* Posts by Midnight

337 publicly visible posts • joined 24 Feb 2008

Page:

BOFH: Elf of Safety? Orc of Admin. Pleased to meet you

Midnight

Re: reduced fat lard?

Isn't that when you use half as much?

Midnight

Re: Right Royal Softly, Softly, ...... Catchee GCHQ and Assorted Monkeys ....

I heard that he moonlights as a speechwriter for a recently elected US politician.

BOFH: Password HELL. For you, mate, not for me

Midnight

Re: Obligatory XKCD

correct horse battery staple is nice, but I prefer the Bruce Schneier password: uTVM,TPw55:utvm,tpwstillsecure.

You're taking the p... Linux encryption app Cryptkeeper has universal password: 'p'

Midnight

Re: Does this mean

Y'know, there is a bug report which explains all of these things. It's even linked from the article.

Here, I'll read it for you. Cryptkeeper calls encfs to create an encrypted filesystem interactively and feeds it answers through stdin. The code is even included in the bug report:

execlp ("encfs", "encfs", "-S", crypt_dir, mount_dir, NULL);

exit (0);

[...]

// paranoid default setup mode

//write (fd[1], "y\n", 2);

//write (fd[1], "y\n", 2);

write (fd[1], "p\n", 2);

write (fd[1], password, strlen (password));

write (fd[1], "\n", 1);

Not only does it answer "p" to the "Paranoid or eXpert mode?" prompt, it also used to answer "y" twice before that, presumably to answer questions about creating the filesystem and mount point specified in crypt_dir and mount_dir. The man page for encfs even specifically warns about that possibility:

-S, --stdinpass

Read password from standard input, without prompting. This may be useful for scripting encfs mounts.

Note that you should make sure the filesystem and mount points exist first. Otherwise encfs will prompt for the filesystem creation options, which may interfere with your script.

The end result of this is that Cryptkeeper will ignore the user supplied passphrase and create an encrypted filesystem with the password "p". Since the error was restricted to the creation code, any further attempts to mount the newly created filesystem with the correct password would fail.

While the real source of this error is the sloppy use of an interactive session with encfs in Cryptkeeper, the trigger was a recent fix made to encfs which removed the "paranoid?" prompt. Since this fix was committed on December 12th, when Cryptkeeper was no longer maintained, it was not caught until the next time a Debian testing user tried to create a new encrypted filesystem and found that it didn't work.

How the NYE leap second clocked Cloudflare – and how a single character fixed it

Midnight

Re: There is the theory of the moebius...

Programs assume that time is a strict progression of cause to effect but actually, from a non-linear, non-subjective viewpoint, it's more like a big ball of wibbly wobbly... time-y wimey... stuff.

New Android-infecting malware brew hijacks devices. Why, you ask? Your router

Midnight

Re: Infection Vector

The linked writeup goes into some depth about this, but here's an overly brief summary which probably misses several important details:

1) End user downloads a copy of a popular search app or free wifi app onto their phone and installs it, presumably by sideloading.

2) The trojan app then runs, checks to see if it has connected to a new wifi network and then phones home for instructions.

3) The app then uses a range of super-secret military grade encrypted ciphers such as "admin/admin" and "admin/123456" to log in as an administrator to the wifi access point it just connected to.

4) Once it has admin access to the AP the trojan will then reconfigure it to use a rogue DNS server for itself and for all DHCP clients which connect to it from then on. According to the article it seems to only understand the web interface for common TP-LINK routers

5) The trojan-infected phone can then be switched off, wiped clean, fed into a wood chipper and then have its ashes launched into the sun, but the damage to the WIFI AP will still remain.

So the initial infection is done by sideloading an app, but once the AP has been owned every user of that WiFi network who uses the provided DNS addresses will be affected.

Sysadmin told to spend 20+ hours changing user names, for no reason

Midnight

I think you do have those backwards.

https://getyarn.io/yarn-clip/30414f9c-864f-454d-8124-8160934d51f0

And the carbon-units are not an infestation. They are a natural function of the Creator's planet.

AI gives porn peddlers a helping hand

Midnight

Re: CFCM?

"Clothed Finance, Credit and Macroeconomics"?

YMINMKBYKIOK.

Post-outage King's College London orders staff to never make their own backups

Midnight

Throw in some phones with cords, octagon shaped paper, and Edward James Olmos in a dark blue jacket and you've got something good there.

Trump's taxing problem: The end of 'affordable' iPhones

Midnight

Re: Trump's business for more than 10 years has been LICENSING HIS NAME.

"Being president of the USA is 'The road to nowhere' job."

But... David Byrne is Scottish.

Robot solves Rubik's Cubes in 637 milliseconds

Midnight

Re: As for that time...

Most humans in competitions _do_ use speed cubes, which are designed to avoid unfortunate accidents like popping or corner cutting and then disassembled, lubricated, adjusted and reassembled at least twenty times during the lead-up to a competition. The first adjustment ensures that all of the cube's parts will be turning at top speed with exactly the amount of friction required while the next nineteen or so are just to give the cube's owner something to do with their hands while waiting.

Microsoft goes back to the drawing board – literally, with 28" tablet and hockey puck knob

Midnight

I'm confused.

I can understand the screen. It's a 3:2 aspect, big enough to display two pages side by side at something around 200 dpi, so it's great for doing print work.

It's touch and has a fancy pen so that you can draw right on it. The Soar Knob does the job of a mouse wheel and give you something to do with your left hand while you're drawing that won't get you arrested.

The screen can tilt from vertical down to almost flat so that it can act like a traditional desktop or a drafting table, and the whole thing is counterweighted to make the transition as smooth as possible.

There's a ridiculously high resolution camera built into the top bezel so that you can share all of your conversations with Skype and that the botnet owners can watch your expression right after you realize that all of your files have just been encrypted with unbreakable triple-ROT13.

That all makes sense.

Why does a desktop computer, designed to be placed with its back against a wall or tilted so that its back goes down to the desk, have both front _and_ back mounted cameras?

If we can't fix this printer tonight, the bank's core app will stop working

Midnight

Immediate result: Helpdesk calls the printer technician first. For every possible incident.

Midnight

Re: Some time ago...

"You might need to explain to some of the youngsters here [...] what a "punched card" is..."

I'll give it a go...

*ahem*

"It's something like an iPhone, only even thinner."

Elon Musk says SpaceX Falcon 9 fireball investigation is 'biggest challenge yet'

Midnight

"""SpaceX quickly released a statement calling the explosion an anomaly"

No shit, Sherlock."

Their original plan was to release a statement saying "We meant to do that!" and hope that nobody noticed.

Midnight
Black Helicopters

The sixth and final explosion—frame 313—starts on the Falcon 9 in the oxygen tank near the front. This is the big one. The Falcon 9 going back to its left. The explosion came from the front and right. Totally inconsistent with a routine filling operation. Again... back and to the left… back and to the left… back and to the left… back and to the left.

Want a Windows 10 update? Don't go to Microsoft ... please

Midnight

Re: @kraggy

So if a Windows update installs quickly, quietly, and doesn't break anything, _then_ we will know that it's an obvious and clumsy fake.

Blackhat wannabes proffer probably bogus Linux scamsomware

Midnight

Re: redis?

Yup. It's the same thing. Just a different payload.

http://www.bleepingcomputer.com/news/security/hacked-redis-servers-being-used-to-install-the-fairware-ransomware-attack/

Height of stupidity: Heathrow airliner buzzed by drone at 7,000ft

Midnight

Re: Operational distance...

Clearly it was aliens.

Chinese CA hands guy base certificates for GitHub, Florida uni

Midnight

Re: You can't trust anybody

"Maybe the solution is to add a further category for whom the "Ignore these warnings" buttons are greyed out."

Perhaps an "I am aware of the risks" checkbox could help. Activating that and also pressing the "Ignore these warnings" button would not actually bypass the certificate warning, but instead open up a large text box with the caption "Then tell us what you think they are".

Sysadmin sticks finger in pipe, saves data centre from flood

Midnight

Re: CROM

I was reminded of this guy instead...

"Friday at last!" crowed Conan springing from his mats with the agility of an antelope. "Crom's Beard but it took long enough to get here!"

-- Conan the Salaryman

If you haven't changed your Dropbox password for 4 years, do so now

Midnight

Re: Sounds fishy to me

That is an awful lot of passwords, but don't worry. You'll only need to know one of them to convince someone at the call centre that you should have access to all of your accounts.

Security is job one.

NASA to begin first asteroid sample mission: Seeks 'pristine' specimen

Midnight

Re: Take me along

Green or Blue swimming pools?

Cops break up German sausage fight between pair of Neubrandenburgers

Midnight

Re: Allo Allo

As any student of art history knows, that's "The Fallen Madonna with the Big Boobies" by van Klomp, which may or may not be within Herr Flick's sausage.

'I found the intern curled up on the data centre floor moaning'

Midnight

Re: What are the odds

No interocitor part can be replaced. Bear this in mind while assembling. Use only genuine interocitor parts.

...

Cal, are you gonna work naked again?

Midnight

Re: "Pete' has omitted some details...

Making all those calls would run down the phone battery, which is needed for playing Pokemon.

You've got to have priorities.

Render crashing PCs back to their component silicon: They deserve it

Midnight

"Private Idaho?"

*sigh*

It is by puns alone I set my jokes in motion.

It is by the brew of coffee that wits acquire speed, the wits acquire groans, the groans become a warning.

It is by puns alone I set my jokes in motion.

Mozilla 404s '404 Not Found' pages: Firefox fills in blanks with archive.org copies

Midnight

I don't get it.

I understand the github reference, but what's so amazing about Bloomberg's 404 page?

Aside from having over 110k of scripting and menus, the page just says "404. Page Not Found / Unfortunately, this page does not exist. Please check your URL or return to the Home Page".

Am I missing something, or are those two sentences just that much more amusing than anything else Bloomberg ever reports on?

Buzz Aldrin's Apollo XI expenses claim revealed

Midnight

Re: Mileage? Certainly no Frequent Flier Miles.

"A free trip to Mars requires at LEAST 50 million frequent-flier miles. . . and that's in Coach. . ."

Trust me, go for the upgrade. In Coach you have to listen to disco and only eat potatoes.

O2 customer data grab: Not-a-hack creds for sale on dark web

Midnight

Re: Passwords and Human Nature

Indeed. A password should always be something as undeniably private and secure as "What is the street you grew up on?" or "What is your pet's name?"

World religions stake out positions on Pokemon Go

Midnight

"get the planet hooked on some mindless thing, then use it to control their minds."

...He said while connected to the Internet.

BOFH: Free as in free beer or... Oh. 'Free Upgrade'

Midnight

Re: noooooo

Not if they have been disabled by the electronic ECM counter-measures.

Midnight

Re: XYZZY

Hello, Sailor.

How's this for irony? US Navy hit with $600m software piracy claim

Midnight

Re: RE: DOD Approved Hammers

"...and of course cost more and NASA hammers..."

...because NASA is just a bunch of fly boys, and the Navy needs to have better hammers than the Air Force. If they didn't... then... Well, the Russians would just come in and take over with their superior hammers.

Er... Wait. It's not the Russians now? Well, then who's the real enemy the Navy is fighting against today? Beside the Army and Air Force, of course.

Star Trek Beyond: An unwatchable steaming pile of tribble dung

Midnight

Re: Nahh, the old Star Trek was for nerds...

"Next episode the Enterprise will hunt Pokemons...

...On space station K7. The Pokemon are being sold by Cyrano Jo-Smith, played by Penn Jillette, who accidentally uses them to uncover a sinister Klingon plot to poison the station's supply of... um... space barley.

There will be a fifty minute long brawl between Scotty and the entire Klingon crew, briefly framed by a few minutes of story.

And the best part is that it will be completely and totally original, just like all of the new Star Trek films.

Blighty's Coastguard goes into battle against waterborne Pokemon

Midnight

Re: Don't mess with evolution!

Or... You could just have your phone lie about its current location. Really, it's like two taps on the screen and then you enter the longitude and latitude of any place on Earth and your phone will report that it is there, and any apps running on it will believe it.

But your way works too.

Tor veteran Lucky Green exits, torpedos critical 'Tonga' node and relays

Midnight

He's going to change the ron on all of the servers., so naturally he would use the chron command.

Perhaps he could even schedule the chron job as a cron job.

Pokemon Go oh no no no, we're not reading your email, says gamemaker

Midnight

Users who report improper touching from Pokemon have also installed Ingress, so it looks like the app is reusing permissions already granted to Niantic's other big game.

It's still a mess, but that almost explains how Pokemon Go was able to grant itself so much access without user intervention.

Facebook ‘glitch’ that deleted the Philando Castile shooting vid: It was the police – sources

Midnight

Re: militarized private army

"They'll regulate my militia well when they pry it from my cold, dead hands."

Sociology student gets a First for dissertation on Kardashians

Midnight

Re: She's overthinking it

"Analysis over, job done. Just pop my doctorate in the post."

Doing the analysis is only part of a doctorate. The other part is being locked in a small room with a panel made up of toddlers who spend the rest of the day asking "Well, why is that?", "What's that for?" and "Why should I care about this?".

If you can survive the day without ever saying "I don't know" and being cast into the Gorge of Eternal Peril by The Man From Scene 24, then... Well, then you get to do it again because the right people didn't all show up. But eventually it does get stamped, misaddressed, popped in the post, folded in two, fed to a small dog and then stuffed into a mail slot that is three times too small for it to fit.

Medicos could be world's best security bypassers, study finds

Midnight

Re: The Medico God complex.

Someone didn't bother reading my carefully prepared memo on commonly-used passwords.

Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and... god. So, would your holiness care to change her password?

Sea of outrage after 'migrant-spotting app' turned out to be bogus

Midnight

You're all talking about the app, you all know the name of the developer, and... well... before being blacklisted forever, Grey Goo was nominated for several awards.

As long as you believe that there's no such thing as bad publicity, this whole experience has been awesome for everybody involved.

Smut shaming: Anonymous fights Islamic State... with porn

Midnight

After things with Electric Mayhem didn't work out, Animal really needed the money.

Wales gives anti-vaping Blockleiters a Big Red Panic Button

Midnight

I still think they should have stuck with the original announcement.

https://www.youtube.com/watch?v=oVa4_2xXwGE

Microsoft buys LinkedIn for the price of 36 Instagrams

Midnight

"But LinkedIn? An evanescent user base and 10,000 employees with titles like Talent Solutions Solutions Consultant (I kid you not)? Whose operating income is increasingly negative?"

Perhaps that position could be replaced by a contractor. A Talent Solutions Solutions Consultant Consultant, if you will.

Our CompSci exam was full of 'typos', admits Scottish exam board

Midnight

Re: Brilliant...

"The Indians in Mumbai must be laughing their collective asses off."

Of course they are. Who do you think eventually got the contract to write that exam?

Latin-quoting Linus Torvalds plays God by not abusing mortals

Midnight

Re: quidquid Latine dictum sit altum videtur

"People called Romanes, they go, the house?"

Docker hired private detectives to pursue woman engineer's rape, death threat trolls

Midnight

Re: Utterly unacceptable

"The part that operates 24hrs from ages 0-5, and ~4pm to ~8am up to the age of 17?"

So, Television?

Page: