving lots of conundra.

<aside>Igor, pass me my ergometer!</aside>

What is dead may never die: a new version of OS/2 just arrived

Frumious Bandersnatch

Re: Ah, the days

And remember TWAIN, for digital cameras? That's "Thing Without An Interesting Acronym"

(I always thought the M in PCMCIA was "reMember"...)

Sick of Java and C++? Google pours a cup o' Kotlin for Android devs

Frumious Bandersnatch

static vs dynamic typing

Um, aren't Java and C++ both statically typed? (Sure, C++ still has raw pointers and casting, but still...)

We're calling it now: FCC votes 2-1 to rip up net neutrality on Thurs

Frumious Bandersnatch

Re: I wish I were _pyrokinetic_...

"fire" "movement" ... maybe "telepyretic" (causing fire at a distance)?

US judges say you can Google Google, but you can't google Google

Frumious Bandersnatch

lmgtfy

Probably still fine, I guess, since it's showing you how to use the big G.

Lib Dems pledge to end 'Orwellian' snooping powers in manifesto

Frumious Bandersnatch

Re: shame

So if we can't have a free movement of people, but you don't want a hard border, I'm not sure how they can think that's acheiveable?

National Identity Cards.

Japanese researchers spin up toilet paper gyroscopes for science

Frumious Bandersnatch

プライバシーを守るって

さー、俺のちり紙の使い方のビデオを見たら、俺が誰かを必ず認めるに違いない。

プライバシーって、俺の穴だよ。

Warm, wet, mysterious... sound familiar? Ah, yes, you've heard of this second Neptune, too

Frumious Bandersnatch

Less massive planets would have a harder time holding onto lighter elements thanks to solar winds and the like. The lighter elements will obviously be higher up in the atmosphere, making them more likely to be stripped away over time. More massive planets are better at keeping hold of these because gravitational forces are higher, but there are no doubt several other reasons as well (like distance from the star).

Comey was loathed by the left, reviled by the right – must have been doing something right

Frumious Bandersnatch

Re: infuriated those people who know a thing or six about encryption

It's called "key escrow". The device used by the consumer has a secret key that can be used (along with other information, such as the device ID) to recover the session key used to encrypt the communication. The device is supposed to be tamper-resistant, so users aren't able to access the escrow key. A copy of the that key is also stored by law enforcement, allowing them to decrypt the communication whenever they want.

The other way to implement it is to present users with a new encryption scheme that's supposedly secure, but has a flaw that is known to your mathematicians, but (supposedly) not anyone else. This gives them an advantage when it comes to decrypting stuff because it becomes feasible to use some short-cut to brute-forcing the message.

With both sorts of secret (escrow key or "back door"), the security of everything is dependent on how secure that secret is. As we've seen from NSA leaks (giving rise to this weekend's botnet that hit the NHS among others), plus the existence of plenty of hardware and maths wizzes outside of the NSA (or whoever) who can, with enough time, effort and money, crack that secret, rendering the encryption completely irrelevant.

Frumious Bandersnatch

Re: infuriated those people who know a thing or six about encryption

Unfortunately the EFF's signing on to the bogus ...

That's not what the article said. It said that it's worried about "the independence of the office and its ability to conduct fair investigations".

Personally, I don't think that an investigation would come up with enough to tie Trump to the Russians directly, though I suspect that there are others in his entourage who were compromised. Still, if he has nothing to hide, then why should he fear the probe? A normal, sane individual would allow this to run its course. Instead, Trump uses bluster and now, it seems, direct interference in the workings of the investigation. That doesn't project an image of him being free of taint.

the partisan interests of a few wealthy donors.

Surely you're not serious here, or are you back to talking about Trump and Russian donors again?

For now, GNU GPL is an enforceable contract, says US federal judge

Frumious Bandersnatch

It seems that they want to interpret the GPL as a EULA, when it's not.

Frumious Bandersnatch

surely the GLP is, first and foremost, about copyright, not contracts

If it's looked at as a copyright statement, then the default state when you put the appropriate (c) mark on the document is that it is your [the author's] property and should fall completely under copyright laws. If that's all you do, then the position is clear: you [someone other than the author] can't go and copy the material except under certain fair use conditions.

When you add the GPL statement, you are granting certain extra rights (but, crucially reserving certain other rights, such as not tampering with the rights granted, or modifying the document and re-releasing it without continuing to honour the conditions set out under the derived works sections) to anyone who might happen to have or receive a copy of the document. It shouldn't be looked at under contract law. In particular, it shouldn't be necessary for both parties (the author and the person who has a copy) to enter into a signed arrangement.

The question of how the person receives the GPL-copyrighted document should also be irrelevant. It's like the question of whether you buy a book from the publisher, a bookseller or you get it second-hand, somehow. The delivery mechanism or how you came by the copy is irrelevant since copyright resides within the copy itself.

WannaCrypt ransomware snatches NSA exploit, fscks over Telefónica, other orgs in Spain

Frumious Bandersnatch

Re: Extradite the NSA

Someone whisper in Mayhem's ear

Don't you think she looks tired?

Beeb hands £560m IT deal to Atos. Again

Frumious Bandersnatch

Tower model?

Maybe if the reference is to Leonard Cohen's Tower of Song...

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

Frumious Bandersnatch

A force of nature

It's humbling to see such a devastating and wide-ranging attack appear as if out of nowhere. Indiscriminate, uncaring and just plain nasty in it effects. If I were a normal person (well, actually, I am, more or less) and not some puffed up politician, this would leave me speechless and basically in awe of the fact that I am basically a zero when it comes to the new normal elemental forces at play on the Internet.

Microsoft emits code for DIY Linux IoT hubs. Repeat, Linux IoT hubs (that talk to Azure, duh)

Frumious Bandersnatch

not a bad idea, but ...

If you can streamline the installation of a secure VPN and get caching of push data when the link is down, then the convenience factor could be worth it.

However, this is really nothing that a moderately tech-savvy person couldn't do in an afternoon. At least the secure VPN/DMZ part, anyway. The store and forward part will depend on the particular IoT device. Most of them won't admit to this sort of configuration, although all of them should by right allow you to configure exactly where the data will be sent to, and over which network link, rather than being hard-coded to only send to a fixed server or using a proprietary protocol (making me notice that this particular offering has a whiff of embrace/extend/extinguish about it).

Apropos of nothing, I recently lost the drive attached to the Pi that I'd been using as a music/radio player. Nothing lost since it was an old drive that I'd expected to fail. I had also been using the machine's wireless card to provide fail-over Internet access so that if my broadband went down, I could just turn on tethering on my phone and I'd be back online again. I decided to replace the Pi with an ODROID (simple) and then idly wondered about doing the fail-over on my OpenWRT router. Turns out that my wireless card can be used in both client and AP mode at the same time, so once I had that insight it took about an hour to migrate the fail-over completely onto the router. No doubt setting up a VLAN/DMZ would only take a similar amount of time.

Now if only my ISP would support IPv6 in some way.... though I guess that would take a bit more than an afternoon to fully explore :)