Posts by Alan J. Wylie
645 publicly visible posts • joined 21 Aug 2009
Ca-caw-caw: Pigeon poops on tot's face as tempers fray at siege of Lincoln flats
China's really cotton'd on to this whole Moon exploration thing: First seed sprouts in lunar lander biosphere
Staff sacked after security sees 'suspect surfer' script of shame
Wednesday 26th December 2018 11:12 GMT
Many years ago, we had an ISDN connection at the office, and a bank of modems. HTTP connections were forced to go through a Squid proxy. I had a similar little script which grepped the log for "interesting" keywords, but not much interest was shown in this from above.
However, one day all our sales people and managers were gathered together at a hotel for a big meeting. One of my colleagues in network admin was due to address them, and took the opportunity to remind them that, as in the T's and C's they had acknowledged, our network was monitored for inappropriate (and expensive: on-demand ISDN had a per-call cost) usage. There were no sackings as a result, just a few red faces as he stood at the lectern and read out a few of the less unsafe-for-work domains that had been visited the previous night.
Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit
Tuesday 4th December 2018 07:45 GMT
NCSC advice
The National Cyber Security Centre (part of GCHQ) doesn't think that forcing regular password expiry is a good thing.
'Blockchain SAVED my Quango'
Wednesday 7th November 2018 10:17 GMT
"Do you need a blockchain?"
Blockchain flowchart, taken from this NIST PDF
Bird, Lime, and Xiaomi face scooter sueball
Wednesday 31st October 2018 10:49 GMT
Bird Lime
What an unfortunate pair of names, when combined I parsed it as something quite different:
This two-year-old X.org give-me-root hole is so trivial to exploit, you can fit it in a single tweet
Friday 26th October 2018 09:00 GMT
Re: Thanks for making this public
The CVE was raised back in July
Raised doesn't mean made public.
I monitor CVEs for a living (it's tedious and boring: since early 2017 there has been a huge increase in ones of no relevance). The first I saw of it was this tweet, yesterday at 9:30 pm.
The NIST site says published on the 25th, too.
Friday 26th October 2018 08:49 GMT
Theo de Raadt of OpenBSD is not happy
Nobody at OpenBSD was made aware of the bug until very late on, despite an OpenBSD developer being on the X security team. The release of 6.4 could have been delayed until after the public annoucement.
Excuse me, but have you heard the teachings of our Lord and Savior, Jesus Chr-AI-st?
Thursday 25th October 2018 07:29 GMT
Theological AI, what could possibly go wrong?
He turned to face the machine. "Is there a God?"
The mighty voice answered without hesitation, without the clicking of a single relay.
"Yes, now there is a God."
Thursday 25th October 2018 07:25 GMT
Can it re-phrase this into a form that doesn't cause schoolboys to fall asleep?
And spotteth twice they the camels before the third hour, and so, the Midianites went forth to Ram Gilead in Kadesh Bilgemath, by Shor Ethra Regalion, to the house of Gash-Bil-Bethuel-Bazda, he who brought the butter dish to Balshazar and the tent peg to the house of Rashomon, and there slew they the goats, yea, and placed they the bits in little pots. Here endeth the lesson.
Linguists, update your resumes because Baidu thinks it has cracked fast AI translation
You like HTTPS. We like HTTPS. Except when a quirk of TLS can smash someone's web privacy
Friday 19th October 2018 07:22 GMT
Memories of Not the Nine O'Clock News.
Thought Patch Tuesday was a load? You gotta check out this Oracle mega-advisory, then
Wednesday 17th October 2018 07:53 GMT
libssh and libssh2
There are two similarly named projects:
libssh: the one with the vulnerability, and libssh2 which so far doesn't seem to be affected.
Red Hat / Centos, at least, use libssh2.
Note also that it only affects servers, not clients. sftp servers seem to be the most likely to be vulnerable and exposed.
Amazon's sexist AI recruiter, Nvidia gets busy, Waymo cars rack up 10 million road miles
Sunday 14th October 2018 09:32 GMT
Re: Trash data in, Trash results out...
The term Garbage in, Garbage out was first coined in 1957.
UK.gov teams up with Five Eyes chums to emit spotters' guide for miscreants' hack tools
Friday 12th October 2018 10:04 GMT
content available as HTML
For those with an aversion to PDFs, the content on the US-CERT web site is very similar to the NCSC's download.
Russian 'troll factory' firebombed – but still fit to fiddle with our minds
Wednesday 10th October 2018 10:39 GMT
Reichstag fire
Why does this remind me of the Reichstag fire and false flag operations?
Boffin: Dump hardware number generators for encryption and instead look within
Tuesday 2nd October 2018 09:36 GMT
Sounds very familiar
LWN article: Random numbers from CPU execution time jitter (2015) and HAVEGE: a linux "random" number generator that relies on instructions taking an unpredictable number of clock cycles to execute.
Sysadmin misses out on paycheck after student test runs amok
You'll never guess what you can do once you steal a laptop, reflash the BIOS, and reboot it
US govt concedes that you can indeed f**k Nazis online: Domain-name swear ban lifted
Friday 14th September 2018 07:24 GMT
RevK's P.P.S on his use of a fuck.me.uk domain.
The Reg takes the US government's insider threat training course
Solid password practice on Capital One's site? Don't bank on it
Thursday 13th September 2018 07:30 GMT
The NCSC agrees
Nvidia promises to shift graphics grunt work to the cloud, for a price
Sextortion scum armed with leaked credentials are persistent pests
Monday 10th September 2018 13:43 GMT
The consequences can be tragic
A MAN found dead in the River Lugg was being blackmailed by internet scammers in Iran.
US watchdog OKs robo-doc AI that spies eye disease all on its own
Wednesday 29th August 2018 10:54 GMT
Re: What about all the other diseases?
That makes as much sense as complaining that a blood test for ebola can't detect a sprained ankle.
I was referring only to diseases diagnosed by inspecting the retina. What's the point of an automated system when a specialist has to look at it anyway to diagnose other diseases?
As for the prosecution, sorry - I missed a sarcasm tag. As with the case of Dr Hadiza Bawa-Garba, the case should never have been brought in the first place.
Wednesday 29th August 2018 08:18 GMT
What about all the other diseases?
Macular degeneration, for one. And what happens if someone dies because of a missed diagnosis. Who do you prosecute then?
Don't let Google dox me on Lumen Database, nameless man begs
Tuesday 28th August 2018 14:28 GMT
BBC Technology + Creativity Blog
The BBC's Technology + Creativity Blog posts a list of BBC pages that have been removed from Google's search results, here's the lastest post. It can be a most interesting read.
Tax the tech giants and ISPs until the bits squeak – Corbyn
Use Debian? Want Intel's latest CPU patch? Small print sparks big problem
Tuesday 21st August 2018 20:07 GMT
Section 3
You will not, and will not allow any third party to ... (v) publish or provide any Software benchmark or comparison test results.
I can see why Debian aren't happy, seeing as without new instructions made available by microcode updates, some of the mitigations incur a significant performance hit.
Self-driving cars will be safe, we're testing them in a massive AI Sim
Friday 17th August 2018 13:23 GMT
and crucially, road intersections
Who would have thought, 35 years ago, that all the work that a Ph.D. student from Oxford, my colleagues and I were doing programming a Laser-Scan Fastrak in Fortran on a VAX 11/780 to recognize the junctions on Ordnance Survey 1:1250 maps would lead to this?
Bank on it: It's either legal to port-scan someone without consent or it's not, fumes researcher
Tuesday 7th August 2018 12:49 GMT
One law for them, another for us
Do not forget the case of poor Daniel James Cuthbert, found guilty of an offence under the Computer Misuse Act back in 2005 for adding ../.. to the URL of a charity's web site.
There is a very thin line between "intending to secure access" and checking to see if insecurities may be present.
Top tip? Sprinkle bugs into your code to throw off robo-vuln scanners
Oi, clickbait cop bot, jam this in your neural net: Hot new AI threatens to DESTROY web journos
ZX Spectrum reboot latest: Some Vega+s arrive, Sky pulls plug, Clive drops ball
Monday 6th August 2018 14:09 GMT
Re: What we need
Interested in your thoughts regarding Betamax v VHS
I contracted for a while at Pye TVT in Cambridge (working on a TV video effects console for the 1986 World Cup). Pye was a subsidiary of Philips, and there was a factory shop. Lots of employees, contractors and their friends and families ended up with Video 2000 recorders. Rumour had it that e.g. Dixons allocated the cassettes equally to all shops, and the manager of the Cambridge branch spent a lot of time on the phone talking to other branches to get their spare stock sent to him.
Getting back on topic, I also worked on the Acorn Archimedes and the Sinclair QL.
Uptight robots that suddenly beg to stay alive are less likely to be switched off by humans
Microsoft devises new way of making you feel old: Windows NT is 25
Engineers, coders – it's down to you to prevent AI being weaponised
Monday 23rd July 2018 08:13 GMT
Dual use is hard.
Many years ago, I worked on computer aided mapping: semi-automated line following. Measuring the boundaries of all the woodland in the UK to calculate the total area, better 1:1250 maps with accurate buried utilities to stopping backhoes cutting fibre optic cables, what could possibly be wrong with that? Then came the Falklands war. Digitise the contours and produce a wire-frame perspective of Mount Tumbledown as viewed from Port Stanley, please.
A few years later, I worked on CNC blade tip grinders to make jet engines more fuel efficient. Making 747s greener is great. But what if the US Navy want some for their fighters? Or the Army for an AGT1500 turbine in an M1 Abrams tank?
♫ The Core i9 clock cycles go up. Who cares where they come down?
Friday 20th July 2018 12:04 GMT
The song the headline referers to.
Ah, British summer. The sun is shining, the birds are singing, the internet is on the fritz
Thursday 19th July 2018 13:07 GMT
Fibre break(s) near Manchester, too
Zen: Fibre Cable break impacting Bury Exchange
Bury is north of central Manchester, so these may be separate incidents.
Tech support chap given no training or briefing before jobs, which is why he was arrested
Friday 13th July 2018 09:51 GMT
My similar experience with core store in a defence establishment. At least I didn't get arrested!
Another data-leaking Spectre CPU flaw among Intel's dirty dozen of security bug alerts today
Wednesday 11th July 2018 10:58 GMT
Re: CVE-2018-3693 "BCBS" Bounds Check Bypass Store"
Yes - the ARM one is the same as the Intel one.
CVE: CVE-2017-5753, CVE-2018-3693
Tuesday 10th July 2018 18:50 GMT
CVE-2018-3693 "BCBS" Bounds Check Bypass Store"
Note that -3639 is a very similar "speculative store bypass" from May: don't get confused as I did for a short time. Could -3693 be the same as the Intel one?
Mark Rutland of ARM on the Linux Kernel Mailing List
arm64: spectre-v1 write fixes (CVE-2018-3693)
These patches inhibit spectre-v1-write gadgets found in arch/arm64, using the same mitigation applied to existing spectre-v1-read gadgets.
This issue is also known as CVE-2018-3693, or "bounds check bypass store". More details can be found in the Arm Cache Speculation Side-channels whitepaper, available from the Arm security updates site [1].
Leatherbound analogue password manager: For the hipster who doesn't mind losing everything
And in current affairs: Rogue raccoon blacks out city power grid after shocking misstep
Friday 6th July 2018 20:33 GMT
Biting the hand that feeds IT
