Posts by Stephen W Harris

Re: never use a debit card for credit ?

"many banks offer an SMS alert system which is useful to catch unauthorized payments and block the card quickly if needed."

My credit card number somehow got stolen and was used at a Domino's in Flushing (Queens) last week. I've never even been to Flushing. Because I have an app on my phone I got alerted within seconds and called the bank and got the card cancelled . I'm guessing a $19 pizza purchase was a trial purchase, so this probably prevented larger abuse.

Re: Moving keys from source to a server won't fix the problem

The typical way the authentication service works is that the _service_ makes a call to the Amazon API and retrieves a token; that token is passed back to the client. The client uses the token to talk to the API. When the token expires (1 hour later) the client talks, again, to the authentication service and requests a refreshed token.

In this way the client API ID and secret are never exposed to the end user... but it means there are some risks:

1) @ncw doesn't abuse the authentication service and steals tokens :-)

2) Someone else doesn't compromise the service and steals tokens

3) @ncw has to commit to keeping the service running forever and ever (once the authentication service goes down then rclone will no longer work).

The alternative approach of passing the ID/secret to the client at "first run" prevents these risks _but_ effectively means they are no longer secret (as mentioned; add a print statement) and will be leaked, and Amazon will eventually ban them again.

As @ncw says, the google approach of allowing each user to generate and use their own ID/secret is much better.

Re: Bored of hearing crap about IoT

UPnP is needed on IPv4 to enable incoming port forwarding because of NAT (one IP address shared amongst many devices).

With IPv6 the firewall functionality of routers _should_ default deny incoming connections, so it doesn't matter if your IoT device has a public IP address; the firewall blocks the attempt.

In theory this might lead to a UPnP6 standard ("let my IPv6 device receive connections on port 12345").

So we need to ensure two things with IPv6:

1) Firewall configured for "default deny" incoming traffic (pretty much matching IPv4 with NAT in this case). Any firewall should default to this if it's going to be called a firewall, as opposed to just being a dumb router. So this basically means consumer equipment should have IPv6 firewall capabilities.

2) UPnP6 never takes off.

Re: @Dan 55 right ..

@Hans 1 - you misread; xinetd is the standard RedHat one; the _service_ entry points to an NFS mounted executable. eg /etc/xinetd.d/myservice might have "server = /nfs/mounted/path/foobar"

Now xinetd starts before NFS is properly ready (standard RedHat systemd startup), it can't find "foobar" and so disables the service.

This only broke in RedHat 7; it worked fine for decades (and even via inetd on SunOS 4).

Re: Voodoo

A few years back I was in a hotel 4,000 miles from home. I was about to go to the bar, so stopped off at my co-workers room to collect him. He was on the phone with his wife; the TiVo had got into a reboot loop and he'd spent the last 10 minutes trying to fix it remotely. But nothing. In desparation he said to his wife, "I'm going to pass you over to Stephen; he's good at this stuff" and then paused... "Oh, it's working now!"

Sometimes just the treat of me is enough to scare devices into working, from a different continent :-)

Re: GORDON'S ALIVE

TURN!

RIGHT!

NOW!

SSL

"Almost no point in a proxy cache now."

Proxy caches are close to useless in an SSL-everywhere world, anyway. The proxy can't see the traffic content.... unless you plan on MITMing everything!

Re: Not the first and quite late to the party ...

Not OpenSource, bloody expensive, and doesn't run on my platform of choice. Three strikes!

I really should look at Lazarus again...

Re: Calling Ben Goldacre

In some parts of the US it's a legal requirement to show ID to buy boozahol regardless of age, depending on the type of store (eg a pub may have different requirements to an offie).

"I noted that there don't seem to be any Banks on the list" (@Public Citizen)

Banks have been trolled by Intellectual Vultures^WVentures for SSL/TLS in the past; see "Intellectual Ventures vs Capitol One", "Intellectual Ventures vs Chase" and so on. I believe the Chase one is still ongoing...

eg http://www.intellectualventures.com/assets_docs/Intellectual_Ventures_-_JPMorgan_Chase_Complaint_2013_1.pdf mentions 7634666 which is, basically, hardware accelerated public key encryption engine, and also 5745574 which appears to be SSL certificate authority stuff.

"that phrase delinates the distinction between fiction and fantasy."

I think any SciFi story that requires FTL would disagree with you.

"Suspension of disbelief" is the willingness of the reader/viewer/consumer to allow the story to work on its own terms.

I don't think there's _any_ SciFi that doesn't require some level of suspension. It may be minor (eg Allen Steele's near space stories) or it may be major (Star Trek, Babylon 5),

Or even your Thunderbirds; really, a rocket ship launching from the swimming pool without setting fire to the whole island? Have you seen how far back the safety area is at Kennedy Space Center? Tracey Island would be obliterated first time Thunderbird One launched.

We ignore these "errors" because they don't get in the way of the story. We deliberately suspend our notions of reality to aid in the story telling process.

And it doesn't matter the genre. If it's fiction then it requires some level of suspension of disbelief. Do you really think that any best selling book doesn't require acceptance of the universe? Even a Barbara Cartland "romantic" novel requires the acceptance of some super-stud Italian... and let's not get started on '50 shades of grey" :-)

Re: Mid-season cliff-hangers aren't new...

Yeah... just to get started

Empty Child / Doctor Dances (May 21, May 28)

Rise Of The Cybermen / Age Of Steel (May 13, 20 May)

Impossible Planet / Satan Pit (Jun 3, Jun 10)

Daleks In Manhattan / Evolution Of The Daleks (Apr 21, Apr 28)

Human Nature / Family Of Blood (May 26, Jun 2)

and so on. Plenty of two-parters in the middle of a run.

Re: Go ask New Jersey

Works well for me; I'm paying for 75Mbit/s Verizon FIOS. Here are some regular "wget" calls I make to check the speed from http://cachefly.cachefly.net/100mb.test

2015-01-20 13:50:11 (9.99 MB/s) - `/dev/null' saved [104857600/104857600]

2015-01-20 14:05:11 (10.0 MB/s) - `/dev/null' saved [104857600/104857600]

2015-01-20 14:20:12 (9.99 MB/s) - `/dev/null' saved [104857600/104857600]

2015-01-20 14:35:11 (9.99 MB/s) - `/dev/null' saved [104857600/104857600]

2015-01-20 14:50:11 (10.0 MB/s) - `/dev/null' saved [104857600/104857600]

2015-01-20 15:05:12 (9.99 MB/s) - `/dev/null' saved [104857600/104857600]

2015-01-20 15:20:11 (9.99 MB/s) - `/dev/null' saved [104857600/104857600]

Re: Do I understand this?

SSL certs are already free, from places like StartSSL; the green padlock doesn't really prove much. It's definitely not proof of identity.

Re: Some vapid netheads ...

The Clangers? They've already been on Doctor Who. "The Sea Devils"; https://www.youtube.com/watch?v=dOK1YdWalOw

Re: Did the BBC just troll people?

Google "Dr Benjamin Spock". His name was the "Spock" that people knew long before Star Trek existed, and "Mr Spock" vs "Dr Spock" was a common mistake at the time.

Re: Well...

You're confusing an expansion of a finite number with the value of the number. "PI" and "sqrt(2)" are both finite numbers (we can bound them; eg 3<PI<4) but any expansion of that number would take infinite space.

The "decimal expansion of 1/3" is infinite (0.333 recurring) but no one would claim 1/3 was infinite :-)

Re: What if ICANN goes renegade?

@Dougs, who asks "How is .london any worse than london.com, london.org and london.net? The new TLDs are stupid, but they aren't creating any new problems that didn't exist when there were only a few TLDs that any respectable organization was willing to use."

Without an organisation controlling the global namespace you will get fragmentation. My .london may be different to your .london; goes to different places or doesn't go anywhere at all. You'll end up with handful of distinct and separate name spaces.

At least, today, london.com goes to the same place for everyone.

Re: There's no spare parts shop on Mars

Amazon Prime... whadya mean the Bezos drone doesn't go that far?

Re: 1775Sec

5 minutes is only 300Sec; these guys are greedy and want almost a whole half hour.

Re: Cricket bats versus baseball bats

The rules of cricket say "the ball" has to cross the boundary, not part of it. Thus the whole PM needs to cross. If the ball splits in half then the umpire must signal a dead ball. If the PM splits in half then the PM is declared DOA at the hospital.

Re: Facebook has a real name culture

The Naming of Cats is a difficult matter,

It isn't just one of your holiday games;

You may think at first I'm as mad as a hatter

When I tell you, a cat must have THREE DIFFERENT NAMES.

First of all, there's the name that the family use daily,

Such as Peter, Augustus, Alonzo or James,

Such as Victor or Jonathan, George or Bill Bailey—

All of them sensible everyday names.

There are fancier names if you think they sound sweeter,

Some for the gentlemen, some for the dames:

Such as Plato, Admetus, Electra, Demeter—

But all of them sensible everyday names.

But I tell you, a cat needs a name that's particular,

A name that's peculiar, and more dignified,

Else how can he keep up his tail perpendicular,

Or spread out his whiskers, or cherish his pride?

Of names of this kind, I can give you a quorum,

Such as Munkustrap, Quaxo, or Coricopat,

Such as Bombalurina, or else Jellylorum-

Names that never belong to more than one cat.

But above and beyond there's still one name left over,

And that is the name that you never will guess;

The name that no human research can discover—

But THE CAT HIMSELF KNOWS, and will never confess.

When you notice a cat in profound meditation,

The reason, I tell you, is always the same:

His mind is engaged in a rapt contemplation

Of the thought, of the thought, of the thought of his name:

His ineffable effable

Effanineffable

Deep and inscrutable singular Name.

- TS Elliot "The Naming Of Cats"