* Posts by Alister

4259 publicly visible posts • joined 19 May 2010

Ford to build own data centre to store connected car data

Alister

see, I knew my maths was wrong. :)

I didn't honestly think they would be storing it in DRAM, either.

Alister

Cost works out at about $1m per petabyte

Well DDR3 RAM costs about £10.00 / GB at the moment (just been upgrading some servers) so if my maths is correct, £1m / Petabyte is about right, isn't it?

New plastic banknote plans now upsetting environmental campaigners

Alister

Rape!

Hertfordshire primary school girls prepare for World Robotics Champs

Alister
Coat

Re: "Henrietta Barnet School, "

If Henrietta Barnet would he be spitting hairs?

Curious minds want to know, and you don't get a more curious mind than mine...

:)

One in five mobile phones shipped abroad are phoney – report

Alister

Re: risk of lethal electrocution

In British English, electrocution is defined as injury or death caused by electric shock, so to a British English speaker, fatal electrocution or lethal electrocution is permissible.

I believe US English defines it as only death caused by electric shock - in which case your pedantry is correct.

'Trash-80' escapes the dustbin of history with new TRS-80 emulator

Alister

The first computer I bought for myself was a Video Genie 1 from Lowe Electronics in Derbyshire, which was a Chinese TRS80 Model 1 compatible device with extra expansion over the standard TRS80. I remember I had an OKI Microline 80 printer attached to it at one point.

Nuns left in limbo after phone line transfer hell

Alister

limited temporal means of communication

Awesome, is this the power of prayer?

Yes, I could have used the corrections link, but it's much more fun to take the piss...

Miss Misery on hacking Mr Robot and the Missing Sense of Fun

Alister
Thumb Up

Snorfle...

Looks like most people missed this, but I loved the subtlety.

How foolish you will look when your much-vaunted e-library is reduced to a lump of inert plastic suitable only for incineration. Kindling, in fact.

You deserve many of these, Verity. ===>

Why do GUIs jump around like a demented terrier while starting up? Am I on my own?

Alister

Pet hate

The Google search page. If I start a new tab in Firefox, the search box in Google's home page doesn't take focus, so I start typing only to look up and see a blank search box.

NASA to fire 1Gbps laser 'Wi-Fi' ... into spaaaaace

Alister

The ISS Spins round the earth...

It's fine, NASA have taken this into consideration, and they are going to build a set of railway tracks all the way round the world at latitude 22o North, which the base station will run on.

Coppers 'persistently' breach data protection laws with police tech

Alister

Re: More accurately...

@PatientOne

You are out of date.

Perhaps you should check before posting.

From the BBC website:

"The flag above the Houses of Parliament flies at half mast following an attack on Westminster that left four dead and many injured,"

eBay dumps users into insecure authentication mechanism

Alister

Re: One laugh of a security measure

Hang on, your mother's maiden name was Budgie-Mangler?

We must be related...

This AI stuff is all talk! Bots invent their own language to natter away behind humans' backs

Alister

...and the agents were forced to use their “words” more concisely, leading to the development of a larger vocabulary.

Agent1: "Pub?"

Agent2: "Yep"

Microsoft cloud TITSUP: Skype, Outlook, Xbox, OneDrive, Hotmail down

Alister

Sorry, my fault...

Despite my objections, we migrated to Office365 from on-prem Exchange last week.

It's obvious that Microsoft's infrastructure just can't cope now, we broke it...

Sorry...

Norfolk County Council sent filing cabinet filled with kids' info to a second-hand shop

Alister

The Register has contacted Norfolk County Council for comment

You'll be lucky, the response from the Council is in the bottom of a locked filing cabinet in the basement of a secondhand shop in Great Yarmouth...

US military's latest toy set: Record-breaking laser death star, er, truck

Alister
Mushroom

Re: Easy to Destroy

Just shove a torpedo potato down that thermal exhaust port muffler

That's no Moon!

El Reg, we need a Star Wars Icon

Are you undermining your web security by checking on it with the wrong tools?

Alister

Re: So, uhm...

If you (or your team) have done this, I'd be really interested to know how you manage this process etc :)

We were put in the position that the client wanted a secure environment with WAF / IPS but was too cheap to pay for it.

So we built a lash up of nginx, naxsi, and fail2ban, with munin to provide some reporting and pretty graphs, as a proxy to our apache servers. HTTPS was decrypted, read, and re-encrypted using the proper certs and ciphers.

It worked surprisingly well, although I wouldn't say it was as effective or as maintainable as a commercial appliance product would have been.

Alister

Re: So, uhm...

The main problem? Simple: you have to know what the heck you're doing. You need a basic underlying understanding of the encryption process, how to monitor network connections (I've come across too many people who had no clue how to use tcpdump or netcat for example) and interpret the results.

And that seems a bit too much for more "modern" companies, time is also money after all, so they'd rather rely on out-of-the-box ready to use gizmo's like these. Without stopping to think about possible consequences.

I think you have to bear in mind that to achieve PCI-DSS compliance, it is often much easier to use a recognised appliance rather than roll your own monitoring at the server level, most QAs I've come across like to have pretty graphs every month, rather than have to wade through log analysis reports.

I remember being met by a stunned silence when one QA asked how we had implemented IDP for HTTPS traffic, and we told him how we did it with a roll-your-own setup on an Nginx box.

Alister

Looking at some of the big names shown in the report, it really is a sorry state of affairs.

Of the 12 appliances tested, only one, from Bluecoat achieves an A rating, and the majority of the others are C or F. The Microsoft one deserves an F--- if such were possible, as it only offers SSLv2 connections, but you expect better from Barracuda, Checkpoint et al.

I shouldn't be surprised though, as we recently had to remove ECDHE ciphers from some of our servers on an e-commerce site, as the WAF didn't support them, thus weakening the whole environment's security.

BT's Openreach to hire 1,500 engineers

Alister
WTF?

"And now we have more good news – we’re now able to hire to invest in our network."

So this seems to suggest that up until last week they weren't allowed to invest in their network, or recruit staff?

It appears to be a bit strange, to me...

More Brits' IDs stolen than ever before

Alister
FAIL

Re: Where?

@dm_dv

Oh dear...

Alister

But remember, millenials, "nothing to hide, nothing to fear", so you keep posting your personal details all over social media, and using the same password for your bank account, 'cos security is just people being paranoid.

US regulator looks at Internet of Things regulation, looks away

Alister

Re: @ Alister

@ Codejunky,

Solving a problem when there is a problem is better than stopping progress.

There already is a problem with IoT, it just seems not to have reached the threshold where "OMG we'd better do something!", by which time it will be too late.

Trying to retroactively impose regulation when manufacturers are already doing their own thing is not going to work, the framework to regulate the industry needs to be in place early on.

Alister
Facepalm

The US Federal Trade Commission is holding off regulating the Internet of Things industry until there is an event which “harms consumers right now”, according to its acting head.

Because it's always better to run round like headless chickens after the event, instead of planning how to deal with it before it happens...

Brit ISP TalkTalk blocks control tool TeamViewer

Alister

Re: genuine question

Home editions of Windows don't contain the RDP server, only the client, so you can't connect to them from another machine.

Alister

Re: Well thats my family screwed

Native RDP doesn't work through NAT firewalls without port-forwarding, but the main reason is you that the Home versions of Windows don't contain the RDP Server, only the client, so whilst you can connect from them, you can't connect too them.

Alister
Coat

Re: Would have helped but

That's a bit extreme... TeamViewer isn't worth moving house for...

The future of Not Reality is a strap-on that talks to my smarting ring

Alister
Thumb Up

Thank you for your ring piece,

Mr Dabbs...

Good article.

Why, what did you think I meant?

Trump, Brexit, and Cambridge Analytica – not quite the dystopia you're looking for

Alister

Re: In the original Foundation trilogy

Except if I remember correctly, Psychohistory only worked when applied to large numbers of people, and only on those who weren't aware of it?

Iconic Land Rover Defender may make a comeback by 2019

Alister

Re: Why did people like the defender?

Well, it certainly wasn't the reliability. They break down all the time.

This is just not true, earlier Defenders (and Series Land Rovers ) will go for years without breaking down. The problem is with the more recent electronic bits, but the general mechanicals will go for ever with a bit of maintenance occasionally.

Mars orbiter FLOORS IT to avoid hitting MOON

Alister
Thumb Up

Re: "If I remember correctly, the orbits of Phobos and Deimos are quite eccentric, "

@John Smith 19

Ah, I see what you mean now.

Alister

Re: strictly speaking

Hmmm, maybe eccentric is the wrong word, if you take it to mean how circular it is.

My understanding however, is that however circular their orbit, the moons' track across the planet (is it called the orbit footprint) can change in quite a random fashion, dependant on their interaction with each other?

Alister

Re: strictly speaking

Perhaps time to do some mapping of Mars' moons to refine the models a bit more?

If I remember correctly, the orbits of Phobos and Deimos are quite eccentric, and the tidal forces between the two moons and Mars mean that predicting the exact orbital path for the moons over time is non-trivial.

Watt the f... Dim smart meters caught simply making up readings

Alister

Not just in the US

Smart meter billing problems have also been documented in the US.

And in the UK:

http://www.bbc.co.uk/news/uk-39169313

From the BBC story...

A spokesperson for the department for business, energy and industrial strategy, said: "Smart meters are a vital upgrade to Britain's energy system."

"The technology will bring an end to estimated billing, and give consumers real-time information about their energy use to enable them to make more efficient energy choices."

Hahahahahahahahahahahahaha!

RAF pilot awaits sentence for digicam-induced airliner dive

Alister

Voyager ZZ333 was returned to RAF service after exhaustive tests, including X-rays of the captain’s stick assembly and assessments of cosmic radiation measurements

With apologies to PTerry, but I saw that and thought of:

"Special offer this aeon is various measurements of paracosmic significance built into the very fabric at no extra cost"

If we must have an IoT bog roll holder, can we at least make it secure?

Alister
Coat

Re: IOT Bog Roll holder?

Anyone who would market an IoT bog roll holder is three sheets to the wind...

US military drone goes AWOL, ends up crashing into tree 623 miles away

Alister

Re: Stryker?

Nah, it's better than that, it's Ed Stryker, from S.H.A.D.O

Palmtop nostalgia is tinny music to my elephantine ears

Alister

So Dabbsy, are you Living on the Ceiling this week?

BONG! Lasers crack Big Ben frequency riddle BONG! No idea what to do with this info BONG!

Alister
Headmaster

Re: huzzah!

I'm sorry but I didn't half chuckle at the fact you said "teaching lord jobs how to say words" and then spelt archives wrong...

Oh, and are werthers ordinals some obscure mathematical unit?

Blighty floods with techies' tears as Capita boss Parker quits

Alister
Thumb Up

Re: such a diverse range of businesses

Thumbs up for Bubblegum Rhinos / Stringpersons

We found a hidden backdoor in Chinese Internet of Things devices – researchers

Alister

I'm not sure I would classify VoIP GSM Gateways as an IoT device, really, it's more a network device like a router or switch.

Dark net webmail provider Sigaint still in the, er, dark

Alister

Canary time...

If it's suddenly disappeared, suspect foul play.

Amazon's AWS S3 cloud storage evaporates: Top websites, Docker stung

Alister

Re: @Lusty

@Lusty,

You put:

The lack of any legitimate data would flag it up as a security risk. Using Telnet without encryption to connect to a TLS service is a dead givaway that it's not legit since Telnet doesn't set up the TLS before the connection.

And just how do you imagine a TLS session starts? If you are using telnet to prove or disprove connectivity exists to a host, then the initial connection attempt is all you need, and that is the same for any tcp connection, whether it be a TLS negotiation or any other protocol.

I agree with you about ping, most secured environments block ICMP traffic nowadays, however, it and traceroute are still useful for investigating latency and routing so long as you temporarily enable it on the endpoint.

Alister

@Lusty

I think you just blew any credibility you had to comment on networking subjects.

Two million recordings of families imperiled by cloud-connected toys' crappy MongoDB

Alister

People learn far more from their mistakes than successes. Sure fire the IT dept, but can bet your boots those guys/girls won't make the same mistake twice.

Except in this case, they obviously have, not once, but multiple times. Their databases have been deleted on several occasions, and replaced with warning messages, and they have had to restore the databases each time, and yet apparently, at no stage did they wonder why this was happening, or investigate ways to stop it.

NSA snoops told: Get your checkbooks and pens ready for a cyber-weapon shopping spree

Alister

Too Late?

Part of that is, no doubt, down to increased levels of security vetting involved. After all, they don't want another Snowden in the ranks.

Much too late:

https://www.theregister.co.uk/2017/02/08/us_grand_jury_indicts_harold_martin_nsa/

"Zachary Myers, an assistant US attorney with the District of Maryland, told a court last year Martin had 50TB of potentially secret and top-secret data at his home."

Also a Booz Allen Hamilton contractor, strangely...

BOFH: Elf of Safety? Orc of Admin. Pleased to meet you

Alister

Re: Reminds me

...the noise level in some server rooms...

...is NOTHING, compared to the noise from the "low environmental impact" turbofan hand dryer in the Gents'

This!

I swear, I think our hand dryer is designed to work by sonic waves, and doesn't actually have a fan in it.

Alister

Hah, brilliant!

Was not expecting that ending at all, loved it!

I was authorized to trash my employer's network, sysadmin tells court

Alister

Missing the point

An awful lot of commentards seem to be missing the point of this story.

Thomas has never disputed that what he did was wrong, and would be grounds for a civil lawsuit from his ex employer, however, he was very specifically charged with a criminal act under the following:

"intentionally causing damage without authorization , to a protected computer."

His argument is that he should not have been charged under that statute, as he was authorised to access the computer(s) in question.

As a shaky analogy, If I cause a road accident by throwing a concrete block off a bridge, and then got charged for "driving without due care and attention" I would be within my rights to appeal, as I wasn't driving at the time.

Ad men hope blocking has stalled as sites guilt users into switching off

Alister

How many swallows do you need for a summer?

African or European?