* Posts by RIBrsiq

364 publicly visible posts • joined 15 Nov 2009

Page:

VMware, Xen issue urgent patches

RIBrsiq
Trollface

Dammit, Microsoft! Can't you learn to write secure code...?

Oh, wait...

Hollywood given two months to get real about the price of piracy

RIBrsiq

I am delighted to see common sense is... well... more common than I had feared.

But this back-and-forth between old and new ways of doing something isn't new. For a nicely-presented summary of relevant history, see "Free Culture".

Windows' authentication 'flaw' exposed in detail

RIBrsiq

Right...

Can someone please wake me up when they find:

0- Something actually new.

1- Something that works from a random domain member with a regular user account. Or, worse yet, without a user account.

...?

Thank you.

PS. Note to Reg Editorial staff: Google is your friend.

PPS. Unless, of course, you were going for sure-fire click-bait. In which case: well done!

Microsoft offers Linux certification. Do not adjust your set. This is not an error

RIBrsiq
Go

So when can I sign up for my MCSE: RHCE...?

Tablet computer zoom error saw plane fly 13 hours with 46cm hole

RIBrsiq
Happy

Re: @ RIBrsiq @Turtle Typo Or Not?

"Maybe it's time to start".

I think you have an excellent point. I'll be sure to bring it up in my next discussion with me.

RIBrsiq
Thumb Up

Re: @Turtle Typo Or Not?

It's OK: I talk to myself all the time. It's perfectly normal. Or that's what I tell myself.

Admittedly, I don't do it on Internet forums... :-)

Donald Trump wants Bill Gates to 'close the Internet', Jeff Bezos to pay tax

RIBrsiq

Re: Bigger lunatic asylum needed

I have one thing to say to that:

Wonko the Sane

RIBrsiq
Trollface

Re: since when...

Didn't you know that the Internet's core router is Bill Gates' kitchen wireless AP...?

Those outages that happen every now and then? Many of them are caused by a cheap microwave oven tripping the circuit breaker.

RIBrsiq
Facepalm

The train-wreck that is the Donald Trump campaign: will it ever end?

But a serious question: if the only Republican seemingly able to win the party's nomination is a person who cannot possibly -- or so I hope -- win the national election; what then?

Obama calls out encryption in terror strategy speech

RIBrsiq

"But dogma is dogma".

In principle, yes.

But until such a time when absolute logic and reason prevail I, for one, would rather not lump all those who believe in things unseen together and fight them at once. There is a continuous spectrum of believers, and indiscriminate hostility towards them all only serves to radicalise more of the fringe cases who could otherwise at least be kept neutral.

Back on topic: While I would consider any proposals that claim otherwise, I cannot see how selective encryption is any more realistic than, say, selective road networks that would block Bad Guys from making a getaway after doing their nefarious deeds.

What should be emphasised in this context, I think, is that better communication and dissemination of ideas and their open discussion is probably exactly what would kill the likes of ISIS: their ideology does not even come close to holding up to close scrutiny, it should come as a surprise to absolutely no one sane. So the easier exposure to culture and ideas is for everyone on the planet, the harder their ilk would find it to spread their poison.

Microsoft encrypts explanation of borked Windows 10 encryption

RIBrsiq

It's possible to save the recovery password of a BitLocker volume if you already have access to it, yes.

How is this a problem...?

The alternative would be the need to migrate all the data to a new volume if you lose the recovery password of an old one and are not comfortable with the idea of not having a recovery option.

RIBrsiq
WTF?

Re: RIBsiq

@Camilla Smythe:

You seem to be writing English, but the end result unfortunately does not mean anything to me.

In any case, thank you for trying to help, earlier.

RIBrsiq
Happy

Re: Buzzword Bingo

"How many layers of encryption are there in the quote?"

None. It clearly doesn't mean anything at all.

But it's probably useful as a source of randomness, in a pinch.

RIBrsiq
Thumb Up

Seems good to me. And TrueCrypt has been very thoroughly audited.

On the other hand, if your main concern is displaying due diligence in a court of law if you ever have to, you might want to consider if you want to go through the extra effort of defending your decision to continue using a software package after its unknown developers very publicly pulled it, saying that it is not secure...

I mean, you and I know it's secure; but will the judge...?

RIBrsiq

Re: RIBsiq

@WorBlux:

Thank you for the reply. Very interesting.

Looking at the documentation, I can see why the Linux zealots were reluctant to come forward, if this is the best Linux has to offer: it's not very user-friendly, is it?

But it's good to see that someone is working on this, at least. And it *is* an uncommon usage scenario, so it would be rather low priority for anyone -- be it Microsoft, or anyone else. Here's hoping it will reach a usable state, sometime soon.

RIBrsiq

Re: Translation follows...

@captain veg

Ah! I see now. Thank you very much for taking the time to reply.

Well, you're right that the update should still not show up, based on the KB. So I would bring that to Microsoft's attention, if I were you.

As for your setup, well, it's not how I would do it. And it's probably not keeping with best practices. But I assume you have a good reason for doing it that way. After all, people don't deploy configurations that result in more work without a damned good reason!

What I would suggest is maybe a GPO to apply the required registry values to those machines you want to block GWX on. Seems simplest, and should work.

RIBrsiq

Re: Translation follows...

@captain veg:

I've read about this, but did not face it myself. I think probably because all my PCs are using Enterprise, which's not eligible for the upgrade anyway.

But I find it very interesting, so I would greatly appreciate it if you could please elaborate. In particular:

* Are the updates being received through WSUS or SCCM?

* What edition of Windows?

* Is the local user a normal, limited user?

RIBrsiq

"So, if I understand you correctly, you believe that it is OK that MicroSoft dropped the ball on this one because no other OS offers the same features?"

Fascinating! How did you arrive at that conclusion, please?

If you are referring to my asking about Linux, then I am afraid you are very much off base: I use Linux, and I would just like to know if I can use the hardware encryption capability of SEDs with Linux, is all. Do not read too deeply into what is really a very shallow question: there's only the surface layer.

RIBrsiq

Re: One way encryption

Nice theory.

Except:

* BitLocker still works. And still does FDE, just not leveraging the HW of SEDs.

* Even that works, if you upgrade from Windows 10 RTM after already enabling hardware encryption. Just make sure you never turn it off, because you wouldn't be able to turn it back on!

Anyway, it seems like a minor bug, in the larger scheme of things. Hopefully will be fixed soon because it's bloody annoying. But probably not very high on the list of priorities right now. I mean, how many people are impacted, would you imagine...? I'd guess it's not a high percentage of users!

RIBrsiq

Re: on disk encryption and (any os)

I can speak about Windows somewhat usefully, as I have been using eDrive for a while, now:

* Can be done without TPM. You just need to supply the key on a UFD. Which seems stupid, if you ask me: store the key on the boot partition encrypted with a user-supplied password, FFS! Just as Linux does it (I think).

* BitLocker is still BitLocker. IE, recovery agents in AD, etc., if you want them. So very applicable in an enterprise environment. If AD is compromised, well, that's a resume-generating event, one way or another, isn't it...? So it's nothing one needs to worry about, IMO. ;-)

Here's some more info, if you'd care to read about it. I promise it's all fascinating stuff, for the slightly-paranoid:

* What SED are: http://arstechnica.com/civis/viewtopic.php?f=11&t=1243475

* How it's done on Windows: https://helgeklein.com/blog/2015/01/how-to-enable-bitlocker-hardware-encryption-with-ssd/

* Someone tinkering with stuff on Gentoo: https://forums.gentoo.org/viewtopic-t-1001902.html

RIBrsiq

Re: Not sure I follow

Ah! Good question, actually.

An SED will optionally use a HW engine to encrypt all data written to it. But, what does that *really* mean? I mean, if the drive is completely encrypted, how do you boot from it? And where do you store the key? How, for that matter, do you pass the key to the decryption engine? Obviously you cannot store it on the drive itself! Etc., etc.

Microsoft's eDrive takes care of all this rather neatly and seamlessly, once its requirements are met. The only annoying thing, really, is the need to do a clean install of Windows to use it.

I am wondering if there's an equivalently painless process -- or a better one! -- for Linux, and I am hoping someone here will be able to help.

RIBrsiq

Thank you. I already use this on my Linux boxen.

But it's not FDE. And it's not using the SED's HW encryption.

The attraction of using HW encryption is that it has no performance impact, so it's very useful for system drive encryption -- or for any other drives that will see a lot of traffic.

RIBrsiq

This is an annoying issue for those who use FDE, yes.

But installing RTM, enabling BitLocker and then doing an in-place upgrade to 10586 works fine. No need for any gradual updating. I know, as I just did this a few days ago.

BTW: how does one turn on the equivalent functionality (FDE using HW encryption on SED) on Linux, please?

RIBrsiq

Re: Translation follows...

"You even went to the extent of working out a secret registry key to turn off our helpfulness".

Eh...? Do you think registry keys happen by themselves? A type of 'shroom, mayhap...?

Here's the relevant KB:

https://support.microsoft.com/en-us/kb/3080351

Are you the keymaster? Alternatives in a LogMeIn/LastPass universe

RIBrsiq

Re: @RIBrsiq

@OldSoCalCoder:

"Unless you've built the whole thing you don't know if it's secure".

But I have! What did you think I meant by "full control"...? ;-)

You do have an excellent point regarding the need to have different levels of security. It's the sensible thing to do, really. Or so I think. May I suggest separate password stores for different levels of security, instead of a "one password to rule them all" approach? You can of course store the lower level store passwords in the most-secure store, so you don't lose access to even the less important passwords for more than a reasonable amount of time. If your life is complex enough, you may even have a hierarchy of password stores.

As to feeling so compelled to write a comment *right*now* that you would compromise security... Well, if you feel that way about security, then my advice to you is not to work in any field where it really matters... :-D

RIBrsiq

Re: @RIBrsiq

"Even that is insufficient to demonstrate a machine is not compromised".

True enough. Perfect security is not possible. Everyone knows that who knows anything about security. But security good enough for a specific application can be designed.

As stated above, any system not under my full control, any system which's filesystem can be accessed without me present, etc. is suspect. With regular audits of the cold data to check for past infections, telltales to check for suspicious activity and so on. This is more than good enough *for*me*.

Now, does that mean nation-state intelligence services cannot access my data...? Probably not. But on the other hand, they'd only have to ask. Honestly, I'd feel a bit flattered, give them full-access and subtly highlight where my CV is stored...

As for malware in BIOSes and firmwares, I personally don't buy *that* particular yarn: if you think about it, what do said pieces of code have access to, anyway? Encrypted data in my case, that's what. Besides, where would they take it? Is it reasonable to assume the existence of code that can fit inside a few KiB of storage without impacting the functionality of the code that's supposed to already be in there and *still* be able to flawlessly subvert every single possible combination of HW and SW out there? Or even many of them? For Bob's sake, simple firmwares following a well-documented standard break on an OS upgrade! Check what happened with HyperX Predator PCIe SSDs and the Windows 10 upgrade, as an example. And let's not forget that my storage systems are several orders of magnitude faster than my already-saturated Internet connection. Or is the firmware supposed to be intelligent enough to pick only the interesting data...? I forgot; is this a firmware, or a supercomputer-on-a-chip...?

Anyway, if one decides to go down the rabbit-hole of full paranoia, where do they draw the line? How do *you* know that They cannot read/control your mind using satellites in orbit or whatever...? Got your tinfoil hat handy, have you? Or maybe it's the *tinfoil* through which they read minds!! The possibilities are endless, really, if feasibility and adherence to the laws of physics are not a concern.

RIBrsiq
Facepalm

Re: Compromised host tolerance?

So you want a password storage system that would expose only the single password you're accessing if it's accessed on a compromised system, eh...?

Well, that's rather simple to achieve, actually:

Just use a separate password store with a unique password for each password you want to store. Make sure the password store's password is more complex than the password stored.

Alternately, do not access password stores on any systems that are not known-secure.

Target settles with banks for $40m after data breach

RIBrsiq

The question, however, is:

Would it have been cheaper to do IT right...?

Sketch dev pulls out of Mac App Store, cites slow reviews, tech limitations

RIBrsiq
Trollface

Apple's cut of the money was of supreme quality, and is totally under control!

Mozilla: Five... Four... Three... Two... One... Thunderbirds are – gone

RIBrsiq

Re: Coupling?

"FFS just how much HTML or web rendering should be possible in any web client?"

Quite a lot, I would imagine.

If you meant to write "email client", on the other hand, then I wholeheartedly agree.

Who owns space? Looking at the US asteroid-mining act

RIBrsiq

Audacity

"It goes against a number of treaties and international customary law which already apply to the entire universe".

I don't know about that, really.

Maybe I've been watching/reading too much science fiction, but it seems to *me* that the only audacious thing going on is the author's assumption that any laws in existence today apply, in any meaningful sense of the word, to any part of the universe past Earth orbit... Akin to, say, a Pharaoh deeding the sun to his favourite son, etc.

NZ Uni EMC broke considered ditching EMC before SNAFU

RIBrsiq

A poor choice of phrasing on the part of the author.

I suspect the intention is that the gear could have failed while on its way out the door, if it had lasted just a bit longer. Which certainly would have been a better time for it to fail. Admittedly, any time prior to that seems just as bad for a failure of such a scale. Or so it seems to me, unless I am missing some nuances.

128GB DDR4 DIMMs have landed so double your RAM cram plan

RIBrsiq

Re: Consumer version soon please

Microsoft bashing in an article about new RAM...

The sad thing is that this being the Register I am not surprised.

The sadder thing is that it is misplaced bashing: In fact, every Windows edition after Vista has been faster on the same hardware -- including amount of system RAM -- than the one preceding it. I am not sure the trend holds with Windows 10 Build 10586 as it's so new and I haven't installed it on enough machines to draw any meaningful conclusions, but it does hold for everything else.

Back on topic: Good $deity, I want some of those modules! Which body parts do I have to sell to afford them...?

Grow up, judge tells EFF: You’re worse than a complaining child

RIBrsiq
Trollface

Who needs this new-fangled Internet thing, anyway? What good is it?

Kids these days...! Why, in my day, we'd be happy if we had a couple of cans and some string!!

Superfish 2.0: Dell ships laptops, PCs with huge internet security hole

RIBrsiq
Facepalm

Doing this kind of thing is bad.

Doing it *after* another major vendor and competitor was rightly nailed to the wall for doing pretty much the exact same thing is... well... I think Dell owes me a new BadSecurit-O-Meter.

This is why one should *always* do a complete wipe and reinstall of any new system. I don't care what anything: always wipe. Trust no one. If you can manage it, don't even trust yourself.

Yahoo! Mail! is! still! a! thing!, tries! blocking! Adblock! users!

RIBrsiq

Re: Illogical...

I think the rise of the more obtrusive ads is driven by the fact that while more benign ads would benefit the online ad industry as a whole, a more attention-grabbing ad immediately benefits the specific ad placer. At least in the short term.

Then, of course, there's an arms race, of sorts, and here we are.

Hubble finds lonely 'void galaxy' floating in cosmic nothingness

RIBrsiq
Facepalm

Re: A bit confused here...

"Presumably because you can see the stars that are in this galaxy".

Right...

My face is so red right now, you could use it as the Register's logo.

Thanks, sir.

RIBrsiq

Re: A bit confused here...

Why would anyone build telescopes of any strength at all, if the sky looks blank?

Speaking of which, I forward that this galaxy be named Krikkit.

California cops pull over Google car for driving too SLOWLY

RIBrsiq

Autonomous cars should clearly abide by all applicable rules when operating on public roads -- even during testing.

So if there is a rule saying something like "drive at least [x] MPH, if you can", then they should have been fined. Where things get complicated is if there isn't such a rule and things are left to the drivers' judgment: if the autonomous car -- or in this case Google -- "judged" that 25MPH is right, then what...?

Edge joins Explorer in bumper crop of security patches

RIBrsiq

Re: It's hard to have an original comment about the drip/dribble/stream of updates from MS/Adobe

There's no bug-free code. If you believe there is, then I have any number of bridges and famous landmarks to sell you.

printf("Hello World!");

...probably has plenty enough bugs in it. Presumably in the implementation of printf() or in other hidden code supporting it.

Next year's Windows 10 auto-upgrade is MSFT's worst idea since Vista

RIBrsiq

Re: If you're getting tired of the notifications, just disable them

@Pompous Git:

I will now be promptly getting off of your lawn in a non-threatening manner, shall I...? ;-)

I don't know what the issue you're facing might be: I have a few clients who do not want to move away from Windows 7 just yet -- after all, they just upgraded from XP, you know...? :-D -- and their machines have been behaving as they should, once the required bits have been flipped and so on. Not one machine acting up.

All I can say is: If you were an MCP, then maybe Microsoft have a point in forcing this annoying mandatory recertification on us MCSEs...

RIBrsiq

If you're getting tired of the notifications, just disable them

I think that there's no conspiracy, here. At most, there might be some misunderstanding and maybe some mistakes regarding what the best approach to keeping everyone up-to-date without aggravating them needlessly.

What there *is*, however, is a KB article addressing just these concerns voiced in this discussion:

https://support.microsoft.com/en-us/kb/3080351

Pro tip: Servers belong in dry server rooms, not wet cloakrooms

RIBrsiq

An early attempt at water-cooling, mayhap...?

US to stage F-35-versus-Warthog bake-off in 2018

RIBrsiq

"According to the original specs: 'The aircraft is designed to fly with one engine, one tail, one elevator, and half of one wing missing.', and with both of its dually redundant hydraulic systems out of action.

"Not to mention the half-a-ton of titanium armour..."

Oh, believe me, I know about the A-10. And I do love it. One favorite story:

https://en.wikipedia.org/wiki/Kim_Campbell_(pilot)

It's good to be able to survive being shot half-way to hell. But on the other hand, it is better not to be shot at in the first place.

If you think about it, it is exactly against adversaries with limited and outdated resources that the F-35 would shine: A modern army probably already has, or can come up with, ways to counter the F-35. On the other hand, someone with half-a-brain and lots of MANPADs but nothing else wouldn't be able to begin to touch something like the F-35, while they might at least be able to shoot at the A-10. And how many times would they have to get lucky before public opinion forces a pull-out...?

RIBrsiq

I quite like the A-10. And in some edge cases (IE, vs. ISIS), it is unequalled and unlikely to be equalled any time soon.

But having the capacity to deliver lots of bombs counts for very little if the plane cannot get to the battlefield in one piece. Or, for that matter, if it cannot get back out.

The kind of long-term loitering on the battlefield earlier comments seem to speak of is now, I believe, relegated to drones. Which can be deployed in larger numbers, can stay in the air longer and are, most importantly, much more disposable than an expensive fighter and its irreplaceable pilot.

As to the F-35 vs. A-10 trial, I think simply deploying AA in realistic numbers and varieties would well and truly bake the good old Warthog's goose. I can see no real need to artificially skew things, looking at things from the F-35's proponents' PoV.

Farewell to Borland C++: Embarcadero releases Delphi and C++ Builder 10

RIBrsiq

"Using left shift for multiplication is fine so long as you know whether your operand is signed or unsigned beforehand".

Very true. And can you guess what this was...? :-)

Other compilers at the time (I think I ended up switching to some GCC derivative, but I may be mistaken) produced the appropriate code.

RIBrsiq

When I used to program, back at the dawn of time shortly after Tiktaalik had taken its first tentative steps, I once tried a Borland C++ compiler or another.

It went right into the rubbish heap when it produced an IMUL for a multiplication by a constant 2.

Get whimsical and win a Western Digital Black 6TB hard drive

RIBrsiq

About time you lot invented this!

Now, if you would just kindly get on with it and discover Slood already, we can end the longest-running experiment in the history of creation...

Pure Storage's 'disingenuous' financial figures still out there

RIBrsiq

What I would like to know is this:

If the Gartner reports had under- instead of over-stated Pure's numbers, would they still not have corrected them?

Would they not at least have said something like "while we cannot disclose anything because [insert excuse], those numbers are way off and you should ignore them"...?

'Sunspots drive climate change' theory is result of ancient error

RIBrsiq

Re: Deniers?

Ah, well:

Deniers gonna deny, one might say.

Thanks to all for so effectively illustrating the situation. And even more thanks to those few voices of reason: you make me think there might still be hope... But then I read the next comment.

For what it's worth, I personally wish the deniers were right. Because their being wrong means great social upheaval and suffering for millions, if not billions, of fellow humans the vast majority of whom did nothing to cause the problem.

But I am afraid the evidence does not bode well for either my wishes or their denial. The laws of physics are poorly affected by wishful thinking.

Page: