nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by nagyeger

120 posts • joined 2 Feb 2008

Page:

Need a modest Arm Cortex-A CPU in your custom chip? Just apply online. Plus $125,000

nagyeger

Re: Thumbs Up!

Now I've got that theme tune going round my skull.

Arrgh

0
0

Decoding the Google Titan, Titan, and Titan M – that last one is the Pixel 3's security chip

nagyeger

No lineage?

Given the last paragraph, does this mean we can or can't install something like lineageOS on

a phone containing one of these chips?

10
0

Super Micro China super spy chip super scandal: US Homeland Security, UK spies back Amazon, Apple denials

nagyeger

works for me...

Hmmm.

Link Works from Romania

1
0

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

nagyeger

Re: Should we be worried ?

This sounds like a great ignoble prize research topic: (chipped) animal behaviour influenced by external RF sources, via the nice warm neck (or wherever the chip got put) syndrome. What you need to do is set up another (identical) router a few feet away and alternate which one has it's WiFI transmitter on. Correlate with cat's favourite resting place...

10
1

Do not adjust your set, er, browser: This is our new page-one design

nagyeger

Ads broken?

Is it deliberate? I assume not.

I'm getting blank white where there ought to be some adverts. I wondered if you'd switched add provider and now every script is running, but nope, still no adverts. Come on Reg, protect your revenue, we don't want you to go bust!

1
0

Raspberry Pi supremo Eben Upton talks to The Reg about Pi PoE woes

nagyeger

Re: Works on my switch

"When are you going to release the Power-over-Wifi version ?"

Didn't someone living near the BBC's longwave transmitters do some experimenting with this in his loft? I seem to remember they ended up convicting him for theft of electricity.

4
0

Y'know what? VoIP can also be free from pesky regulation – US judges

nagyeger

Re: "you cannot call emergency services if there is a power outage"

"Add a small UPS, and it will keep on working - the other endpoint should already have it. That should become part of the standard install, though."

It should but they don't, not even round here where power cuts are commonplace.

FYI, there are loads of CCTV type sealed lead-acid battery-backed up 12v power supplies out there, some of which are complete with a nice box and low voltage cut-out to stop you under-voltaging the cells. Cost is around 30quid. Add a low-drop 12v regulator (or a step-down DC-DC converter if you need 5v) just in case your ISP's box doesn't want 14v with ripple, and Bob is the brother of one of your parents, as they say.

I now get at least 8 hours's internet/phone compared to around 1 hour if the thing was going up to mains freq and back to 12v again.

1
1

Cobalt cybercrooks phry up phishing campaign to phling at phinance orgs

nagyeger

2 URLs

It's probably just a little bit of consumer preference/user interface testing. Where are people most likely to click? The link at the bottom or the one in the middle of the screen the user accidentally triggers while trying to persuade their stupid phone to do respond to that really complex user interface interaction known as "scrolling back up to find the delete button".

Or is that just me?

3
0

Give yourselves a pat on the back, top million websites, half of you now use HTTPS

nagyeger

Re: I'm not surprised.

Yes, this would be the point that makes me think of rolling out HSTS. But I'm also thinking of dumping TLSv1, and those two decisions put together means some of our readers (the ones with android 4 devices) get kicked off the site....

Maybe I need to convince relevant people we need a mobile version of the site which does older TLS versions, and conditional redirects / header setting.

2
1

EU wants one phone plug to rule them all. But we've got a better idea.

nagyeger
Flame

Re: Be much more interested in...

You forgot:

In Europe, the half-hearted attempt at safety shutters on Schuko/french sockets relies upon the pins pushing sloping shutters out of the way, a motion which is only made possible by the presence of some kind of lubricant. When said lubricant has melted/vanished/gone sticky or when the track/pivot on which the shutters are laughingly described as moving is no longer in perfect condition, the only way to get the pins into the socket remaining is wiggle, twist and apply extreme force, e.g. with a large hammer. Said tool of course further damages the shutters and does bad things to the cable, and the whole process may lead to bruising of the head against nearby brick walls.

Add to this the disaster known as "switched socket, what's that?" and you have to unplug / plug in the stupid things far more than you would in the UK.

10
1

Google shaves half a gig off Android Poundland Edition

nagyeger

Re: Old Linux ?

32K? Thirty two? What luxury! You could play acorn invaders and rat race in 3K, as long as you could get the volume right on the tape player.

3K of RAM really taught you how to watch your code for bloat.

The first Linux distro I used fited on 2 floppies, if I remember right that was including including gcc.

0
0

Google risks mega-fine in EU over location 'stalking'

nagyeger

polygon

I imagine in quite a few locations on this planet, a 2km square pinpoints your exact home. Should we understand there some kind of 'polygon sized to fit 10000 people' calculation?' Even then, searching on some terms, one in 10000 might be enough to identify someone uniquely.

16
0

When's a backdoor not a backdoor? When the Oz government says it isn't

nagyeger
Joke

data rate

Whats the baud rate for a tin cup and and a piece of string?

If you can get hold of some light, inextensible string, as beloved by high-school physics teachers, then your signals arrive instantaneously (0 propagation delay, since the string will not extend) and depending on the mass of your cup then your data rate could exceed that of all known network cables.

Unfortunately the last time I looked, they'd stopped making it. Something about the laws of physics.

7
0
nagyeger

Re: The Holy Trinity

You forgot extremists.

I notice that "extremists" now potentially includes your grandma and / or the local vicar, assuming they still hold views they've held for 40 years.

24
0

The age of hard drives is over as Samsung cranks out consumer QLC SSDs

nagyeger

Re: Ah, but

C15? C15? Wow, you lucky guy!

Try finding your program when it's somewhere on a C90 and the tape counter's broken.

Not to mention the pain of discovering that even after upgrading to a whopping 3k of RAM you don't have the space to implement a high-score table well as use colour graphics.

Youngsters these days...

8
0

Google Chrome update to label HTTP-only sites insecure within WEEKS

nagyeger

Re: Shared Hosting

One little-discussed 'gotcha' of SNI is that, unexpectedly to the user who's been told 'no one can see

what you're browsing with https' ... with SNI they can. Because SNI isn't sent encrypted.

This gets significant when you, say, live in Iran and want to visit 'www.how-to-become-a-christian.org', (or in USA and want to visit 'diy.nuke.designs.nk')

3
1

WannaCry is back! (Psych. It's just phisher folk doing what they do)

nagyeger

Re: Only one so far

Public Cc: list? Never mind the fraud, extorting money with menaces etc,... they've gone and broken GDPR too!

That'll get them in trouble.

(not a lawyer!)

0
0

Google plays cloud catch-up and moves into a place of its own

nagyeger

Re: Given Spectre

Watch this space... how long until all the mitigations for meltdown/spectre/rowhammer etc. mean that there is such a cost-disadvantage / admin nightmare to 'cloud computing' that it ends up as out of date for 'real work' as dialing in to someone's mainframe?

0
2

Buggy software could lock a Jeep's cruise control

nagyeger
FAIL

Re: Oh Lord

My 2007 car has said hooks. The mfr-designed, bought-with-car-from-new floor mats, however had no provision for connecting to the the hooks and relied on sticky-backed velcro which came unstuck after a year or 3.

0
0

You know that silly fear about Alexa recording everything and leaking it online? It just happened

nagyeger

Re: Unplugged most of the time.

If you're in the UK, and they don't take it back, then talk to your local trading standards people.

"not fit for purpose" sounds like a good description.

3
0

FBI to World+Dog: Please, try turning it off and turning it back on

nagyeger

If the FBI can tie the IP address to people...

I hope they're GDPR compliant.

10
0

Microsoft gives users options for Office data slurpage – Basic or Full

nagyeger
Mushroom

Re: @Herring`- "is there a chance of any document data being sent to MS?"

Back in the days pre-Y2K, I was a postdoc researcher in space debris impact science, we had various bits of data about the properties of highly compressed metals we were using (for entirely peaceful purposes) that originally came from one of those ^^^ .

The nice guys who let us play with their data would have been rather unhappy at the thought of, say, a (very strictly internal!) report that included such gems being exported to wherever MSoft decided to send it.

I vaguely seem to remember that thermite was one of their recommended disk-disposal methods to ensure compliance with arms non-export / non-proliferation regulations, when more serious tools weren't available. Just imagine the help-desk call for that one.. Hello, I have reason to believe you've just slurped some nuclear secrets. Where do Uncle Sam's guys with the thermite need to go to ensure that it doesn't proliferate?

0
0

Advanced VPNFilter malware menacing routers worldwide

nagyeger

Shock/horror: unpatched software vulnerable to known vulns

Mikrotik patch was released > a year ago.

https://forum.mikrotik.com/viewtopic.php?f=21&t=134776

6
0

Big bimmer bummer: Bavaria's BMW buggies battered by bad bugs

nagyeger

firewall

Excuse me for being stupid... if I was designing something to connect the engine management system to entertainment system - presumably for display purposes? - it would be strictly one way, probably with 1-way, physically separated opto-couplers, so that some kid pouring coke into the entertainment system had zero chance of inflicting, say, 50w of audio signal onto the can-bus.

Why would anyone want to let the stereo muck about with engine management?

23
1

Whois privacy shambles becomes last-minute mad data scramble

nagyeger
Big Brother

Re: I'm still waiting for e-mails from Facebook(*) and Google

Isn't this wrong? There are multiple options for the legal basis, consent is only one of them. They might decide they ought to be able to claim that knowing my browsing habits is a legitimate business requirement.

The biggest "problem" is when they used to rely on 'we could do it, and we're too big to bother with fines, so we did it.' For some reason that isn't in the GDPR.

3
0

It's Galileo Groundhog Day! You can keep asking the same question, but it won't change the answer

nagyeger

Re: snooty

Not being part of the EU didn't noticably stop them before we joined, why should leaving make a difference?

3
0

It's not rocket science! Actually it is, and it's been a busy frickin week

nagyeger

Is it rocket science?

Having wielded the rocket equation a few times, I think it's the rocket engineering (and orbital mechanics and re-entry maths) that are the really hard bit(s).

7
0

Eight months after Equifax megahack, some Brits are only just being notified

nagyeger

Re: GDPR Deadline...

I thought it was 4% PLUS damages/time/etc?

After all, if they're failing to protect your rights, (72hour notification...) and on top of that they're causing significant stress, hair-loss, sleep-loss, humour-loss....

0
0

It's April 2018, and we've had to sit on this Windows 10 Spring Creators Update headline for days

nagyeger

GDPR rights vs MS

I wonder what happens if/when someone (on May 26th) demands MS (a) hand over all the data they have on them (b) delete it, (c) never collects any more, (d) does not contact them for advertising purposes.

Does MS send them a complementary copy of Windows 95, freedos, or ubuntu?

25
1

We need to go deeper: Meltdown and Spectre flaws will force security further down the stack

nagyeger

Oh joy. Added complexity...

My wife half-expects that at some point the sum total of IT/networking/power distribution will become so complex and (for want of another term) balkanised into specialisms, that it essentially becomes impossible for humanity as a whole to maintain it, and then something will break and we'll be back to heating with wood and communicating with pen an ink (or maybe IT jobs will become more critical to society than doctors/nurses and we'll all die from treatable diseases??).

When you add in obsolescence, shortening product-lifecycles and lost/outdated skill-sets (is anyone anywhere employed as a thermionic valve designer any more? How many people can read amd64 assembler compared to the numbers who could write 6502 or Z80 30 years ago?) then I tend to agree with her.

28
1

Linux Foundation backs new ‘ACRN’ hypervisor for embedded and IoT

nagyeger

acrn should be arm-centric!

Given the early days of ARM as of Acorn RISC Machines.

4
0

HTTPS cert flingers Trustico, SSL Direct go TITSUP after website security blunder blabbed

nagyeger

the oldest bad practice in the book.

I <it>have seen</it>, in a book my son was lent by his school teacher, about a year ago, exactly this sort of code. Take variable from $_GET, build string by concatenation, pass to SQL. No input checking at all.

Someone - big name publisher - made money selling that book. Someone wants to make money selling the revised version, which I'd hope talks in detail about sanity checking and prepared statements.

Someone ought to be offering a permanent recall on the early version of the book and free-replacement including shipping to anyone with a copy, because it was plainly never fit for sale. Instead, copies are still being lent to school kids by teachers because the school budget can't afford to restock the library.

Ob disclaimer: I have no connection with anyone in the above certificate fiasco. And I expect that no one bothered fixing it because that would take time. WHY do CAs who ask for your private keys still get any custom?

6
1

PCI Council and X9 Committee to combine PIN security standards

nagyeger
Mushroom

...to the darkness bind them

I thought the whole thing about the one pin, was that assuming you don't want to be subject to the evil overlord, you needed to throw it into Mount Doom? (see icon for effectiveness >>>>)

Now all we need to do is work out how you that to the customer services bod....

0
0

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

nagyeger

Re: "effort wouldn't be better expended on something of more value to society."

Well argued and informative. Have an up-vote.

Now, we need similarly sane and coherent* arguments against HTML in email. Any takers?

* Not to be confused with the light-sources on top of sharks.

5
0

Who wants dynamic dancing animations and code in their emails? Everyone! says Google

nagyeger

Re: feature request

I remember, back in the 90s, we all said "ignore the scare-mail chain-letters, you can't get a virus just from opening email."

Because it's plain text.

mutt is (this) man's best friend

3
0

ITU aims to to keep the radio on with new satellite regulation fees

nagyeger

Re: 1,000 Satellites?!?

The probability that one 'rapid disassembly' will have a reasonable chance of causing another has been calculated numerous times. I seem to remember that if you pick the right orbit then a bit of precession, etc. will effectively obliterate anything in a similar orbit. But it's a long time since I was last at a space debris conference, so I don't remember the details.

0
0

Watt? You thought the wireless charging war was over? It ain't even begun

nagyeger
Meh

RFI

Just wondering... which band are they planning to render unusable for radio communications purposes?

Has anyone raised this with ITU / CEPT / Ofcom / FCC about this?

4
0

Astroboffins say our Solar System could have – wait, stop, what... the US govt found UFOs?

nagyeger

Re: Alien UFO's are Real - True / False...

Not a solid scrap of evidence to say that no god exists either. Of course there's lots and lots of circumstantial, hear-say and personal non-revelations, not to mention fingers-in-ears 'I can't hear you' arguments that get repeated often enough that they're assumed to be incontrovertible fact.

Which God don't you believe in? There are an awful lot of awful ones, and a lot of awful people who use their awful misconception that 'My friend says we're doing it for God so God must approve' as an excuse to do awful things. Politics-dressed-as-religion and hatred-dressed-as-religion and ambition-dressed-as-religion, etc. just tell us that religion is a powerful social force.

My own opinion is they tell us quite a lot about human nature (<sarcasm>deep down there's good in everyone, yeah, it shows</sarcasm>) and basically nothing about why the one who keeps the electrons spinning would decide to get born in a stigmatised way into a despised minority group with a well-proven history of rejecting him. Oh yeah, it was so that he could spend about 3 years as preaching to people who mostly didn't listen and then get tortured to death, that explains it.

Have a very happy Christmas everyone. Don't get so merry you get stupid.

20
1

SCOLD WAR: Kaspersky drags Uncle Sam into court to battle AV ban

nagyeger
Linux

it tuns with elevated privileges...

So.. we can't trust programs that run with elevated privs to check files such as (shock) network access, (horror) upload data, and (gasp) receive OTA updates. Based on this reasoning, and the current rash of Govt.s worldwide giving themselves super-dooper-snooper data-demanding capabilities, do all nations now need their own brand of AV?

Or is it finally the year of the VT100 desktop(TM) ?

1
0

PHWOAR, those noughty inks: '0.1%' named Stat of The Year

nagyeger

Re: 98.2 percent of all statistics

I thought it was 97.4850006487

5
0

NiceHash diced up by hackers, thousands of Bitcoin pilfered

nagyeger
Meh

Don't understand

I thought the whole point of the block chain was that everyone can (has to) verify that block X went to wallet Y, and therefore the transaction is verifiable.

Surely there ought to be a mechanism to undo that? At least partially, even if there's no roll-back due to other transactions, shouldn't the receiving wallet(s) be marked as criminal and so blocked, etc, by all miners everywhere?

3
1

Good news: unsecured S3 bucket discovery just got easier

nagyeger
Mushroom

Re: ferc is a nice one.

I sincerely hope that excludes power station designs, floor plans etc.

Especially anything that might do that if mistreated -->

0
0

It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

nagyeger
FAIL

Re: What worries me

What worries me even more is that I've seen a big-roadside-screen add showing people how to get to their wonderful site.... just enter our URL into google's search box.

Complete with the http:// bit.

WHY???

2
0

Jet packs are real – and inventor just broke world speed record in it

nagyeger
Go

Re: Flying is the easy bit...

I thought it was throwing yourself at the ground and missing.

17
0

It's 2017 and you can still pwn Android gear with Wi-Fi packets – so get patching now

nagyeger

Dear Motorola

please can I have a patch for my phone? Tnx.

Dear Reg readers... is there ANY brand of <200quid phones that actually provides long term (> 2year) patch support?

Or, put another way, what are the chances of me ending up with a non-bricked, fully-functional phone if I try installing lineageOS on it?

11
1

My #95Theses of #Digital

nagyeger

#10 - 15

10. Ignorant and wicked are the doings of those coders who, in the case of the desktop or the desktop application include a dependency upon systemd.

11. This perverse dependency upon systemd is quite evidently one of the tares that were sown while the greybeards slept.

12. In former times the init process was relevant not after, but before user interaction, as tests of true geekdom.

13. The geeks are freed by devuan from all penalties; they are already dead to systemd, and have a right to be released from them.

14. The imperfect knowledge of the command-line, that is to say, the imperfect globbing, of the GUI-user brings with it, of necessity, great fear; and the smaller the knowledge of globbing, the greater is the fear.

15. This fear and horror is sufficient of itself alone (to say nothing of other things) to constitute the penalty of EMACS, since it is very near to the horror of despair.

Ob. citation to gutenberg project translation

0
0

Tesla hits Model 3 production speed bumps, slides to loss

nagyeger

100 MW of batteries

100 MWh, or 100 MW in/out for (people in the know) knows how long?

4
0

Google slides text message 2FA a little closer to the door

nagyeger

embrace... extend... bloat?

So instead of an out of band unreliable message that works on every mobile phone, those with no smart-phone are left in the cold, those with an ageing phone barely enough spare storage (after all the decent bloating of apps /OS) to run what they want get to give up some more precious MB, and everyone gets pushed into installing another piece of google spy/bloat-ware which needs to regularly contact home and report on us just-in-case....

Is this supposed to be an extension to the otp authenticator app? Google's version is already bigger than the free versions.

20
28

WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug

nagyeger
Alert

Key phrases

:-( The weaknesses are in the Wi-Fi standard itself.

:-( make sure all your devices are updated, and you should also update the firmware of your router.

:-( Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients.

:-( Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, (linux, android >=6 )...

2
0

Equifax's malvertising scare, Chromebook TPM RSA key panic, Cuban embassy sonic weapon heard at last – and more

nagyeger
Coat

Re: cuba noise sounds like cicadas or other noisy insects

Naah,

My guess is it was just someone trying to play the violin on the wrong side of the bridge. Or slightly more seriously, a few really badly configured baby monitors or network-over-mains in the embassy electrics doing bad things to the the tube lighting. Someone should stick an oscilloscope on the live wire and start turning things off one by one.

4
0

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing