Insecure by default
ElasticSearch, SOLR, redis, MongoDB, probably many more.. - too many products ship with OOTB settings as insecure. Try that with any traditional database like postgres or mariadb, you have to do things to make them insecure.
Posts by Tom 38
4344 publicly visible posts • joined 21 Jul 2009
Page:
It's Shodan embarrassing: Red-faced Rubrik blames public-facing DB on developer ballsup
While US fires criminal charges at Huawei, UK tells legislators not to worry, everything's fine
Wednesday 30th January 2019 14:54 GMT
Re: Unparalelled
Doesn't unparalelled mean not parallel, I.e. we aren't going in the same direction?
Part 1, Yes.
Part 2, No.
Words have multiple meanings. Parallel has meaning relating to position, in which it means the distance between two lines is equal throughout their length, and it has a meaning relating to similarity, in which it means things that are happening at the same time, or are comparable to each other.
Unparalleled solely refers to the second meaning, referring to a thing that is so superior as to not have another thing that is comparable to the first thing.
You like JavaScript! You really like it! Scripting lingo tops dev survey of programming languages
Apple: You can't sue us for slowing down your iPhones because you, er, invited us into, uh, your home... we can explain
NASA's Opportunity rover celebrates 15 years on Mars – by staying as dead as a doornail
Monday 28th January 2019 14:23 GMT
source? or 'fake news'?
A book by Cliff Sims, a former Trump White House communication official:
In his new book Team of Vipers, former Trump communications official Cliff Sims said that he was with the president on April 24, 2017 when Trump called astronaut Peggy Whitson for setting a new record for spending the most amount of time in space. Everything went well until Trump started asking Whitson about Mars and how soon humans could get there, according to the book, which was earlier reported on by Intelligencer. Whitson responded by referring to Trump’s own directive in a bill outlining a trip to Mars, saying that a human flight wouldn’t happen until the 2030s.
“Well, I think we want to do it in my first term or at worst in my second term,” Trump said, according to Sims. “So I think we’ll have to speed that up a little bit.”
Next, Sims said Trump brought up the issue with NASA administrator Robert Lightfoot Jr. Trump told Lightfoot that he wanted to go to Mars by the end of his Presidential term. Lightfoot was then forced to discuss how difficult it is to go to Mars and all the challenges the U.S. would face in doing it. Trump wasn’t done, according to Sims.
“But what if I gave you all the money you could ever need to do it?” Trump asked, according to Sims. “What if we sent NASA’s budget through the roof, but focused entirely on that instead of whatever else you’re doing now. Could it work then?”
(Also as witnessed by NY Times)
Six Flags fingerprinted my son without consent, says mom. Y'know, this biometric case has teeth, say state supremes...
Users fail to squeak through basic computer skills test. Well, it was the '90s
Straight outta Blighty: Readers, if you were a tech billionaire, what would you do?
Hardworking Americans keep busy during the government shutdown driving up smut traffic
Q. China just landed on its far side, the US woz there 50 years ago – now Europe wants to mine it? A. It's the Moon
UK.gov plans £2,500 fines for kids flying toy drones within 3 MILES of airports
Tuesday 22nd January 2019 16:08 GMT
Re: Droning on
There WAS videos, but probably numbered as much as the amount of fingers on one hand, which is strange with an airport full of people with recordable equipment
Airports are fucking big. All the punters are in small terminal buildings set back from the 3.3km runway. How many people do you think are within 100m of the end of the runway? How far away do you think you can record a small drone from?
Not saying there was or wasn't a drone, but the idea that there are tens of thousands of witnesses all over the airport with equipment capable of recording it that would have recorded it if were there is gibberish.
Clone your own Prince Phil, says eBay seller hawking debris left over from royal car crash
Amazon shareholders revolt on Rekognition, Nvidia opens robotics lab, and hot AI chips on Google Cloud
Monday 21st January 2019 13:17 GMT
Re: Interesting shareholder attitude
%age ownership of shares doesn't mean anything when you have different classes of shares. Bezos may only have 16% of shares, but he controls ...
I'm totally wrong, he owns class A shares like everyone else. He's in control because he does so well running it. I have a little respect for that. Counter that to Alphabet, where Page, Brin and Schmidt own 13% of the shares combined but >50% of the voting rights.
Looming EU copyright rules – tackling Google news article scraping, installing upload filters – under fire from all sides
Monday 21st January 2019 13:08 GMT
Re: Fair Use
Fair use wouldn't cover use of music clips or news stories, for it to be fair dealing it has to cover one of a few very specific categories (research/private study, instruction or examination, criticism or review, news reporting, incidental inclusion, accessibility for visual impairment, parody or pastiche).
News reporting has to be about reporting the news, not collating content as an aggregator. Google News doesn't provide any news reporting beyond repeating others news coverage. Videos using music clips to provide a soundtrack, even if they don't use an entire song and only use a snippet of it, is not fair dealing.
For instance, I watched a video on YT the other day called Top 30 Unexpected Thug Life Moments. It's a series of home videos, TV shows or sports coverage where there is "thug life". Each "moment" used a different rap song snippet to amusingly soundtrack that section. None of the video segments, nor the songs chosen to soundtrack would be covered under fair dealing to claim as fair use.
Are you sure your disc drive has stopped rotating, or are you just ignoring the messages?
Having AI assistants ruling our future lives? That's so sad. Alexa play Despacito
Thursday 17th January 2019 10:56 GMT
Re: OTT
FWIW the local craft beer bar has flow control pumps for serving, er, precisely 200, 300 or 500 ml.
I find it ironic that a craft beer dispenser is dispensing with the craft of dispensing beer. Admittedly, its been a while since I dispensed beer for a living, but most of my regulars had preferences about how their beer was pulled :)
Huawei’s elusive Mr Ren: We’re just a 'sesame seed' in a superpower spat
Thursday 17th January 2019 13:28 GMT
Re: Nothing like the smell of ethics first thing in the morning.
Like US industry in C18 ripping off UK textile mill patents, it's cool when "our" side does it, but when someone else does it, its the worse thing ever.
$24m in fun bux stolen from crypto-mogul. Now he fires off huge fraud charge. Like, RICO, say?
Thursday 17th January 2019 10:05 GMT
Re: Isnt this what hardware wallets are for.
2FA using SMS has been known and reported to be insecure for some time now - long enough even for NIST to recommend not using it.
Generic TOTP authenticators are available for every smartphone OS, if you use 2FA SMS for any reason you should stop.
If at first, second, third... fourth time you don't succeed, you're Apple: Another appeal lost in $440m net patent war
While Windows 7 wobbled, AI continued its relentless march at Microsoft
Tuesday 15th January 2019 13:11 GMT
Tick tock
goes the python clock
Baddies linked to Iran fingered for DNS hijacking to read Middle Eastern regimes' emails
Nissan EV app password reset prompts user panic
Monday 14th January 2019 14:35 GMT
To give the benefit of doubt
I can see (slightly) valid reasons for forcing a password reset like this. If the original system stored passwords insecurely (say, unsalted md5 hash), on auditing the system you might decide not to migrate the old passwords over, in case of a potential future breach that exposed passwords for users that did not log in inbetween the upgrade and the breach.
Otherwise, you would simply upgrade to the desired hashing algorithm as soon as someone logs in with their valid password.
*taps on glass* Hellooo, IRS? Anyone in? Anyone guarding taxpayers' data from crooks? Hellooo?
Brit hacker hired by Liberian telco to nobble rival now behind bars
Monday 14th January 2019 11:52 GMT
Re: "..with no consideration as to the damage it would cause"
Quote is accurate. He was hired by Cellcom to make their competitor Lonestar look bad. He hadn't anticipated that his actions would overwhelm all connections to Liberia - so not just making Lonestar look bad, but knocking everyone in Liberia out - including Cellcom.
Dozens of .gov HTTPS certs expire, webpages offline, FBI on ice, IT security slows... Yup, it's day 20 of Trump's govt shutdown
Friday 11th January 2019 12:56 GMT
Re: Comparison
Is this essentially the same to us Brits voting some nutter into power (some party that is close to the far left / far right), and then when the nutter Government tries to pass the budget which has us spending £20bn on a wall the MP's don't let the budget pass?
In the UK, a government that cannot pass its budget is no longer a government - its termed as a "Loss of supply". The government is obliged to call for a snap general election.
This is one of the key differences between the Westminster system and the presidential system. Under the presidential system, because of the fixed terms it results in deadlock, whilst in the Westminster system it results in elections.
Excuse me, sir. You can't store your things there. Those 7 gigabytes are reserved for Windows 10
Wednesday 9th January 2019 10:27 GMT
Funny. You could have installed Mint on it in about 20 minutes. I did the same thing to my daughters HP Stream and it runs like a champ.
How long did it take you to get Office365 suite running on it?
Linux is fine for me, its what I run on my laptop, desktop and home servers, but this was for the missus to do MS Office work on. Libreoffice != MS Office.
Tuesday 8th January 2019 13:34 GMT
Those 32GB eMMC devices are atrocious. My missus bought one about a year ago*, a HP stream 11 from Currys, to use as a simple lightweight device to take to meetings and so on, to read MS office documents and do minor editing, browse the web etc. After installing her Office365 sub on it, it then used all the remaining disk space to download required updates, at which point it had no space to install the updates (in fact, I had to delete things to get all the damn updates just downloaded). You can't expand the storage at all, you can't download updates to an attached external drive, you can't even use it as doorstop because its too light.
It took me about 8 hours of fiddling, uninstalling things to get enough free space to install updates, tweaking pagefile sizes. The only way this thing is usable is if you don't actually use it for anything. Only 2GB of RAM, so constantly swapping too, which didn't help matters much. Utterly unusable POS - and Currys are still selling them! After a few months of watching her struggle to use it when it was working, and at least an afternoon a week for me fixing each time it did run out of space, I bought her a proper Dell laptop.
* With no involvement from me. She insisted she didn't want to spend more than that (comes with a year of Office365) and wouldn't take it back. I wanted to take it back for a full refund on the basis that it wasn't fit for purpose, given that the sales droid guided her to this particular model and said it is what she needed.
You can blame laziness as much as greed for Apple's New Year shock
Tuesday 8th January 2019 13:50 GMT
I find iPhones exactly the opposite of 'play well'. They may do so with their ecosystem but try taking a photo and sharing it with nearby phones users in all its 20MP glory.
You mean "sharing it with nearby non iPhone users". Otherwise you'd just use either Wireless Beaming or AirDrop. As the only android user in my extended family, the benefits they get are quite clear (but then again, so is the cost).
Linux reaches the big five (point) oh
Fake 'U's! Phishing creeps use homebrew fonts as message ciphers to evade filters
You were told to clean up our systems, not delete 8,000 crucial files
Kubernetes caretaker auditions for Hoarders; takes in another open source project
Thursday 13th December 2018 19:29 GMT
Re: Why would anyone want to use any of this?
It might seem like a load of extra nonsense, but when done right, docker and k8s actually contribute greatly to software development.
docker/docker-compose allow you to run development instances in the same environment everywhere, to run on your own laptop/servers all of the stack needed to run/develop your application.
docker registries allow you to reuse images, with very little configuration required.
CI/CD allows you to automate testing and certain quality control measures to ensure quality improvements, automate the production of docker images to use in production, and ensures what gets deployed in production is what was tested
k8s allows you to manage deployment of these services, exposing the various parts of the application to each other.
It makes it much simpler to build things.
wrt to microservices, here's a concrete example. Say you want to add a feature to your web app that generate a PDF from some HTML. That's a pretty common task, and pretty straightforward - there are any number of libraries to do it, you can also just use a web browser. That's just a few weeks/months work for a competent developer. Or you could use a gotenberg docker image. Need more scalability? Update one number in one file and re-run kubectl. Want to know
Need more sophisticated controls than that? Use something managed, like BlueOcean k8s. Don't want to spend money on "stupid cloud" stuff? Run kublr and run on your own metal.
Poor people should get slower internet speeds, American ISPs tell FCC
College PRIMOS prankster wreaks havoc with sysadmin manuals
Monday 10th December 2018 11:19 GMT
BBC Bs + Econet - you could change the network id of a network connection on the fly, and if you changed it to the same id as one that a user is already logged in as and they aren't actively using it, you also inherit their session.
This lead to complex The Sting style schemes to get the lab technician to log in to his admin account in his office, and then distract him with conversation whilst accomplices switched to his id and gave disk quota upgrades to us all.
BOFH: State of a job, eh? Roll the Endless Requests for Further Information protocol
Ecuador says 'yes' to Assange 'freedom' deal, but Julian says 'nyet'
Saturday 8th December 2018 13:19 GMT
Re: Assange is a political prisoner, in the United Kingdom, end of
I meant queue, I typed queue, if I had intended to type cue I would have typed cue, if I had intended to type que, I also would have typed que. Which part of this do you not understand?
So you're just a moron then? "Cue" - a signal for something to start. "Queue" - an ordering of items. You clearly used the former meaning and the latter spelling, why are you still arguing about how clever you are?
[Edit - go on then, which of those comes first in your "queue"?
Queue the tabloid and Fauxnews muppets virtue signalling and regurgitating their echo chambers]
Marriott's Starwood hotels mega-hack: Half a BILLION guests' deets exposed over 4 years
US told to quit sharing data with human rights-violating surveillance regime. Which one, you ask? That'd be the UK
Oz lad 'fell in love with' baby meerkat, nicked it from zoo, took it out for a romantic Big Mac
Stairway to edam: Swiss bloke blasts roquefort his cheese, thinks Led Zep might make it tastier
Shift-work: Keyboards heaped in a field push North Yorks council's fly-tipping buttons
Thursday 1st November 2018 15:37 GMT
Re: Some white ones visible on the pictures
Nobody is going to fly tip IBM model M's. Firstly, the resale value is so high that only an idiot would do it.
I got my model-m from keyboardco.com ~10 years ago for £24. If you want one now (I spilt sugary milky tea over mine, and it never properly cleaned, even after going through the dishwasher, hard to use it without R,D,F or G), you're looking for easily £100 - more if its a proper one made in the 80s (the late 90s one are _definitely_ not as good).
Bought a daskeyboard 4 to replace it, also cost ~£100, nowhere near as good (keys keep repeating).
Biting the hand that feeds IT
