nav search
Data Center Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by nagyeger

105 posts • joined 2 Feb 2008

Page:

Google Chrome update to label HTTP-only sites insecure within WEEKS

nagyeger

Re: Shared Hosting

One little-discussed 'gotcha' of SNI is that, unexpectedly to the user who's been told 'no one can see

what you're browsing with https' ... with SNI they can. Because SNI isn't sent encrypted.

This gets significant when you, say, live in Iran and want to visit 'www.how-to-become-a-christian.org', (or in USA and want to visit 'diy.nuke.designs.nk')

2
1

WannaCry is back! (Psych. It's just phisher folk doing what they do)

nagyeger

Re: Only one so far

Public Cc: list? Never mind the fraud, extorting money with menaces etc,... they've gone and broken GDPR too!

That'll get them in trouble.

(not a lawyer!)

0
0

Google plays cloud catch-up and moves into a place of its own

nagyeger

Re: Given Spectre

Watch this space... how long until all the mitigations for meltdown/spectre/rowhammer etc. mean that there is such a cost-disadvantage / admin nightmare to 'cloud computing' that it ends up as out of date for 'real work' as dialing in to someone's mainframe?

0
2

Buggy software could lock a Jeep's cruise control

nagyeger
FAIL

Re: Oh Lord

My 2007 car has said hooks. The mfr-designed, bought-with-car-from-new floor mats, however had no provision for connecting to the the hooks and relied on sticky-backed velcro which came unstuck after a year or 3.

0
0

You know that silly fear about Alexa recording everything and leaking it online? It just happened

nagyeger

Re: Unplugged most of the time.

If you're in the UK, and they don't take it back, then talk to your local trading standards people.

"not fit for purpose" sounds like a good description.

3
0

FBI to World+Dog: Please, try turning it off and turning it back on

nagyeger

If the FBI can tie the IP address to people...

I hope they're GDPR compliant.

10
0

Microsoft gives users options for Office data slurpage – Basic or Full

nagyeger
Mushroom

Re: @Herring`- "is there a chance of any document data being sent to MS?"

Back in the days pre-Y2K, I was a postdoc researcher in space debris impact science, we had various bits of data about the properties of highly compressed metals we were using (for entirely peaceful purposes) that originally came from one of those ^^^ .

The nice guys who let us play with their data would have been rather unhappy at the thought of, say, a (very strictly internal!) report that included such gems being exported to wherever MSoft decided to send it.

I vaguely seem to remember that thermite was one of their recommended disk-disposal methods to ensure compliance with arms non-export / non-proliferation regulations, when more serious tools weren't available. Just imagine the help-desk call for that one.. Hello, I have reason to believe you've just slurped some nuclear secrets. Where do Uncle Sam's guys with the thermite need to go to ensure that it doesn't proliferate?

0
0

Advanced VPNFilter malware menacing routers worldwide

nagyeger

Shock/horror: unpatched software vulnerable to known vulns

Mikrotik patch was released > a year ago.

https://forum.mikrotik.com/viewtopic.php?f=21&t=134776

6
0

Big bimmer bummer: Bavaria's BMW buggies battered by bad bugs

nagyeger

firewall

Excuse me for being stupid... if I was designing something to connect the engine management system to entertainment system - presumably for display purposes? - it would be strictly one way, probably with 1-way, physically separated opto-couplers, so that some kid pouring coke into the entertainment system had zero chance of inflicting, say, 50w of audio signal onto the can-bus.

Why would anyone want to let the stereo muck about with engine management?

23
1

Whois privacy shambles becomes last-minute mad data scramble

nagyeger
Big Brother

Re: I'm still waiting for e-mails from Facebook(*) and Google

Isn't this wrong? There are multiple options for the legal basis, consent is only one of them. They might decide they ought to be able to claim that knowing my browsing habits is a legitimate business requirement.

The biggest "problem" is when they used to rely on 'we could do it, and we're too big to bother with fines, so we did it.' For some reason that isn't in the GDPR.

3
0

It's Galileo Groundhog Day! You can keep asking the same question, but it won't change the answer

nagyeger

Re: snooty

Not being part of the EU didn't noticably stop them before we joined, why should leaving make a difference?

3
0

It's not rocket science! Actually it is, and it's been a busy frickin week

nagyeger

Is it rocket science?

Having wielded the rocket equation a few times, I think it's the rocket engineering (and orbital mechanics and re-entry maths) that are the really hard bit(s).

7
0

Eight months after Equifax megahack, some Brits are only just being notified

nagyeger

Re: GDPR Deadline...

I thought it was 4% PLUS damages/time/etc?

After all, if they're failing to protect your rights, (72hour notification...) and on top of that they're causing significant stress, hair-loss, sleep-loss, humour-loss....

0
0

It's April 2018, and we've had to sit on this Windows 10 Spring Creators Update headline for days

nagyeger

GDPR rights vs MS

I wonder what happens if/when someone (on May 26th) demands MS (a) hand over all the data they have on them (b) delete it, (c) never collects any more, (d) does not contact them for advertising purposes.

Does MS send them a complementary copy of Windows 95, freedos, or ubuntu?

25
1

We need to go deeper: Meltdown and Spectre flaws will force security further down the stack

nagyeger

Oh joy. Added complexity...

My wife half-expects that at some point the sum total of IT/networking/power distribution will become so complex and (for want of another term) balkanised into specialisms, that it essentially becomes impossible for humanity as a whole to maintain it, and then something will break and we'll be back to heating with wood and communicating with pen an ink (or maybe IT jobs will become more critical to society than doctors/nurses and we'll all die from treatable diseases??).

When you add in obsolescence, shortening product-lifecycles and lost/outdated skill-sets (is anyone anywhere employed as a thermionic valve designer any more? How many people can read amd64 assembler compared to the numbers who could write 6502 or Z80 30 years ago?) then I tend to agree with her.

28
1

Linux Foundation backs new ‘ACRN’ hypervisor for embedded and IoT

nagyeger

acrn should be arm-centric!

Given the early days of ARM as of Acorn RISC Machines.

4
0

HTTPS cert flingers Trustico, SSL Direct go TITSUP after website security blunder blabbed

nagyeger

the oldest bad practice in the book.

I <it>have seen</it>, in a book my son was lent by his school teacher, about a year ago, exactly this sort of code. Take variable from $_GET, build string by concatenation, pass to SQL. No input checking at all.

Someone - big name publisher - made money selling that book. Someone wants to make money selling the revised version, which I'd hope talks in detail about sanity checking and prepared statements.

Someone ought to be offering a permanent recall on the early version of the book and free-replacement including shipping to anyone with a copy, because it was plainly never fit for sale. Instead, copies are still being lent to school kids by teachers because the school budget can't afford to restock the library.

Ob disclaimer: I have no connection with anyone in the above certificate fiasco. And I expect that no one bothered fixing it because that would take time. WHY do CAs who ask for your private keys still get any custom?

6
1

PCI Council and X9 Committee to combine PIN security standards

nagyeger
Mushroom

...to the darkness bind them

I thought the whole thing about the one pin, was that assuming you don't want to be subject to the evil overlord, you needed to throw it into Mount Doom? (see icon for effectiveness >>>>)

Now all we need to do is work out how you that to the customer services bod....

0
0

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

nagyeger

Re: "effort wouldn't be better expended on something of more value to society."

Well argued and informative. Have an up-vote.

Now, we need similarly sane and coherent* arguments against HTML in email. Any takers?

* Not to be confused with the light-sources on top of sharks.

5
0

Who wants dynamic dancing animations and code in their emails? Everyone! says Google

nagyeger

Re: feature request

I remember, back in the 90s, we all said "ignore the scare-mail chain-letters, you can't get a virus just from opening email."

Because it's plain text.

mutt is (this) man's best friend

3
0

ITU aims to to keep the radio on with new satellite regulation fees

nagyeger

Re: 1,000 Satellites?!?

The probability that one 'rapid disassembly' will have a reasonable chance of causing another has been calculated numerous times. I seem to remember that if you pick the right orbit then a bit of precession, etc. will effectively obliterate anything in a similar orbit. But it's a long time since I was last at a space debris conference, so I don't remember the details.

0
0

Watt? You thought the wireless charging war was over? It ain't even begun

nagyeger
Meh

RFI

Just wondering... which band are they planning to render unusable for radio communications purposes?

Has anyone raised this with ITU / CEPT / Ofcom / FCC about this?

4
0

Astroboffins say our Solar System could have – wait, stop, what... the US govt found UFOs?

nagyeger

Re: Alien UFO's are Real - True / False...

Not a solid scrap of evidence to say that no god exists either. Of course there's lots and lots of circumstantial, hear-say and personal non-revelations, not to mention fingers-in-ears 'I can't hear you' arguments that get repeated often enough that they're assumed to be incontrovertible fact.

Which God don't you believe in? There are an awful lot of awful ones, and a lot of awful people who use their awful misconception that 'My friend says we're doing it for God so God must approve' as an excuse to do awful things. Politics-dressed-as-religion and hatred-dressed-as-religion and ambition-dressed-as-religion, etc. just tell us that religion is a powerful social force.

My own opinion is they tell us quite a lot about human nature (<sarcasm>deep down there's good in everyone, yeah, it shows</sarcasm>) and basically nothing about why the one who keeps the electrons spinning would decide to get born in a stigmatised way into a despised minority group with a well-proven history of rejecting him. Oh yeah, it was so that he could spend about 3 years as preaching to people who mostly didn't listen and then get tortured to death, that explains it.

Have a very happy Christmas everyone. Don't get so merry you get stupid.

20
1

SCOLD WAR: Kaspersky drags Uncle Sam into court to battle AV ban

nagyeger
Linux

it tuns with elevated privileges...

So.. we can't trust programs that run with elevated privs to check files such as (shock) network access, (horror) upload data, and (gasp) receive OTA updates. Based on this reasoning, and the current rash of Govt.s worldwide giving themselves super-dooper-snooper data-demanding capabilities, do all nations now need their own brand of AV?

Or is it finally the year of the VT100 desktop(TM) ?

1
0

PHWOAR, those noughty inks: '0.1%' named Stat of The Year

nagyeger

Re: 98.2 percent of all statistics

I thought it was 97.4850006487

5
0

NiceHash diced up by hackers, thousands of Bitcoin pilfered

nagyeger
Meh

Don't understand

I thought the whole point of the block chain was that everyone can (has to) verify that block X went to wallet Y, and therefore the transaction is verifiable.

Surely there ought to be a mechanism to undo that? At least partially, even if there's no roll-back due to other transactions, shouldn't the receiving wallet(s) be marked as criminal and so blocked, etc, by all miners everywhere?

3
1

Good news: unsecured S3 bucket discovery just got easier

nagyeger
Mushroom

Re: ferc is a nice one.

I sincerely hope that excludes power station designs, floor plans etc.

Especially anything that might do that if mistreated -->

0
0

It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

nagyeger
FAIL

Re: What worries me

What worries me even more is that I've seen a big-roadside-screen add showing people how to get to their wonderful site.... just enter our URL into google's search box.

Complete with the http:// bit.

WHY???

2
0

Jet packs are real – and inventor just broke world speed record in it

nagyeger
Go

Re: Flying is the easy bit...

I thought it was throwing yourself at the ground and missing.

17
0

It's 2017 and you can still pwn Android gear with Wi-Fi packets – so get patching now

nagyeger

Dear Motorola

please can I have a patch for my phone? Tnx.

Dear Reg readers... is there ANY brand of <200quid phones that actually provides long term (> 2year) patch support?

Or, put another way, what are the chances of me ending up with a non-bricked, fully-functional phone if I try installing lineageOS on it?

11
1

My #95Theses of #Digital

nagyeger

#10 - 15

10. Ignorant and wicked are the doings of those coders who, in the case of the desktop or the desktop application include a dependency upon systemd.

11. This perverse dependency upon systemd is quite evidently one of the tares that were sown while the greybeards slept.

12. In former times the init process was relevant not after, but before user interaction, as tests of true geekdom.

13. The geeks are freed by devuan from all penalties; they are already dead to systemd, and have a right to be released from them.

14. The imperfect knowledge of the command-line, that is to say, the imperfect globbing, of the GUI-user brings with it, of necessity, great fear; and the smaller the knowledge of globbing, the greater is the fear.

15. This fear and horror is sufficient of itself alone (to say nothing of other things) to constitute the penalty of EMACS, since it is very near to the horror of despair.

Ob. citation to gutenberg project translation

0
0

Tesla hits Model 3 production speed bumps, slides to loss

nagyeger

100 MW of batteries

100 MWh, or 100 MW in/out for (people in the know) knows how long?

4
0

Google slides text message 2FA a little closer to the door

nagyeger

embrace... extend... bloat?

So instead of an out of band unreliable message that works on every mobile phone, those with no smart-phone are left in the cold, those with an ageing phone barely enough spare storage (after all the decent bloating of apps /OS) to run what they want get to give up some more precious MB, and everyone gets pushed into installing another piece of google spy/bloat-ware which needs to regularly contact home and report on us just-in-case....

Is this supposed to be an extension to the otp authenticator app? Google's version is already bigger than the free versions.

20
28

WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug

nagyeger
Alert

Key phrases

:-( The weaknesses are in the Wi-Fi standard itself.

:-( make sure all your devices are updated, and you should also update the firmware of your router.

:-( Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients.

:-( Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, (linux, android >=6 )...

2
0

Equifax's malvertising scare, Chromebook TPM RSA key panic, Cuban embassy sonic weapon heard at last – and more

nagyeger
Coat

Re: cuba noise sounds like cicadas or other noisy insects

Naah,

My guess is it was just someone trying to play the violin on the wrong side of the bridge. Or slightly more seriously, a few really badly configured baby monitors or network-over-mains in the embassy electrics doing bad things to the the tube lighting. Someone should stick an oscilloscope on the live wire and start turning things off one by one.

4
0

Ghost in Musk's machines: Software bugs' autonomous joy ride

nagyeger
Facepalm

could set off on the right hand side of the road

Been there, done that.

I comes from just having spent ages driving on the wrong side, and thinking "O great, I'm home now, and can relax."

Fortunately I was on my bicycle, so while I and the oncoming car were semi-shocked into a state of utter confusion about what on earth the other was doing on the wrong side of the road, it wasn't too hard for him to actually avoid me.

0
0

Bill Gates says he'd do CTRL-ALT-DEL with one key if given the chance to go back through time

nagyeger

Re: BREAK

But you could also do *FX 200,3 or something like that which would, if I remember both disable escape but also clear RAM on a 'soft break' and so make sure no one knew how bad your code was.

Why do I remember this?? I haven't used a BEEB for thirty years!

3
0

HP Inc's rinky-dink ink stink: Unofficial cartridges, official refills spurned by printer DRM

nagyeger

Re: Are the complainers...

I've got an epson L210, inktank printer. It's about 3 years old now. Was really surprised a few months ago to notice the colour ink maybe needed refilling in the next month, after something like 6-7 reams.. (No, I don't print many colour photos). Another (hopefully) two-three years of printing cost me about £25, if I remember correctly. Sorry HP, I've voted with my feet.

0
0

'Don't Google Google, Googling Google is wrong', says Google

nagyeger

Re: Because It's Not Google

Yes, but they don't want to become /so/ synonymous that the verb becomes leached of meaning. e,g. "Should I hoover that up with the dyson or the electrolux?",

"Did you google with yahoo or altavista back then?"

14
0

Whoosh, there it is: Toshiba bods say 14TB helium-filled disk is coming soon

nagyeger

Re: Fuck a duck!

Five megabytes! You were spoilt.

I started on an 3kb Acorn atom with a bit-banging tape drive... Definitely B+W to start with. I think it ended up having 4 colours..

0
0

The new, new Psion is getting near production. Here's what it looks like

nagyeger

Battery life

Some how I doubt it'll run for a week+ on 2AA batteries.

8
0

This typosquatting attack on npm went undetected for 2 weeks

nagyeger

npm is security hole...

This is news?

I worked /that/ out as soon as my first venture into running a node package - from an apt repo - that looked interesting started downloading unsigned packages without asking me.

apt-get purge

0
0

Crazy bug of the week: Gnome Files' .MSI parser runs evil VBScripts

nagyeger
Mushroom

Fixed it!

sudo apt-get purge gnome-exe-thumbnailer

11
0

Amazon may still get .amazon despite govt opposition – thanks to a classic ICANN cockup

nagyeger
Paris Hilton

.bank

Given the two (plus) nationwide issue, I propose that .bank be 100% required to also include the country code in any registration. That way some innocent doesn't accidentally end up at an organisation in Nigeria when they think they're going to the one just down the road.

Not that I'm suggesting she's innocent>>>>

0
0

Virgin Media admits it 'fell short' in broadband speeds ahead of lashing from BBC's Watchdog

nagyeger
Thumb Up

Try Transylavnia..

I've just checked my nominally 50Mbit connection via our local cable TV company (rural Transylvania). According to http://beta.speedtest.net, I'm getting 60Mbit download and 30Mbit upload.

The Older ISP (wireless based) is just being taken over humungous cable company who are offering 300Mbit FTTH for about £3.50 / month. Not sure what the installation fee is. The other problem is that my main router only has only 100Mbit ports... It looks like the router upgrade is going to cost more than a year of internet.

1
0

Yeah, if you could just stop writing those Y2K compliance reports, that would be great

nagyeger

Just in time for 2038

If this law's been around 2 decades, does that mean it's about time for for unix "end of time" compliance reporting to start up?

We must be getting into the era when hardware (IoT?) is going to last long enough that this is a problem.

38
0

16 terabytes of RAM should be enough for anyone. Wait. What?

nagyeger

You'd hope...

That by the time it reached that sort of level someone's gone over the code and removed any storage bloat quite carefully.

On the other hand, maybe it's all running in Java and burning someone else's cash...

5
0

RF pulses from dust collisions could be killing satellites

nagyeger

Re: Slow

OK, I recant my bit about "most" impacts, as measured per hit. But I stand by my argument regarding plasma, since I'm pretty sure that's far more prevalent in higher velocity impacts, and so for real velocity you want to look at plasma-creating dust, not so much debris.

@Bill Gray "Low-earth orbital speed is 8 km/s, relative to the earth's center. Most satellites, and therefore I assume most dust, is in lower/medium-inclination orbits,"

Urm, to me (out of the field for a few decades, I admit) Dust=natural, debris=paint flakes, dropped zips, ASAT tests, and of course impact ejecta.

Dust, by the time it's dropped down the gravity well can be prograde or retrograde, at any inclination, and (back when I was studying this stuff) is/was considered a significant source.

Hmm... looked it up. Dust impacts on the space face of NASA's 69 month LDEF experiment consistent with the natural flux at an average impact velocity of 15km/s. So, 15km/s average, with a random inclination, and you're going 7.8km/s or there-abouts, in LEO circular orbit, faster for elliptical orbits, of course.

I'll leave the calculation about if we can or can't just average the max & min (15 +/- 7.8km/s) because of the "running into the rain effect" as an exercise to the student. I know it's spawned papers....

0
0
nagyeger
Coat

Slow

5-10km/s? Come /on/ people, I know that's an attainable lab speed, but admit it, it's really slow. "Most" orbital impacts are going to be 10-14km/s, and get some Perseid particles involved and it's 67 or something.

ICON: Mine's the one with the 20 year old space debris conference proceedings in it.>>>

3
0

Dell to patch AMT-vulnerable systems

nagyeger

Re: Poweredge T20?

I've just found my 2nd hand fujitsu celcius. But the patch is windows only, and it arrived from the

refurbisher running linux.

grr,

0
0

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing