* Posts by P. Lee

5267 publicly visible posts • joined 4 Dec 2007

Connected car in the second-hand lot? Don't buy it if you're not hack-savvy

P. Lee

Second-hand cars not safe?

I see the entire car industry weeping huge tears as they glide to the edge of the river and sun themselves on the bank.

A webcam is not so much a leering eye as the barrel of a gun

P. Lee

Would you trust a hardware switch?

Why not?

Just load an os with no specific drivers and see if the USB device disappears when when you flick the switch.

The vendor could fake it but there would be big trouble if they circumvented their security device.

In colossal shock, Uber alleged to be wretched hive of sexism, craven managerial ass-covering

P. Lee
Coat

A hive of donkey coverers?

Only in America...

UK Snoopers' Charter gagging order drafted for London Internet Exchange directors

P. Lee

Re: Didn't this behavior collapse the Empire?

>I am not completely familiar with British history, but somehow I recall hearing that a blind overly-nationalistic belief was the primary flaw in the later empire which eventually led to its collapse.

Er, no.

WWI bankrupted the empire.

From the British point of view, neither of them were in the cause of patriotism. Actually, it was mostly to help out other nations not fortunate enough to have a strong border with their neighbours.

Dead cockroaches make excellent magnets – now what are we supposed to do with this info?

P. Lee

Re: Seems legit

Phase three: cockroach maglev trains

'I'm innocent!' says IT contractor on trial after Office 365 bill row spiraled out of control

P. Lee

Devils and details.

If it was: contract cancelled, service cancelled. What were they expecting?

If on the other hand, they had paid their O365 bill but had cancelled his support contract and he turned off the service because he still happened to have admin access, that's another story.

Either way, I'm sure I won't be the first to think: it wouldn't have happened if it was wasn't Cloud.

Let's take another example... say you run an abortion advice service which relies on government funding. Trump cuts off your government funds and you have a cash-flow issue. If you don't pay your subscription, your entire operation pretty much shuts down immediately. No Excel for the finance team, no Word for the mail merges, no Excel for the tech team IP addressing "database."

Or maybe you run a Muslim humanitarian aid agency, and Trump decides it should be shut down because its aids terrorists. Maybe a rogue employee is helping terrorists - unlikely but possible. Flick a switch and your infrastructure as a service is gone. No media to install from, no offline usage is possible for the OS or applications. Accounting and payroll running as SaaS? It's gone - you can't pay bills or employees. It isn't just that a court order could put you out of business, its the fact that you'll be in no position to fight it. If you can't fight it, the government is going to be able to far more heavy handed.

How fragile do you want your infrastructure to be? How much fragility do we want in the ecosystem as a whole?

FAKE BREWS: America rocked by 'craft beer' scandal allegations

P. Lee

Re: There's no grounds to sue

>There is no legal standard of what constitutes "craft beer" in the US.

I'm guessing that even below 6m barrels, the "craft" part of it is well and truly gone.

US visitors must hand over Twitter, Facebook handles by law – newbie Rep starts ball rolling

P. Lee
Black Helicopters

>This is what you get...

when your party machine wants to keep the media occupied with something inconsequential.

Zuckerberg thinks he's cyber-Jesus – and publishes a 6,000-word world-saving manifesto

P. Lee

>so long as you maintain this level of delusion over the actual role that Facebook has in people's lives and in society, you are actually a big part of the problem.

Indeed. Isolating liberals from reality in the world largest echo-chamber. Enticing them to abandon action in the real-world in favour of self-absorbing involvement with their phones; bombarding them with all the things they "like", distracting them other, more important things; channelling them into commercially safe causes - turning on rainbow filters on their profile pictures, instead of worrying about whether the war on terror might be killing far more people than its saving. Maybe they should stop focussing on which toilets 2.5% of the population want to use and contemplate how to support the 50% of the world's population who live on less than $2.50 per day. Maybe they should question whether prisons should be a commercial venture and if that has an impact on law-making. Maybe they should organise politically to support a candidate who does not have funding ties to big-business.

So many options. Maybe some of them are more important than seeing what the cat of a school-friend from twenty years ago is doing with a ball of wool.

P. Lee

Re: meh

>What's freindface and why do i need it?

So that you realise the truth that you need more Cuke in your life.

Why I had to sue the FCC – VoIP granddaddy Dan Berninger

P. Lee

>it's independently powered, which is one reason it's still usable (and sometimes essential) in the event of a power failure (because the telcos keep backup power running just for that reason--911

Until you have a phone with an answering machine on the end of the line, in which case, once the power goes out, you'll lose the whole lot, self-powered line or not.

There is a case for battery-backup in this case, much as there is for fibre-connected phones.

P. Lee

Re: less gummint regulation is nearly always a good thing

The problem with tagging packets is that you get companies like MS who tag all their packets to get the best speeds.

And yet again the Net Neutrality is misconstrued. It isn't about all packets being equal, its about all packets of a particular function being equal, regardless of source and destination. So netflix gets, "streaming media" priority equal to any other "streaming media." They are welcome to buy their own links into an organisation (priced equally for all purchasers), and they are welcome to buy their own colo cache servers (priced equally for all purchasers), but they must not be able to do a deal which gives them priority over other providers.

Where it gets hazy is when someone starts a new service with a new (say) port number which makes it onerous for ISP's to work out how to treat data. That SSL VPN means voice is no longer treated as high-priority. Streaming over https (hello youtube!) rather than RTSP hides the data content, which is bad. Tunnelling everything over https is bad, but we do need to be able to do encryption, so transport-mode IPSEC rather than tunnel-mode needs to be a thing.

Government regulation is required because these organisations tend towards monopolies and as companies grow they also influence the legal situation to their favour. This must be stopped and the power of its stopping must not be dependent on funding.

Enterprise IT storage – where being fat and very dense is, um, a good thing. Right, Cloudian?

P. Lee
Coat

Looks at logo and name

Cloudians of the Galaxy, fighting the Evil Decepticons!

Cloud! Ah-ah! Saviours of the data-verse!

Haven't deleted your Yahoo account yet? Reminder: Hackers forged login cookies

P. Lee

Re: Oh dear

>These are technology companies who cannot manage simple security activities and treat their customers' data with contempt.

I think you've misunderstood who the customers are. Their customers are the ones paying for the advertising. Who are you?

Global IPv4 address drought: Seriously, we're done now. We're done

P. Lee

Re: IPv6 is fundamentally broken

Remote parties have many ways to track users across sessions. IP addresses are a very crude proxy for a user and as long as there is the possibility of NAT, proxies or multi-user hosts, the user-to-ip mapping is far too fragile to be definitive.

P. Lee

>How many users actually need a permanent real IPv4 address?

Anyone who wants a VPN?

Part of the call for all these cloud services (gotomypc, onedrive) is the lack of proper infrastructure.

We need ipv6... and we need decent firewalls. One without the other isn't much use.

P. Lee

Re: IPv6 is fundamentally broken

>Haha, check it out guys. This one wants NAT.

Yeah! Let's use a firewall to break the whole connectivity model instead of just blocking access.

There's lots that is hard and probably wrong in IPv6, but not needing NAT ain't part of it. We need to use it and iron out the kinks, not avoid it.

Infosec pros aren't too bothered by Trump – it's his cabinet sidekicks you need to worry about

P. Lee

Re: Elections

>1 Person = 1 Vote (majority wins)

That would be better than the electoral college for a presidential election. However, the result was pretty close. This would not be a reliable way to make sure you don't get a Trump.

P. Lee

Re: What an asshole

>if you didn't vote for Clinton, you voted for Trump by throwing it away to an (unfortunately) useless "third party."

And that, ladies and gentlemen, is how you always end up with two rotten candidates from the same two rotten parties.

Actually, as for as the UK parliament goes, I think we should double the number of MPs. Half run as FPtP and the other half as PR. That keeps direct local representation while giving the smaller parties the chance to build support.

IT bosses: Get budgets for better security by rating threats on a scale of zero to Yahoo!

P. Lee

Re: Compliance and secure safe network frameworks

>'compliance' .. no amount of form filling is going to secure your network.

Was the article referring to legal compliance, or configuring things in compliance with the corporate standards?

Compliance is the verification and documentation that you have done things right. If you don't do the paperwork, you'll spend your life rechecking things which don't need to be rechecked.

Compliance should be done by the plan/design/build/run teams at design gates and for changes, and then done again by the (separate) auditing team on a regular basis.

WTF is up with the W3C, DRM and security bods threatened – we explain

P. Lee

>DRM is not about preventing piracy. DRM is about market control and consumer lock-in.

This.

There are valid concerns over piracy, but DRM on web streaming is not a fix for them. Cryptography is great for keeping things secret. If giving people access to things is your business, there's probably nothing you can do to squash piracy.

I find going to a DVD rental store more fun than downloading or streaming and it has far more selection than the legitimate online options. But the studios don't seem to support their retail rental outlets. I'll be playing more games and I think I'll take up the violin since both of our local shops have closed. I used to spend way more on DVD's than a netflix subscription would cost. My impression is that the studios thought getting rid of most physical media and streaming instead would be a great way to reduce piracy and increase revenue. I think they will find that they just lose mind-share - the halo effect around streaming is very small. I watch far fewer shows since I got mythtv running because I no longer have casual exposure to new stuff.

The internet was supposed to enable "the long tail," but apparently, it doesn't.

Brave VMs to destroy themselves, any malware they find on HP's new laptop

P. Lee

There seems to be some confusion in the article as to whether it is tab-based or application-based. I'd assume application if its a VM and there's no reason why it shouldn't be persistent if it is not asked to wipe itself.

This is more along the lines of how things should work, but its a little sad that its a third-party thing and not an OS thing.

Downloads do need to be handled. The right way to do it would be to have the browser ask the host OS to pick the file up from a download cache area. The host OS would then ask the user if they want to retrieve the file into the host OS data area and initiate the transfer. The guest vm should not have outbound (to the host OS) capabilities beyond very simple message passing.

IT guy checks to see if PC is virus-free, with virus-ridden USB stick

P. Lee

Re: seriously??

PXE-boot lan segment to re-image? Surely faster than replacing the drive?

Ex-FBI man spills on why hackers are winning the security game

P. Lee

Article upvote!

The veneer of knowledge and capability is very thin.

Ooh we can identify facebook games even through https! Yeah, big deal. Now, about the real threats...

We need policy-based endpoint protection based on application profiles, not user rights. That's inbound/outbound network access, peripheral and storage access and we need better alerting.

We need to stop playing the fools catch-up game of scanning for malware and make sure that a compromised application isn't allowed to mess with anything else on the system. I know we've got EMET et al, but it needs to be baked into the OS and packaged with the application, not an afterthought.

Linus Torvalds decides world doesn't need a new Linux today

P. Lee

Re: Sarcasm

>Do we need a sarcasm icon.

No, it would cost too much.

Oz consumer watchdog: 'up to' speeds shouldn't be in broadband ads

P. Lee

Re: As I have said for the last two years

>the words "up to" are replaced by law with the words "at least"

This is only ever going to refer to the link speed. What we really need is for link-speed to not be artificially restricted. I don't think the cable providers throttle the links speed so that's not an issue. It really is only a marketing gimmick. It should be the maximum ADSL2 supports given the physics or at least 1gb/s for fibre for home connections, unless 1g transceivers are vastly more expensive than 100mb/s ones.

If speed is not a cost for the provider, take it out of the equation. I'm happy to pay for capacity but stop doing silly stuff.

Get orf the air over moi land Irish farmer roars at drones

P. Lee

Re: A perfect opportunity to get creative

How about a drone that hunts for unknown wifi points?

Losing a cheap drone is a cost of being criminal - getting your face and transport known to police? Priceless.

P. Lee

Re: Quite Right

>I did have a right hand which went someway to giving his jaw a new alignment.

A somewhat more proportionate response than the use of a submachine gun.

Voila! Bazinga! Amazon turns Alexa into an annoying 'cool' aunt

P. Lee

Re: "the more Alexa sounds...

>The more it sounds like a human conversing with me the more creeped out I will be.

With apologies to Razer, "by the socially incompetent, for the socially incompetent."

But maybe that's the plan. Maybe they are aiming at 14 year-olds because they want to capture the next generation. As the media industries can tell you, it is far easier to influence children than adults.

Crims in £160m broadband scam facing 44 years of porridge

P. Lee

Re: £160m split 4 ways over 10 years.

Any news on what happened to the money?

Go to jail for 15 years, get £40m.

Apart from the moral issues, if you're single, that sounds like a good deal, even before you consider parole.

Life after antivirus: Reinventing endpoint security

P. Lee

AV is a sign of the failure of Windows security policies.

Where are my switches for starting applications? /nochildspawn /nonetwork /nochangeprivs /nopermwrite /flagsecviolations /noproxyuse /nopublicipaccess /currentdoconly /noforeignmimefiles etc?

Putting in some sensible defaults would kill most security issues, since they are mostly down to users not knowing or caring and being hit by drive-by infections operating at the level of the user. We need to be more fine-grained that than.

Set the security policy to sandbox the application before you start. Maybe even get the OS to add metadata used by the original application security policy when the file was written. These would be worthwhile OS upgrades, not the "Modern" interface.

Small but perfectly formed: Dailymotion's object storage odyssey

P. Lee
Headmaster

Ç'est incroyable ñ'est-ce-pas*.

Do you mean that French questions end with a full stop instead of a question mark, or that the English translation of it ends with both a question mark and a full stop?

Incroyable indeed!

Yes, I know I've probably made a mistake too, but I don't get paid for this!

Revealed: Malware that skulks in memory, invisibly collecting sysadmins' passwords

P. Lee

Re: Since companies often don't have internal firewalls

Private VLANs FTW!

Do your clients ever need to talk to each other?

Guilty! Four blokes conned banks in £160m fibre broadband scam

P. Lee

Re: Planning ahead

Best send it all to Russia and claim you were hacked.

Who's behind the Kodi TV streaming stick crackdown?

P. Lee

Re: Said it before, will say it again

Or maybe support your DVD outlets so they can make a profit.

Netflix reduces its film content because it isn't popular enough to warrant the bandwidth usage. Our last local DVD rental shop closed recently. I don't have streaming services included on my broadband plan and the cap isn't large enough to stream, so I have zero ways to get your content.

So I don't.

So you get no cash from me.

Stop whinging about illegal systems, they are not the fault.

Intel Atom chips have been dying for at least 18 months – only now is truth coming to light

P. Lee

>The smaller vendors you read about in the article who try so hard to be "enterprisey" just cannot afford that sort of service.

I reckon they probably can. Production costs are pretty low on most hardware and they'd get a lot kudos for doing this right. I'd imagine the main problem is finding a replacement - weren't Intel phasing out Atom? What is Intel going to do for you? Even if they do have a replacement, those embedded boards with the CPU soldered in... they just increased vendor costs.

Australia wants to jail infosec researchers for pointing out dodgy data

P. Lee
Holmes

Re: Fine idea - apply to all other research that doesn't meet the politicians' favor

>De-identification of data is a bitch of a job.

Yep. So don't sell it or release it. Don't use it in anyway without the same controls as the original data.

Problem solved.

Russia (A) bans web porn as a 'bad influence' (B) decriminalizes domestic violence – or (C) all of the above?

P. Lee
Facepalm

Decriminalisation: Does this do the opposite of what you think?

Usually the burden of proof is much lower for non-criminal cases and domestic violence is generally an on-going thing - more than once a year, so it would end up in the criminal courts anyway. On balance, we think your wife probably didn't fall down the stairs of your bungalow and end up with bruises on her face and neck, but we can't prove it was you. Have a two-week reminder to look after her better. Perhaps a couple of weeks in a Russian jail for the first non-criminal offence with a reminder that the next time you're going away for a lot longer, is just the thing.

The devil is in the detail of course, but while its fun to hate on Putin and Trump, automatically rubbishing everything they do is childish and supports the kind of polarisation and lack of analysis that got Trump elected.

Laptop-light GoCardless says customers' personal data may have been lifted

P. Lee

re: The data shouldn't have been on any laptop

Indeed. The fact that it was pretty much excludes the company from the "enterprise" category of people to deal with. But you do need some flexible IT. Give people sandpits so they can put together a linux box to process data if they want to. Just don't do it on laptops.

It is actually pretty desirable for the employees too. Give them a thin, light laptop with some attached big screens and put the data on another box which is less nickable. Then the full drive encryption on laptops becomes less of a hazard, because there's no important data there anyway. It doesn't have to be perfect, it just has to be too hard to be worthwhile.

Phishing: Another thing we can blame on Brexit

P. Lee

Re: Oh perleees...

Well, if the content of the phishing emails was referencing major political events, that might be an indicator. Having control of a large number of virtual servers would also lead to a larger number of destination URL hosts - larger phishing campaigns.

That said, I tend to see multiple (almost) identical phishing emails which I would have thought gives the game away. Having my own domain and giving everyone their own email address for me helps. Is Natwest sending me emails using the address "todaysluckyvisitor@mydomain.com"? Probably not. Deliberately mis-spelling my name on contact forms is funny and indicates systems I should not be caring about.

Also, do not click on links in emails.

Cloud price wars resume as Microsoft cuts by up to 51 per cent

P. Lee
Paris Hilton

>Figuring out exact costs is hard because the figures Microsoft's provided us pertain to price cuts in particular regions.

So do people move to cloud based on economics or is on-prem MS just as opaque, price-wise?

Web banking malware slurps $1.2m for crooks, now kingpin 'fesses up

P. Lee

Re: Details Please

From a tech point of view it matters little. Malware is about tricking the user into executing something they shouldn't and there's little to choose from between the major OS's in terms of design.

Call me back when browsers have restricted access to APIs and resources, maybe even using some more of the security domains the Intel architecture offers.

Give me the option to take a performance hit in return for extra security.

Canadian telco bans a little four-letter dirty word from texts: U B E R

P. Lee

Re: why

> you don't filter spam by simple keyword searches.

or indeed, without telling the end user.

Why does it cost 20 times as much to protect Mark Zuckerberg as Tim Cook?

P. Lee

Re: Isn't it ironic

The owner of the largest social network is afraid of people.

Maybe that's why he uses computers to communicate...

Parents have no idea when kidz txt m8s 'KMS' or '99'

P. Lee
Coat

> The internet was ruined long before most people had smartphones.

> <blink>Surely not...</blink>

<marquee> Oh yes it was! </marquee>

Perhaps we should focus on making kids resilient to failure and capable of dealing with conflict instead of pretending we can get rid of all the bad stuff in the world for them.

Vizio coughs up $2.2m after its smart TVs spied on millions of families

P. Lee
Coat

Re: A can of questions

You're thinking about it all wrong!

It's still your data, we're just holding for you in the Cloud!

--

How many other companies are doing this? Well we know Google tracks users across websites which aren't Google. Adobe was doing the same thing for PDFs - every page turned. The Oz government picks up your DNS queries and connection requests if you live there.

Trump's new telecoms chief bins broadband subsidies for the poor

P. Lee

Re: Prevent an informed electorate

I seem to remember a TED talk which noted that increased education does not lead to more data-based reasoning. Apparently, educated people are better able to seek out information which confirms their already-held biases and to convince themselves of the biases of their peer-groups.

Chrome 56 quietly added Bluetooth snitch API

P. Lee

Re: It gets worse every year it seems...

>The alternative is an app on a phone.

Or an app on your laptop with the built in mic and camera.

Seriously, who runs a camera over bluetooth? If I want to run my bluetooth mic with it, I'll pair it with the computer or phone so the browser can use it as a local device. It does not need to go direct.

There is no good reason for this "feature." Look at the figures, the suggested use case is IoT but how many of those are there? By how much has the attack surface of the web browser increased? Got a bluetooth tether available on your phone?

It's definitely time to ditch Chrome if you haven't already.

And as I've said many times before, we need more fine-grained OS control of applications. I don't care what the current configuration is, remote-triggering of a tunnel between remote websites and (probably) network-capable devices behind a firewall is idiocy.

Mars isn't the garbage wasteworld you think it is: Swirling polar ice cap photographed

P. Lee
Linux

Re: KSP Reference - of course

>But this Chasma Borealis puts them to shame. Imagine slipping down a mile-long ice slide into a deep chasm...

Meh, Extreme Tux Racer

New SMB bug: How to crash Windows system with a 'link of death'

P. Lee

Re: Just a quick check

>You CAN route IPX, although I feel sorry for the poor sod still using it!

Remember when Netware was slated for having no memory protection between processes?