* Posts by ElReg!comments!Pierre

2711 publicly visible posts • joined 22 Jun 2009

Tor loses a node in Russia after activist's arrest in Moscow

ElReg!comments!Pierre

Re: Tor exit node?

Why not? I used to run one, too. TOR project's website has (or used to have) a page showing how running your own exit node could protect you by giving you plausible deniability (although, as this story shows, it may be a double-edged sword).

Prisoners built two PCs from parts, hid them in ceiling, connected to the state's network and did cybershenanigans

ElReg!comments!Pierre

Re: 2 PC's what?

PCs, but b's and c's was what I was told. Apostrophe only acceptable when absolutely necessary to avoid confusion, young lad! But perhaps your teachers were not as snob.

ElReg!comments!Pierre

2 PC's what?

So, they hire greengrocers as PR people now?

I should of none anywho, 'uge savings there, the 'ugest.

US border cops must get warrants to search citizens' gadgets – draft bipartisan law emerges

ElReg!comments!Pierre

TL;DR

Should you ever get in trouble with the US administration while being a foreigner, IMMEDIATELY seek advice from your embassy or consulate. US constitutional protections DO NOT apply to you.

ElReg!comments!Pierre
FAIL

Re: Can you say

" Constitutional rights apply regardless of citizenship, and are based entirely on your physical presence in the United States."

Of course not. As a non-US-citizen with very frequent stays in the US the distinction was frequently and unequivocally made to me by the US administration. There are very explicit provisions to exclude non-US-citizens from any and all protections granted by the US "constitution". These only apply to US citizens. If you don't have a US passport, you're free game. It it very well documented and part of the official guidelines. I checked. Several times. With people who actually know what they're talking about. There is, explicitly, no "right of the land" in these matters. To some extent even official permanent residents are considered aliens upon re-entry.

ElReg!comments!Pierre

Re: Another political 'feel-good' move

"On paper it sounds good"

Well, it's only a move to avoid a major backlash. Shielding citizens from the nonsensical demands aimed a furiners. (Seriously, online banking passwords? Prettty good reason to not consider going to the U, S and A ever again!)

Researchers sink scalpel into Lazarus crew. Yup. Autopsy shows distinct hacker tradecraft

ElReg!comments!Pierre

Interesting choice of targets

Is it related to different security standards, different investigatory power, or what?

Also Norks, yeah right, sure, if you say so, it's not like crooks could redirect multiple times, or anyone has an axe to grind... what difference does it make anyway? I don't see anyone nuking Nigeria from orbit over 419 scams.

WikiLeaks exposes CIA anti-forensics tool that makes Uncle Sam seem fluent in enemy tongues

ElReg!comments!Pierre

Funny that

Certainly puts into perspective all these claims of "ennemy nation-state-sponsored" attempts to destroy the Free World (TM). All claims based on "some comments in the code in [Chinese/Korean/Russian]"

Heh.

UK digital minister Matt Hancock praises 'crucial role' of encryption

ElReg!comments!Pierre

Re: Can do. But shouldn't?

Well, your solution can't fit their bill, as everyone would need to have the "master key" (every government, that is), so we're in the case of the TSA-approved luggage: it's not strong encryption at all anymore.

ElReg!comments!Pierre

I think they genuinely don't see the problem.

I don't think they even see the incompatibility between "strong encryption is necessary" and "we can't have encrypted comms that we can't crack". For them it's just a matter of a very strong safe (secure encryption) for which they get a copy of the key. They honestly don't see why this is not possible. Perhaps someone can explain it to them, using a slightly more appropriate metaphor, for example the "TSA-approved" luggage locks which means everyone and their cousin is able to rummage through your stuff at will, completely negating the usefulness of having a lock in the fist place.

That 'Trump lawyers threaten teen over kitten website' yarn is Fakey Fakey McFake Fakeface

ElReg!comments!Pierre
Facepalm

Re: It's fake news folks.

> Even the Hollywood Reporter is questioning the story.

So if EVEN THR is questionning the story (based solely on the rebuttal from Trump Co's head shark, also mentionned by pretty much every source), then that's sorted. Fake news it is then. Because the Hollywood Reporter is a paramount of unbiased, investigative journalism. I also heard that Springfield News has expressed doubts. Unfortunately I can't post a link to the story as the journal consists entirely of 2 photocopied pages distributed in the neighbourhood by owner, editor-in-chief, and columnist Leonard "Lenny" Rump IV, whenever he is sober enough to find the keys for his truck (which, we learn by reading the editorials, may or may not be hidden by his wife on occasion, the bitch; proof that he should use the belt -the heavy one, with the eagle buckle- more often).

It's not even like it's a big issue, corporate landsharks send this kind of letters by the hundred every day, just in case. That is very litterally what they are paid for.

ElReg!comments!Pierre

Re: It's fake news folks.

When I kindly ask ICANN, they always end the reply with this disclaimer (their caps): "LACK OF A DOMAIN RECORD IN THE WHOIS DATABASE DOES NOT INDICATE DOMAIN AVAILABILITY"

In other words, when the info is present it's more or less reliable, but absence of data does not indicate absence of registration, imminence of a zombie alien Elvis invasion, or ongoing communist conspiracy.

ElReg!comments!Pierre

Re: It's fake news folks.

> How could Lucy change the name from trumpscratch to kittenfeed? Going back in time perhaps.

Or transferring the content from trumpscratch to kittenfeed, one of her domains previously hosting a game in which you feed a kitten? Oh, the wonders of advanced technology!

'Sorry, I've forgotten my decryption password' is contempt of court, pal – US appeal judges

ElReg!comments!Pierre

Re: Comparing real and virtual world

" One hopes that all those supporters will be firm in their views if they end up a victim and the perpetrators walk free because critical evidence was digital and the passwords would not be revealed. "

One hopes the proponent of the opposite approach will remember any and all of their passwords, including the 20-yo ones, should they be involved in a spurrious lawsuit some day.

Effort to fire Euro Patent Office president beaten back – again

ElReg!comments!Pierre
Trollface

Re: Not taken for granted

It even feels like the USPO may grant more patent than it receives applications!

BOFH: Don't back up in anger

ElReg!comments!Pierre

Nice but...

Nice as always, but honestly I was expecting the "antacid' to be some rhinoceros-dosed laxative...

Naming computers endangers privacy, say 'Net standards boffins

ElReg!comments!Pierre

Re: privacy still hasn't caught on

> It seems a bit risky to use private information in a name that's intended to be broadcast, locally or otherwise.

Exactly, that's why NOT naming your computers is a privacy risk. By default MS' and Apple's OSes will name your computer by the account name you give them, which is most likely your name. If, however, you name your computers yourself, you can make sure that the name is not leaking private data. My computers are named Myosotis, Aubepine, Begonia, and so on. I think it's pretty safe, unless miscreants decide to smuggle malware in my next pruning shears!

UK Home Office warns tech staff not to tweet negative Donald Trump posts

ElReg!comments!Pierre

Re: Yes, good idea

It's simpler than that. On official accounts, what is posted must be the official view of the organization. Private accounts should not mention the org. If you work for Boeing and post "I work for Boeing, and frankly Airbus makes safer planes", you'd expect some flak from higher up, too.

FBI boss: 'Memories are not absolutely private in America'

ElReg!comments!Pierre

Re: A real policeman once said

Yeah, clearly it's time to bring "enhanced" witness interrogation techniques to the courtrooms!

User lubed PC with butter, because pressing a button didn't work

ElReg!comments!Pierre

Nah, the like of scribus or reportlab are for financial calculation and the occasional graph. MSPaint is for database administration, and I generally find Firefox is pretty good at molecular structure modelling...

Lawyer defending arson suspect flees court with pants on fire

ElReg!comments!Pierre

"not part of his defence strategy"?

I find it a bit hard to believe. It's a bit too convenient that faulty e-cig batteries were claimed to be the cause of both the car's and the trousers' ignition.

MAC randomization: A massive failure that leaves iPhones, Android mobes open to tracking

ElReg!comments!Pierre

Re: Surely the 4G/Simm provides good tracking anyway?

> granularity

> the mobile broadband info is held by the phone company.

technically you can set up private "phone" cells all over the place and track your customers with much more accuracy (within a few square centimeters) than any WiFi would allow you to -and without having to bribe the cell phone company-, through triangulation. It's a tad more expensive than using WiFi tracking, and the increased accuracy is not needed by most, so marketters tend to use WiFi tracking instead (as the "free WiFi" is often seen as a bonus by unsuspecting marks anyway). But Cell tracking is both more granular and harder to escape thant WiFi.

ElReg!comments!Pierre

Re: off

There's something else. People who wander around with the WiFi on at all time usually do so because they have tracking-oriented apps running at all times (Pokemon Go, foursquare equivalents, "OMG look at that dump I just took" apps like twitter etc).

So really, the network-level tracking is only useful for the most mundane of applications, like "do people stop longer in the dairy section when we put a scantily-clad luscious student paid half minimum wage to have them sample the products", and all that sort of mischief. "They" are already using CCTV for that, too.

Not that it's a good thing, mind, but if you're going to wander around with an always-connected device, there's no technical way to avoid being tracked to some extent. That's how the network connectivity is brought to you to begin with. Packets have to have a way of reaching your handset.

1.37bn records from somewhere to leak on Monday

ElReg!comments!Pierre

Re: Interesting

A spam outfit, apparently.

https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire

Which means a password change won't be necessary. Credit protection, on the other hand...

Linus Torvalds lashes devs who 'screw all the rules and processes' and send him 'crap'

ElReg!comments!Pierre

> Sounds like these people did not do a single test or had some ultra weird setup requiring vague modules,api to build right.

That certainly rings a bell. *cough* *cough* systemd *cough* cough*

Ad men hope blocking has stalled as sites guilt users into switching off

ElReg!comments!Pierre

Re: You can remove my adblocker

TBH I don' care much about ads, but I most often don't see them anyway. Just because they are usually reliant on javascript, and I sure as hell remove _THAT_ from most of my browsing. I work on limited resource most of the time, and, perhaps unsurprisingly, I don' fancy the idea of a few webpages sucking up most of my hardware capabilities for what is barely more than displaying some text. In fact if it wasn't for silly websites insisting that you must install all the latest, fashionable, untested security holes known as "browser plugins", I would do most of my browsing in w3m, links or the like.

White-knight investors or capitalist cannibals? VIEX vexes Quantum

ElReg!comments!Pierre

most probable strategies...

... involve a significant shedding of staff, which is bound to increase short term share price (possibly shortly before the complete collapse of the company due to the loss of core competencies, as a lot of companies exchanging experienced staff for underpaid monkeys have experienced...)

We don't want to alarm you, but PostScript makes your printer an attack vector

ElReg!comments!Pierre

"Take your printers off the web"?

Hardly. If anything, the research shows you should PUT your printer on the web, with proper auth/access control. The attack vector here is NOT the printer but the personnal computer (mis)used as the print server.

Twas the week before Xmas ... not a creature was stirring – except Microsoft admitting its Windows 10 upgrade pop-up went 'too far'

ElReg!comments!Pierre

Re: It's called OS X

I'll have an ounce of whatever it is you've been smoking.

Snapchat coding error nearly destroys all of time for the internet

ElReg!comments!Pierre

Re: pool.ntp.org

> Over 99% of web users have Javascript enabled

General idiocy notwithstanding, we're talking infrastructure here, not end user. All the machines involved are headless servers.

ElReg!comments!Pierre

Re: pool.ntp.org

> Javascript is built into your browser. What's wrong with that?

When admin'ing servers over ssh my browser of choice is w3m (but I've been using Links, sometimes). What's wrong with you?

ElReg!comments!Pierre

Re: pool.ntp.org

Either you know of a web browser that can render JS (bleh) over ssh or you did not read my post. If the former, I don't want to know about it.

ElReg!comments!Pierre

pool.ntp.org

With a project of this nature, and a rather plain-looking websit (as should be, content over form etc), surely the registering page would be using old-school, tried and true, "barebone" forms, and not some stupid JS, Shirley. If only to allow wanabee volunteers to register their server from the server itself over ssh, as part of the setup process. Well, guess again...

"Javascript is required to login."

Yeah right. How do you you spell "right after I see Stan buying cross-country skis" in JS?

ElReg!comments!Pierre

layers, strata (Re: Could this explain why)

By "layer" I obviously meant "stratum", i.e. network distance from a physical time-tracking device. Just now realised that the "layer" term could cause confusion with the OSI layers.

ElReg!comments!Pierre

Re: Could this explain why

> How hard is it to run one of these?

Not at all. Easier than FTP for example, easier than any but the most basic static webserver too. Basically install ntpd, configure it with 4-7 local time servers (if you can edit a text file, easy peasy ; the hardest part may be to look up 4-7 local time servers, but the NTP pool page has a nice list of these on the setup help page), and of course declare your server to the pool so that it can actually be used by others.

You do need a static adress, or at least one that doesn't change more than once a year, and an always-on server, but that's not really a concern for most Reg readers I would think. The pool website does say that layer is unimportant (even layer 4 servers can join the fun!) but I won't be doing that for mine, for personal preferences.

Optionally you may want to redirect the port 80 traffic (web traffic) to the main website to redirect misled visitors, but I will be having a local page instead (with a link to the main website, but also a photo of the server an fun facts about the raspberry Pi).

Apparently the traffic you can expect is barely above the noise from hole-pokers and webcrawlers that keep hitting on anything net-connected these days.

ElReg!comments!Pierre

Oh well, I s'pose I could thow a RasPi zero at it... not IPv6 unfortunately, as my home ISP doesn't support it and running it at work would require no end of administrative paperwork, probably for most of 2017, if it is even approved at all.

Did webcam 'performer' offer support chap payment in kind?

ElReg!comments!Pierre

Re: At a FE college...

"I only read it for the articles, honest. Actually I read in on links/lynx/w3m"

Actually good old Usenet still has very active (and quite steamy) non-binary groups, with less-than-SFW stories sometimes several thousand lines long... allegedly. My teenage son told me about it, yadda yadda yadda

Softcat centrefolds wrap up for charity

ElReg!comments!Pierre

I work in a team of mostly under-fifties, most of them relatively fit (the older the fitter, actually) and I ain't no prude, but I still prefer we keep our group meetings somewhat rag-covered. Our cloth-covered chairs are dirty enough as they are, for starters. In Softcat's case, it's more coercion than enticement: "pony up or we stay in the buff!".

Oracle exec quits over co-CEO Safra Catz's promise to assist Trump

ElReg!comments!Pierre

Re: aw, what will we do now?

> Therefore, SS can't be dismantled because it's not goverment money, it's citizens money.

In France it's citizens' money too, but it IS indeed being dismantled, which was made possible by an annexation of its budget to the State budget and the subsequent pilfering to fund, among other things, oversea wars or the current gang's friends' businesses.

Brussels cunning plan to save the EU: No more Cookie Popups

ElReg!comments!Pierre

Love the EU again?

TBH most of the flak (and perhaps a major cause for Brexit) stems from the feeling that all powers now reside in Brussels, in the hands of unelected bureaucrats (the Comission; because the so-called Parliament has only a consultative role if memory serves).

That feeling is reinforced by national politicians hiding behind the "it's not me it's the EU" mantra almost everytime they pass an unpopular law. Plus they seem to go out of their way to look like total chumps anyway, ridiculing the whole democratic process (the last point perhaps explaining The Donald, too: when they all act like unfaithful chumps, why not vote for the chumpiest of them all, after all?)

Christmas cheer for KCL staffers with gift of extra holiday after IT disaster

ElReg!comments!Pierre
FAIL

Re: Too little

Exactly. especially for the poor souls who lost data but have non-extendable deadlines, and will have scrapped their holidays for the next year or three to make up for the loss. Yeah, 2 more days that they will be unable to take! Jolly indeed.

London's Winter Wonderland URGENTLY seeks Windows 10 desk support

ElReg!comments!Pierre

Cut the snark, it's a perfectly good job

Only slightly less gratifying and desirable than dogshit handpicker, or vomit strawsnorter for example.

TalkTalk hacker gets iPhone taken away by Norwich Youth Court

ElReg!comments!Pierre

Re: Ridiculous

> Just think, one of those could have been your vulnerable elderly grandparents.

When you're wrong on the principle, bring in the affect factor.

ElReg!comments!Pierre

> Which does raise the question, if he is a criminal for doing this why aren't Google's Project Zero team?

Two answers, one philosophical and one practical:

- they shouldn't, as increasing awareness about security is a Good Deed

- the Chocolate Factory has pockets deep enough to sue TT -or pretty much anyone, save a few Big Ones-into oblivion, should the need arise, and execs around the world do know that

ElReg!comments!Pierre
Meh

Running a security scanner on a public website ain't no offence. Publishing the results for all to see is maybe a bit ungentlemanly, but hardly a major crime, especially given that had he told TT in advance, they would not have fixed the flaws (and probably would have come for him all guns blazings regardless. Lawyers are cheaper than good security these days). Actually there's a serious chance that the data pilfering happened independently, only this young'un got caught and the real criminals got away... the tool used is hardly difficult to come by.

Throw the book at him so that he learns that sec testing is a crime and get accointed with real crims? Is that really what should have happened? Maybe he should have been ordered to help TT fix they stuff, but given that all he did was use a readily available tool on a public website, I doubt he has the gorm to fully understand, let alone fix, the vulns. With a minor penalty for his minor misdemeanor, he might wish to further dig into these matters, and, why not, use his powers for good. It's not like the world is crumbling under the weight of able infosec people.

ElReg!comments!Pierre

Re: Ridiculous

I think it's a remarkably appropriate sentence. He only used a security scanner on a website and published the result. In itself not a very nice conduct, but if someone is to blame for loss of life because of stress (seriously?), it would mostly be the ISP's (lack of) security.

Trump's 140 characters on F-35 wipes $2bn off Lockheed Martin

ElReg!comments!Pierre

I read that the F35 got its ass kicked by the Rafale in a joint demo in the middle east, too. Superiority plane, well, if the weather is fair and the enemy has nothing able to take off!

So. A new tech upstart wants 'feedback'. Um, maybe it actually does

ElReg!comments!Pierre
Coat

"My approach to dealing with vendors will – must – change."

More inclined towards change, I see. Does that means you'll make systemd your go-to init ?

Mine is the Devuan-branded one.

Take that, creationists: Boffins witness birth of new species in the lab

ElReg!comments!Pierre

Re: Get with the program!

> Do not attempt to google Paris Hilton's handbag ornament at work.

Could be worst. "paris hilton donkey breeding" for example. (not that I tried, mind)

ElReg!comments!Pierre
Headmaster

Re: Get with the program!

> A "Liger" is a cross between a Lion and Tiger, right? Which would show that they're pretty closely related, enough to cross-breed viably (sorry I don't know whether their offspring can continue breeding or are sterile).

Sterile. Actually the lion belongs to the genus Canis, not Felis, so not only are tigers and lions not the same species, they are actually quite distant. The lion is closer to Paris H's handbag ornament than to the tiger, surprising as it may seem.

You'll note that horses and donkeys can have offsprings (sterile, too) despite being from 2 different genus too.