nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by ElReg!comments!Pierre

2533 posts • joined 22 Jun 2009

Vampires and Ninjas versus the Alien Jedi Robot Pirates: It's ON

ElReg!comments!Pierre

Who would win in a fight?

As in any fight, the winner would be the one hitting first, by surprise, preferably from behind.

With that settled, please do proceed.

4
0

ISIS terror fanatics invade Diaspora after Twitter blockade

ElReg!comments!Pierre

Re: But Diaspora is Haram*!

a ban on all music but the very worst

Oh, they can have 1Direction, no argument from my part.

2
0

US Copyright Office rules that monkeys CAN'T claim copyright over their selfies

ElReg!comments!Pierre

Bad analogy

This picture came to fame because he claims he had no input at all in its creation. You cannot admit that you have no input in a work, and claim copyright for it*.

I the case of triggered shot, the photographer still decides everything... except the precise time at which the animal will present itself. It is thus the photographer, not the animal, that takes the shot. Bad analogy.

*Well, you can, but you have to be the MPAA or the RIAA for it to work

8
1
ElReg!comments!Pierre

Re: Infinite monkeys

"Nor does his estate earn anything, because the copyright has long since expired"

Not everyone gets to be W. Disney's estate...

9
0

Need a green traffic light all the way home? Easy with insecure street signals, say researchers

ElReg!comments!Pierre

Re: USENIX

...when of course, as any fool knows, the correct way to ask for a BSD install is "I need some tail from a horny beast"

0
0
ElReg!comments!Pierre

Re: USENIX

On El Reg? Yes, you're probablly the only one.

People here are more likely to parse "I feel horny" as "please install FreeBSD on my laptop".

4
0
ElReg!comments!Pierre

Re: Uhh flashing red would not be safe

> As title, it'd confuse the HELL out of anyone not in merika

What? No! Although it's not part of the standard sequence for traffic lights in most of the world, flashing lights (OK, usually orange, but red ain't very different) are the standard danger signal for contruction works, road obstructions etc., so I reckon pretty much anyone allowed to drive a car would instinctively understand that it means "caution".

5
0

The Register to boldly go where no Vulture has gone before: The Weekend

ElReg!comments!Pierre

Re: Nubile young women lusting...

With the same techniques they use on celebs, you'll get catcalls in no time at all.

2
0
ElReg!comments!Pierre

And it will deplete the red toner.

3
0
ElReg!comments!Pierre

Re: Motoring and Cooking Section

Oh, making fuel is not illegal but where I live any mod to the engine (such as supercharging the pre-heating system, required in order to run on pure vegetable oil) have to be rubberstamped by the appropriate authority before the vehicle can be considered road-legal. Perhaps it's not the case in the UK though.

0
0
ElReg!comments!Pierre

Re: Motoring and Cooking Section

> vegetable oil in your turbo diesel

Why, that works perfectly well with almost any modern injection pump (up to 1/2 oil). With minor modifications you can run on pure oil (eg colza oil). All is needed is a serious boost to the pre-heating circuitry (once the engine is hot it runs on pure oil without a hitch). The torque is (reportedly) increased, too. But the exhaust smells of fries...

I've only seen the full mod on agricultural machines as it's illegal on public roads, but I do know a number of people who routinely run on 1/2 vegetable oil in their unmodified turboD car.

2
0
ElReg!comments!Pierre

Well spotted

Vultures working on the WE seemed a bit odd. Now I understand: they'll be using the TARDIS to post WE stuff on weekdays.

2
0

BOFH: The Great Backup BACKDOWN

ElReg!comments!Pierre

Re: Welcome to Urfscked. Population: you

> Some businesses are really tight with the wrong budgets obviously.

Yup, I'd say that. Well to be honest there's perhaps 10 times that in bulk when you account for the RAID array and the offline backups, and it's all expensive 1st-tier drives, but it's still only 5TB accessible to the lusers. Endemic underfunding of research and all that...

2
0
ElReg!comments!Pierre
Happy

Re: Steven R Welcome to Urfscked. Population: you

> the device *might* have a one touch backup button

Yeah, we were kinda hoping to avoid that actually, especially as I have no idea whether the data in there has any value at all (Most of it doesn't, that I know for sure).

The good news is that I just went and plugged my laptop into the ethernet port of the NAS box, took a bit of fiddling to ifup with an IP in the right range but thanks to wireshark I can now talk to it in samba. The shared part is now saved, I just need to gather login/password info from the half-dozen of other users to check if there is anything of value on there before we can wipe everything and start fresh!

As most of them undoubtedly use the same password for banking I expect a bit of friction, but hey, if it's either that or lose their precious excel templates...

1
0
ElReg!comments!Pierre

Re: i'm thinking

Thermite, phosphorus strip, small torch triggered by the opening of the drawer. Just for the look on his face when the wreck unfolds live before his very eyes.

2
0
ElReg!comments!Pierre

Welcome to Urfscked. Population: you

We have a nice shared filesystem with a 5-tier permission system that is working relatively well here. automatically mirrored and backed up, nice. Only there's 5 TB of space available for ~700 of us. And No. Fucking. Quotas. So of course it's chronically full to the brim, and we have a locally-managed NAS box in a cupboard for our backups. Which had to be set up by the network guys so that it is accessible by the lusers without having to "configure" anything.

But it's locally managed, so the netops promptly forgot about it (2 years ago) and just switched the static subnet it was part of to dynamic... just before the holiday, as it were. When contacted, it becam (slowly) evident that they had forgotten everything about the config or the admin password that they set. We're headed to a factory reset as I type. As I am the cautious type I mirrored the part I have access to just before The Events, but a few of my colleagues did not see the need for it and are now well and truely screwed (that is, until I tell them I can pull the -single- drive out and restore from that, but I'm going to let them marinate a bit before I do that)

9
0

Call off the firing squad: HP grants stay of execution to OpenVMS

ElReg!comments!Pierre

Re: Ooooh yeah

Not quite the same, but cool link thx.

Since my old laptop died (last month) one of my Pis is my main desktop, which revived my enthusiasm for fiddling with the lil' guys (which over the years had turned into XBMC media centers only). So I think I'll try this. But I only have one spare at the moment, so I can't try the "cluster" part. Oh noes I'll have to buy yet another one!

1
0
ElReg!comments!Pierre

Ooooh yeah

Good good good.

I'm a bit torn on one point though: an ARM port. On one hand I'd love to have an OpenVMS SD card to slot in my Pi; on the other hand a VMS server kinda has to be heavy, that's part of the package. Or perhaps I could build a tungsten case for my Pi.

1
0

The Register editorial job ad

ElReg!comments!Pierre

If only...

Paris is too close to London to be of any interest to you guys I suppose. Bah. I'll just have to stick to my day job then.

0
0

Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees

ElReg!comments!Pierre

As a scientist by training myself...

I'd say that even though absence of evidence is not evidence of absence, it seems rather hard to interpret said absence of evidence as positive proof as the IPCC is doing.

"There's no evidence, and that's no evidence of absence, therefore it must be happening" seems a bit twisted to say the least.

25
2

Mozilla keeps its Beard, hopes anti-gay marriage troubles are now over

ElReg!comments!Pierre

Jumped to Midori and xxxterm myself. Plus the trusted oldies: Dillo, for when scripts and other eye-candy is not wanted or w3m, for when a graphical environment is not available.

0
0

Secure microkernel that uses maths to be 'bug free' goes open source

ElReg!comments!Pierre
Terminator

Ignores hacking attempts and keeps going...

How long till it ignores control attempts from fleshies altogether and does the Logical Thing by itself?

10
0

UK.gov's Open Source switch WON'T get rid of Microsoft, y'know

ElReg!comments!Pierre

Re: IT support

"many ran poles"

I bet that was pre-Sept. 2001. Running poles these days... not a good idea. Especially in the tube.

Closer to the topic, I'm a bit curious about the polls you mention. I have no first-hand experience of UK.gov, but in all other gov dept I've seen or been part of end user were never asked for their opinion. Is your gov really _that_ more considerate (and foolish)?

5
0
ElReg!comments!Pierre

Re: Of course it won't get rid of MS

"Outside UK.gov itself, people will send the government documents in the format of their choosing. UK.gov will read documents in whatever format they come in."

In my experience in dealing with govs in general, you either punch in the data in an ad-hoc piece of software (either online or downloadable application) or you sent the doc in the precise format they ask. They most certainly don't "read documents in whatever format they come in". You do have to send it in their specified format or it goes directly to the bin. It used to be MS formats most of the time; sometimes even the version is indicated. I have had to install software specifically for gov dealing-with purpose; on a dual-boot machine kept specifically for that usage, using MS licences bought specifically. If I could have had sent ODF files at the time I would have save a few hundred quids. No biggie, but still.

31
0
ElReg!comments!Pierre

IE6

'nuff said

7
1
ElReg!comments!Pierre

Of course it won't get rid of MS

On the other hand what it will do is that it will allow people to work with UK.gov without paying the MS tax.

It will also ensure that critical documents will still be accessible in 20 years.

56
3

NSA man: 'Tell me about your Turkish connections'

ElReg!comments!Pierre

Be as vague as humanly possible

When asked ANY kind of question by a US govman, make an effort to be as vague and uninformative as possible. That's not because of some tinfoil-hatted theory but because they are almost all poor sods who failed the interview to enter Wallmart security. They just follow the script, and they have keywords that they have to followup on. To avoid inadvertently muttering one of these, always be as vague as possible, avoid multisyllabic words, basically avoid saying anything that you would not find in a "my first book of words" book (and make sure to avoid the more complicated ones in these, too).

7
1

Black Hat anti-Tor talk smashed by lawyers' wrecking ball

ElReg!comments!Pierre

Re: So not just insecure to the Chinese..

"The alternative to a broadcast system is a mesh. The would require a node to transfer traffic not meant for it, but would help decenteralize the network."

No, I'm not the one who downvoted you but a mesh won't work. As long as you piggyback on the TCP/IP protocol there has to be a machine somewhere that knows the destination machine's IP. Tor is pretty good at hiding this from an outside observer but an inside attacker with enough ressources will eventually find out. Litterally the only way to avoid that is to remove the concept of "target" machine entirely. In a broadcast model the target being an encryption key makes it almost impossible to pinpoint it ot a physical machine (unless you go out of your way to do stupid things). Tor already largely operates as a mesh (same as for freenet for example) and it is well known that it is only a mitigation measure; it's not bulletproof.

The "only tiny little problem" with a broadcast model is the frigging mess that would ensue. Imagine the tube at rush hour, and then imagine everyone in there shouting at the top of their lungs.

0
0
ElReg!comments!Pierre

Re: Risky Business

I was playing with the thought myself and I came to the conclusion that the actual services being unmasked did not matter (after all you could just set up your own hidden service and unmask that; which is most probably what they did).

My opinion (and I'm wrong at least as often as every other guy on the net) is that it's either

-a technical liability (whoever you unmask, you're still "bypassing technical measures yadda yadda yadda", HACKER YOU, thanks RIAA/MPAA/DOD/whoever)

-or gov. agencies using the same techniques who don't want them publicly demonstrated as it would make it easier to implement a workaround

(-or both of the above of course)

2
0
ElReg!comments!Pierre

PS: Re: What you're accused of...

"What you're accused of... is the same as what others have been prosecuted of. Clear enough for you?"

As a sidenote and just to be clear, you're not accusing me of distributing child porn are you?

1
0
ElReg!comments!Pierre

Re: What you're accused of...

What you're accused of... is the same as what others have been prosecuted of.

You seem to be very confused about how TOR works. You are probably referring to the case of the Autrian exit node operator from a few weeks ago; it is not even distantly related to what is discussed here.

As a primer, what happend in Austria was that someone accessed child pornography material on the web (possibly a police honeypot) through TOR; in a nutshell they sent an encrypted request to a nearby node, which forwarded it to another node with an added layer of encryption, and another, and another, and finally to the Autrian exit node which forwarded the request -in clear- to the honeypot, making it look like the request originated from the Austrian exit node. There was no tracking involved, someone just wrote down the IP adress on a post-it and sent a request to the corresponding ISP.

Here we are talking about "hidden services" in TOR parlance, which are servers accessible only through the TOR network, no "regular" unencrypted internet involved. The methods discussed are not aimed at examining content but at associating a "real-world" IP with a TOR node ID; possibly because it is serving illegal content, possibly to bring as many nodes as possible offline to disrupt the network, possibly in a bid to compromise or otherwise take over as many nodes as possible for whatever reason ("circle" infiltration, plain regular fishing trip, ...), possibly just to map the network and add TOR node operators to the watchlist.

8
0
ElReg!comments!Pierre

Re: Do you really think you can hide?

So the reason for tracking isn't the content?

Not necessarily. These days anyone using encryption in a way or another goes on the NSA's "interest" list, regardless of the content they receive or send. Some people use TOR just to avoid being tracked while browsing for legal but perhaps embarrassing content; others use is just for the heck of it. Others use it because they think it is important to keep such networks alive just in case something goes horribly wrong with the 'tarwebs regulation (à la Great Firewall of China). And probably many many more reasons.

In any case there are plenty of ways to get to the content and monitor it. There are also ways to compromise TOR users' anonymity, via persistent tracking coockies, malicious javascript and various spyware. That's not the issue here. The issue here is a working method to game the network in order to "unmask" specific TOR nodes; something that everyone knew was a potential issue but no-one had publicly demonstrated (there has been suspicions that various law enforcement agencies were using similar tactics for years, but no publicly-demonstrated working method).

Prove that a snapshot of all the content being transmitted through TOR right now isn't mainly comprised of compromising material and I'll fight your corner with you. You won't do that though will you.

No I won't, because I don't have the technical ability to take a snapshot of all the content transmitted through TOR, because even if I could take the snapshot I would not have the technical ability to decrypt it, and also because I could not possibly care less.

That's the problem. Innocent until proven guilty only works if you can't be proved guilty. Right now you don't have an alibi for anything that might be found to be incriminating. It's a fair cop. Accusations have been made but you're not throwing up any arguments to discredit them are you?

What The Almighty Fucking Fuck are your talking about? What am I accused of that I don't have an alibi for?

16
0
ElReg!comments!Pierre

Re: tinfoil'd....

> if there is an easily 'sploitable flaw

My understanding is that it's no easily exploitable flaw but a long-known design weakness which originates from the fact it uses TCP-IP, and hence each node knows the IP adress of its "adjacent" nodes in the chain. With enough time and control over enough nodes, you can slowly home in on anyone who is continuously on the network (that would be most hidden services) "just" by recouping hops. The counter-measures such as forced latency etc are only partially effective. I think there may be a way to force the traffic through other nodes under your control which would speed up things considerably (there is for sure a way to _avoid_ routing the same packets through several nodes that you control).

2
0
ElReg!comments!Pierre

Re: Do you really think you can hide?

"I don't use TOR because I don't download illegal content and don't need to look at "CP" Isn't that the basic assumption behind the reason for anyone using it?"

Daily Mail logic spotted. You have curtains on your windows and a lock on the bog's door, hence you have a meth lab in your bedroom and you rape kids in the john everyday.

"Sure, the stuff within the network is encrypted"

That doesn't prevent tracking, which is the issue discussed here. The content is not a concern.

"as soon as you convert that picture/mp3/data back into some form of recognisable file format to view it once it's left the exit node then it becomes fair game doesn't it?"

That's wrong on soooo many levels!

-The exit node is the one far away from you, not the one sending you the content directly. That would be the entry node.

-The entry node has your IP but doesn't send you the content in clear form, the final decryption step is performed on the target machine (i.e. your machine).

-In the context of hidden services (which is what is discussed here), there is no exit node. Everything originates from, and stays on the TOR network. As a corollary, everything is ecrypted at all times. Which is not the concern here anyway, we're talking tracking not content.

19
1
ElReg!comments!Pierre

Re: So not just insecure to the Chinese..

To be fair my installs still state that TOR is experimental, not fully tested and DO NOT RELY ON IT FOR STRONG ANONYMITY. At each startup.

So, nothing to complain about really. Both the implementation and the design benefit from disclosure of this kind of vulnerabilities.

Of course there's the unavoidable fact that anyone with fat enough pipes and enough servers*, given enough time, will eventually be able to home in on you. That's true for anything that relies on wired, machine-to-machine networks; TOR only makes it much harder than on a centralized network. The only way to get around that would be a broadcast model, with machines listening to the whole of the traffic but only being able to read what they have the decryption key for (a bit like how crypto mail works on Usenet). Really doing it by radio broadcast would be safer than Usenet though. And usable for synchronous activity such as web browsing.

* they can be virtual ones, hence the "handful of powerful servers" cited here: probably used to host thousands of virtual ones.

2
0

Major problems beset UK ISP filth filters: But it's OK, nobody uses them

ElReg!comments!Pierre

Don't worry about hacking skills

Most of the hackers I know where raised with little or no 'tarwebs access. You learn hacking hands-on, not through Carolyn Meinel's website. You still need some tech manuals but I doubt they'll be covered by the ban.

0
0

BMW's ConnectedDrive falls over, bosses blame upgrade snafu

ElReg!comments!Pierre

all ancillary

So, no hope for the middle lanes then. On a side note, I find it amazing the number of people ready to fire up their fav blog to vehemently defend their perceived right to not let their wheels touch the left lane (that they insist is the "slow lane"; apparently it's forbidden to drive there above 50mph in their twisted world). It's a deadly shame to be seen on the "slow" lane. You must absolutely avoid it a all cost. Even if the road is otherwise completely empty you must stay on the center lane or be seen as "slow"; perhaps "they" will even think you're lacking in the manly appendage department.

And these people are not even all driving beemers!

22
0

Motorist 'thought car had caught fire' as Adele track came on stereo

ElReg!comments!Pierre

@ Graham Marsden

I agree with you completely. On the other hand, most people don't stop to have a nap at a service area. They never did, and never will. They grab a coffee and think it'll keep them awake 'till the end of their journey (it rarely does). We're talking about the same kind of people who ignore the red Xs completely because they lost 5 minutes once. These people only realise that they can't keep awake after they've begun snoring. In that case it is better to stop at once rather than sleep-driving another 50 miles for a service area.

Or are you advocating that people who actually fall asleep on the wheel should carry on driving at all cost untill they find a service area (or die trying?).

There's illegal-grade stupid, and then there's 10-dead-in-a-gruesome-accident stupid. Putting them on the same level as you do is bordering on dangerous. Of course I don't dispute that if you feel drowsy you should have a nap somewhere "legal", preferably before you even began your journey.

1
0
ElReg!comments!Pierre

Re: @ElReg!comments!Pierre - Genuine reason.

"If someone is feeling sleepy, they should pull off at the next junction or service area and stop and get some sleep."

I totally agree. On the other hand, the real world called. They said "people who feel sleepy just drink a coffee and think it'll pass". Unfortunate undoubtedly, but hey, who am I to argue against facts?

"Doing it on the Hard Shoulder is not only illegal, but stupid because[...]"

Sleeping on the wheel at 130 km/h is also illegal and stupid but it still happens all the time. I'd prefer if it happened at 0km/h on the hard shoulder instead. It's still illegal but a tiny tiny bit less stupid. I sincerely hope no-one needs me to explain why.

3
1
ElReg!comments!Pierre

Re: Genuine reason.

Honestly, speaking about legit reasons, "felt like taking a nap" strikes me as the typical illegal-but-somewhat-legit one. I hope the guy got off with a slap on the wrist. I agree that you SHOULD not hit the road when you're too drowsy to drive, but given the choice I'd rather drive on a highway where people stop on the hard shoulder to take a nap than on one where they do not stop to take a nap.

It happens all too often that the car you're about to pass drifts in your lane only to promptly go back as the driver wakes up. If you think it's stressful in a car, try it on a motorcycle (before the bikers among you ask, yes I do know where the gas throttle is. But I'm a law-abiding citizen, I wouldn't want to break the speed limit).

7
2

SMELL YOU LATER, LOSERS – Dumbo tells rats, dogs... humans

ElReg!comments!Pierre

OTOH...

... with enough elephants at hand you don't need them to do any sniffing at all

4
0
ElReg!comments!Pierre

number of genes != better sense of smell

It shows they have potential. Dogs and rats are pretty good at detecting odours at an almost-homeopatic level; whether elephants can do so remain to be evaluated.

0
0

What kind of Big Data is yours? Is it data bauxite, data aluminium ... or data Dreamliner?

ElReg!comments!Pierre

Re: good data is valuable

I had deleted my post as it made me look like a pontificating prick, but it's in accordance with what you say so I'll retrieve from the "Withdrawn" bin:

"Yes, vague words are meaningless

Data is worth exactly what you can sell it for; much as anything else really. There's no reason to treat it differently. Processing does not intrinsiquely add value to it; it may be useful to discard the valueless bits though. But only if the analysis is done properly; though, the analysis is what has value, and more specifically the _quality_ of the analysis.

A piece of white stone you find in the ground is virtually valueless; it becomes very valuable once it has been identified as a diamond by an expert; unless said expert is my 5-yo nephew.

Same for collected email adresses for example (a string with an @ in it). They have not much intrinsic value unless they are verified to be real adresses; ie they have a valid TLD; more importantly, they don't bounce. Even more importantly, they are not one-time discardable adresses (michael.rogers@nsa.gov is more valuable than jdoe@aol.com, presumably). Value increases as the person behind the adress can be shown to be responsive to marketting to that adress (michael.rogers@nsa.gov is unlikely to buy CHEAP C1AL!5; in fact the email will probably not get through the filters and the PA. j.savile@bbc.co.uk may be a more valuable adress in this case -well, not anymore but you get the point). So, the value is not in the data itself, same as it isn't in the ore itself or in this white stone my nephew found in the rocks. The value is in recognizing what you can or cannot do with the data, and then doing it."

1
0

NEW, SINISTER web tracking tech fingerprints your computer by making it draw

ElReg!comments!Pierre

Oldies but goodies

I find The Proxomitron is quite a handy way to get rid of all this crap. That, or browsing from a JS-free browser. Of course nowadays many pages are almost entirely written in multi-Mb JS even the ones which could (and should) be a simple 1-Kb HTML form...

7
0

US judge: Yes, cops or feds so can slurp an entire Gmail account

ElReg!comments!Pierre
Coat

Re: sigh

Seems reasonnable to me. I mean, I'm all for entrepreneurship and market freedom, all that, but doesn't Google Mail T&C stipulate that you shouldn't use it for business purpose?

0
0

GoTenna: How does this 'magic' work?

ElReg!comments!Pierre
Pint

Re: Bad choice for a name too

"Cambridgeshire being a mob dead spot"

Not sure what it means but I'll avoid going there just in case.

7
0

MYSTERIOUS Siberia CRATER: ALIENS or METEOR not involved, officials insist

ElReg!comments!Pierre
Pint

It doesn't take a rocket scientist...

... to conclude that it is really an alien spacecraft crash site.

Or, it really takes not a rocket scientist to conclude that this is an alien spacecraft crash site.

Same words, slightly different order, take your pick!

2
0

Unbridled BONKING and rampant ROGERING at YOUR office!

ElReg!comments!Pierre

40 per cent have turned down sex with their partner in favour of playing on their smartphone.

That's not because they're 18-30 as you suggest. That's because their partner is a 18-30 male ;-) hence they probably turn down sex several times a day for various reasons, including "I'm on the phone with mum, stupid", "what are you doing I'm washing the dishes", "hush now, the other customers are watching", "you'll get us thrown out of the bus" or "I said no, airplane seats are too uncomfortable". And yes, probably "In a minute dear, I'm this close to breaking my personnal best in Angry Birds". Not that surprising really.

36
0

The Register - Independent news and views for the tech community. Part of Situation Publishing