* Posts by Alister

4259 publicly visible posts • joined 19 May 2010

Dell-EMC Federation, stardate 11254.7: What about the storage?

Alister
Boffin

I just knew this would bring out the Star Trek Stardate geeks...

I make that April 3, 2334, Time: 23:10:19

Tor users are actively discriminated against by website operators

Alister

Re: "Most traffic is malicious" argument does not hold up

Not necessarily. It could be a co-opted IP that's ALSO being used for legitimate traffic. Or worse, spoofed. Blocking such an IP would be like throwing out the baby with the bathwater. Expect defections.

In the short term, I still don't care. if I'm getting high volume malicious traffic from an IP address - for instance as I have said, a dictionary attack on an email server, where hundreds of connections are being attempted every second, then a deny rule in the firewall stops that traffic dead, and prevents the server being overwhelmed.

It doesn't matter if it's an IP that belongs to someone's infected computer, a Tor exit node, or is spoofed, the deny rule stops the traffic hitting the server, and that's my primary objective.

Alister

Re: "Most traffic is malicious" argument does not hold up

I haven't checked the current numbers, but at one time about 85% of all e-mail was SPAM or malware-bait. By the rationale of "malicious traffic", it would have been fine to block e-mail entirely.

That's a nonsensical strawman.

What actually happens, if you administer mail servers, is you routinely block large parts of the IPv4 address space, to cut down the spam and malware. This is necessary, and normal practice for hundreds of mail server administrators.

Blocking IP addresses is roughly equivalent to using them to identify file-sharing pie-rats. They're not unique identifiers.

If you are receiving malicious traffic from a specific IP then it absolutely is a unique identifier, it's the IP the traffic is coming from. I neither know nor care whether that IP is assigned to a specific person, I just want to stop that traffic hitting my servers.

Alister

@FreeTard

So at the moment I have to work with what I've got, which means Cisco ASA firewalls on the network edge. These don't have posh IDS / IDP solutions, and using fail2ban etc at a server level means that the traffic is still impacting on the server's performance. So I block at the firewall, manually.

Alister

It is a shame that this is the case, but unfortunately, because the TOR network provides a level of anonymity, it is used quite frequently for malicious purposes. It is not a deliberate policy of active discrimination on the part of websites and CDNs - it is a purely defensive move.

As someone who manages a large number of public facing servers, if I see traffic repeatedly trying to access my servers maliciously from a given IP - dictionary attacks on mail servers, etc - I'm likely to block that traffic by IP.

I don't have the time to bother whether it might be a TOR exit node, and even if I did, if the traffic is such that it's impairing the performance of my servers, then it's going to be blocked regardless.

I also don't have time to repeatedly review these IPs, so once it's blocked, it will probably stay that way.

I don't go looking up Tor exit node IPs and blocking them deliberately, I just block malicious traffic, and I'm sure the same is true for CDNs and other Internet suppliers.

Hillary Clinton private email server probe winding up – reports

Alister

Re: Do not understand the issue

Forgot:

3/ She and her staff have allegedly repeatedly lied or misrepresented the facts about the existence and use of the private mail server, and about the content and classification of the emails sent, received and stored on the private email server.

Alister

Re: Do not understand the issue

I am British.

This appears to me to be pretty trivial, what actually is the issue?

Not sure if you are trolling, but I'll bite.

I'm British too, btw. So Americans may feel free to correct me.

The issues as I understand it are:

1/ By setting up and using a private email server, she effectively bypasses the Freedom Of Information Act (just the same as in Britain) because any requests for emails will only show those sent through the official mail system.

2/ There are very stringent rules (both in the US and the UK) about the handling of sensitive and or secret information, which include rules about what can and cannot be sent by email.

By setting up her own mail server at home, she effectively nullifies the security procedures set up to protect confidential information, and contravenes those rules.

UK biz fails to report two thirds of cyber attacks, says survey

Alister

Well, from personal experience, we tried to report an attack on one of our sites to the police, and were met with total disinterest, they wouldn't even give us a crime number, and after passing us from pillar to post over the phone we gave up trying.

So maybe the headline would be more accurate if it said "UK Biz tries and fails to report two thirds of cyber attacks"

Oh, and who the hell are Action Fraud Aware? I've just asked round the office, and nobody has ever heard of them.

I've just looked at their site, and apparently they are the National Fraud and Cyber Crime Reporting Centre.

It's a shame nobody knows about it.

We're doing SETI the wrong and long way around, say boffins

Alister

'Could you tell me your planet's albedo, sir?' said the alien, still staring levelly at the horizon as though it was doing something interesting.

'Er. No.'

'Well, I'm sorry to have to tell you, sir, that your polar ice caps are below regulation size for a planet of this category, sir.'

'Oh, dear,' said Newt. ...]

The small alien walked past the car.

'CO2 level up 0.5 percent,' it rasped, giving him a meaningful look. 'You do know you could find yourself charged with being a dominant species while under the influence of impulse-driven consumerism, don't you?'"

Schlock and .aw as Dutch net registry rebrands

Alister

What's more, later this year SIDN will offer "services"* connected with .bv, which as you all know is the top-level domain for the Norwegian dependent territory of Bouvetøya.

Umm, why? What's The Netherlands got to do with Norway?

Worldpay outs self as provider of easy-to-crack payment services

Alister

Re: Not quite as easy as that..

Well, Worldpay is now on the hook for payment fraud liability of all those terminals that have not yet been upgraded. This could get interesting.

No, they're not. You don't imagine (or perhaps you do) that Worldpay are the supplier of all the POS Terminals in the world, do you? In reality, there are hundreds of manufacturers and resellers, and lease companies where retailers buy or rent their payment systems from.

Worldpay do their best to support all these disparate devices, whilst at the same time trying to meet the latest security guidelines.

I'm sure if you were the owner of a small retail business, and Worldpay told you "oh, we're not supporting your payment system any more, you need to get a new one", you'd be really happy, wouldn't you.

Donald Trump promises 'such trouble' for Jeff Bezos and Amazon

Alister

I wonder whether Alan Sugar has thought of becoming Prime Minister?

It seems only fair for him to copy Trump, as Trump copied him.

Linux lads lambast sorry state of Skype service

Alister

Re: Huge step backwards

There should be clearly defined international open standards and software developed for voice and video over IP. None of this proprietary lock in stuff.

Um, there are. There's loads of SIP software phones available for Linux, Windows, Android and even IOS.

The trouble is, Skype managed to fool everyone into thinking that VoIP means Skype, but that's actually not true at all.

Alister

I think that's standard once an organization becomes so large that it divides into independent and competing kingdoms that only talk to each other via stilted formal channels.

You mean NetMeeting, don't you??

BT, Sky, EE, TalkTalk and Virgin to appeal website blocking ruling

Alister

Block it where? The ISP's firewalls ?

Alister

My first reaction is as everyone else has said:- why is it the ISP's job to block access to these sites.

On reflection though, if these sites are hosted in a country where the local government and law-enforcement have no interest in cooperating, how do you get these sites shut down at source?

Much as I hate to say it, I do see how asking the ISPs to ban access to these sites may be the only effective way of stopping them profiting from their fake merchandise.

Google human-like robot brushes off beating by puny human – this is how Skynet starts

Alister

Re: I can't help but think

This piece of video footage will be a key piece of evidence to show that even from their formative years, robots were mistreated by humans.

NASA boffin wants FRIKKIN LASERS to propel lightsails

Alister

Re: laser mounting

Couldn't they just mount the lasers on the rear of the craft and point them forward at the sails?

I would be interested in seeing the results of an experiment to test this.

Please get yourself a sailing dinghy, and set it afloat on calm water. Now, stand in the stern, and blow as hard as you can into the sail.

Let us know how you get on...

'Kalamazoo killer' gave Uber rides in between shooting six dead

Alister

Re: @Alister

@ Ian Michael Gumby

Oh, so it's not because he's a white Anglo-Saxon male then?

I'm sure if they tried hard enough, the authorities could find some evidence of ideological motive, they seem to have been desperate to do that for San Bernardino...

Alister

It turns out that murderers come from all backgrounds and all walks of life.

And no cries of "terrorist!!" for this incident?

How strange...

Black Monday: Office 365 down and out in Europe

Alister

Punters can access email via Outlook client or Outlook on the web, the Microsoft PR man added

Funny, I can do that for my on-premises Exchange as well. And (tempting fate) I haven't had an unplanned outage for over 3 years.

NASA stormed by 18,000 wannabe 'nauts

Alister

Re: 18,000? Just wait until the next round of hiring!!

"Oh, and you are going to bring me back? Hmmm, let me think about that part."

Don't worry, If Trump gets elected, he certainly won't let anyone from ISS back into America...

Q: How many guns to arm nine coachloads of terrorists?

Alister

A fairly standard coach seating capacity is 53 seats, so 9 of those gives you 477 terrorists.

177 + 136 + 88 + 38 comes to 439, so there will be 38 unarmed terrorists available to carry the ammo.

Why Tim Cook is wrong: A privacy advocate's view

Alister

Either way, it would appear to your correspondent that Apple screwed up when designing this device and it left open a means of attack. The judge is asking Apple to use its expertise to exploit this flaw. It's as simple as that.

As far as I am concerned, the judge is in the right here. Apple is not being ordered to create a flaw and distribute it to all devices. It is not being prevented from fixing this flaw in future devices. It is being asked to exploit a flaw that currently exists, and for the privacy-conscious this is actually a good thing.

I'm sorry Trevor, but I think you may be extrapolating too far here.

The judge has asked Apple to assist as you say, by disabling the 10-strikes-and-you're-out mechanism on the PIN, but I don't see that this means there is necessarily a flaw which allows that, it may just be wishful thinking on the part of the judge, much as the requests to provide "encryption which is breakable only by governments" which have sprung from clueless officials on both sides of the Atlantic.

China 'evacuates' 9,000 around monster radio 'scope

Alister

Re: Humans gone

Isn't Google working on WiFi-enabled caprines for remote rural communities?

Well that's a Loony idea.

Five Eyes nations must purge terrorists from the web, says Theresa May

Alister

Define Terrorist

The current governments of Europe and North America seem to have this enormous emphasis on stamping out "terrorism", but just stop to consider for a minute, who defines terrorism?

I don't think there are many people who are in any doubt that the current overseas activities of the Daesh are terrorism, and their oppression of the local populace and destruction of ancient artifacts in Syria should also be counted as such.

But as we try so hard to stamp out all terrorism on the internet, and to label all dissenting voices as terrorist, there is a danger that legitimate protests could end up being quashed as well.

Looking back to earlier times, Nelson Mandela was once considered a terrorist by most of the western world. If there had been an Internet during the time of Apartheid, would the ANC have been branded a terrorist organisation, and would any messages from Mandela and his supporters have been blocked, removed or hidden?

The IRA's stated intent was to remove British military power from Northern Ireland. The acts of the IRA and the INLA were without doubt terrorism, but their fundamental cause wasn't, and this is probably why people in the USA were happy to fund and support them, despite the British government's wishes.

If there had been an internet at the time, I wonder if websites supportive of the IRA or calling for British rule to end would have been blocked, as they blocked Gerry Adam's voice from being broadcast?

Theresa May should perhaps look back in history a bit, before she makes such sweeping statements.

Alister
Facepalm

Five Eyes nations must purge terrorists from the web, says Theresa May

Oh, Ok then Theresa, we'll get right on that...

Um, any idea how we're going to do that?

No, didn't think so.

Cybersecurity is slowing down my business, say majority of chief execs

Alister

Big cheeses cheesed off with security staff getting in the way of profit may well rid themselves of their troublesome priests

This is the problem, isn't it?

If it is perceived to be more cost effective to skimp on security, and pay the occasional fine for lost customer data as a result, then that's what a company will go for, everytime.

The only solution is to make the consequences of not having security too expensive to contemplate.

A third of Brits would cough up £300 to ransomware peddlers

Alister

"While victims are usually inclined to pay the ransom, we encourage them not to engage in such actions as it only serves to financially support the malware’s developers. Instead, coupling a security solution with minimum online vigilance could help prevent any unwanted ransomware infection.”

So he's saying, Don't pay the ransom, instead, don't get infected...

That's really not much help to those already caught, is it?

Most commentards here know better than to get caught out by a ransomware attack on their personal computers (well I hope so anyway), and take precautions against any malware.

For the rest of the population though, the chances are high that some numpty is going to click on the wrong email attachment at some point.

A glass of soda-and-lime is the straight dope for graphene

Alister

While graphene has had “wonder-material” status for a few years now, it's difficult to fabricate, because you have to deposit layers of carbon one or two atoms thick.

Um, no, if it's got more than one layer of atoms, then what you've got there is graphite.

It's only graphene if it is a single layer of atoms bonded in one dimension, as I understand it.

Ordnance Survey unfolds handy Mars map

Alister

Re: Those damn Martians....

Or do they aim their guns using Google these days?

Umm, guns... Yes... well we've got the ceremonial cannon at Windsor and the Tower...

Real artillery? No, we don't do that anymore, too expensive.

Nutanix updates its stack, not just to distract you from EMC's big day

Alister

Whenever I see the word Nutanix, for some reason I think it's a health food brand...

Virgin Atlantic co-pilot dazzled by laser

Alister

Re: Filters or just control

Because we don't have to prove wrongdoing, or intent of wrongdoing, the mere possibility that you might do wrong is enough in this country. It would also allow for stop and search on a flight paths, i.e. virtually all of London, to see if anyone has a laser pointer in their possession as soon as there is a report of one being used.

If you can come up with any legitimate reason for someone to be walking around the streets with a high-powered laser on them then I'd be interested to hear it.

Why do cockpits even have windows that can be got at from the ground? Aren't the instruments inherently better than a pilot's senses? Isn't this the kind of low tech, easily fixable hole that made 9/11 serious enough to justify invading foreign countries and shredding people's rights?

Seriously?

You sound like you want the aircraft industry to completely re-design and rebuild every aircraft, and for every pilot to be extensively re-trained just to satisfy some weird self righteous notion you have.

Boffins freeze brains, then thaw them – and they're in perfect order

Alister

Re: BTW if this works on other organs then lack of matching organs could be over

Do they still taste as good when lightly fried with a little olive oil and garlic?

You forgot the Fava beans... and a little Chianti.

Intel's Wind River preps server to deliver VMs into home routers

Alister

What's the supposed benefit?

So why would you want a power hungry x86 architecture to run a modem / router?

Firemen free chap's todger from four-ring chokehold

Alister

Application of an Ice Pack

...would, I am sure, have been less traumatic, and achieved the same effect.

Actually, thinking about it, if anyone approached my meat and two veg with a working Dremel, I'm pretty sure there would be sufficient shrinkage almost immediately.

Is tech monitoring software still worth talking about?

Alister

My armadillo needs a new shell, the old one got bash'd...

Drone-busting eagles to darken Blighty's skies?

Alister
Linux

wrong bird. You don't need eagles.

No, no, you need Penguins, definitely Penguins.

What? What do you mean they can't fly? They're a bird, aren't they?

Alister

What a brilliant idea! So in the crowded sky over an airport, they want to introduce one of the largest Birds-Of-Prey.

I can see at least 2 problems:

1/ It's a big wild bird - what happens if it gets in the way of an airliner?

2/ It's a big Bird-Of-Prey. What are the local bird populations going to do? Panic, and fly away in great flocks, probably into the path of an aircraft.

Health Secretary promises NHS £4.2bn to go 'digital'

Alister

The NHS is big enough that providers would switch over and follow the new rules even if they did kick up a stink at first. I'm really surprised how much the NHS doesn't throw it's considerable weight around.

But that's the problem,the UK government (and not just the present one but all of them since Trusts were introduced) have insisted that NHS Trusts should be as far as possible autonomous, (but with Central Government oversight) and therefore they don't have a cohesive purchasing policy, there is no functional central purchasing authority for providers to deal with.

Alister

4.2 billion could clear the debt of the NHS, it could actually pay people what they need (nurses get a pay rise) it could allow Ambulance trusts to upgrade their fleet and not rely on auxiliaries.

Whilst I agree with you main points, I'm afraid that 4.2billion is nothing like enough to get the NHS back to a fully functioning condition. Successive governments of all colours have systematically thrown away the assets needed to maintain the service in an effort to achieve "efficiency".

Unfortunately, efficiency and good patient care are not always compatible.

It may not be efficient to have lots of local hospitals with respite beds, but suddenly, when you get rid of them all, you find that the big central hospitals don't have anywhere to discharge their patients to.

It is not efficient to have lots of Ambulance stations around a rural county, but if you close them, you suddenly find it takes a long time for Ambulances to get to the patient, especially in bad weather, because the vehicles are having to travel 30 miles instead of 3.

It is not efficient to have A&E departments in local cottage hospitals, but the alternative is long journeys for every patient to distant central hospitals, and Ambulance vehicles tied up with one patient for over an hour or more, even for minor injuries.

Pah, I really shouldn't get involved in these threads, my blood pressure goes up too much.

/rant!

Bye-bye, BT: Finance director jumps ship

Alister
Headmaster

"BT will make a further announcement if and when required," it said.

Sigh.

Not even BT's press team can use English correctly anymore...

It can't be "If and when required", it can be "if required" or "as and when required"

Microsoft explanation for Visual Studio online outage leaves open questions

Alister

SQL Server 2014 memory allocation

Reading the blog here:

https://blogs.msdn.microsoft.com/bharry/2016/02/05/vs-team-services-incidents-on-feb-3-4/

It appears there is a serious bug in SQL Server 2014.

In the SQL Server 2014 query optimizer they made significant changes to the cardinality estimation. I’m sure they were improvements but not for this query. The cardinality estimation was used to estimate a memory grant for the query (SQL preallocates memory for queries to avoid spills to disk, which are big performance problems and additional memory allocations, which create the possibility for deadlocks. The cardinality estimate is an important input into the memory request).

In this query, the memory grant estimation shot up from something pretty small to 3.5GB. Given that the server only has 48GB, that meant that it could run very few of these queries before it ran out of memory, causing every query in the system to back up and, essentially, serialize. That caused a traffic jam and resulted in so many of our customer requests timing out/failing.

The ultimate resolution, for now, is that we added a hint to the query that tells the query optimizer the maximum memory grant to use for the query. It’s expressed in % of memory and, for simplicity’s sake, we set it to 1% of the memory available for this (or more on the order of 160MB). That was enough to unclog the system and allow everything to flow freely.

It is not clear from the blog whether this is a custom version of SQL Server 2014 used internally by Microsoft, or whether it is the production release. If it is the latter, then anyone running SQL Server 2014 in SQL Server 2014 compatibility mode is likely to suffer issues with massive over-allocation of memory to queries and stored procs.

Maybe El Reg can clarify this?

That's cute, Germany – China shows the world how fusion is done

Alister

During the experiment, sensors recorded the plasma's temperature at 50 million degrees Celsius (90 million degrees Fahrenheit). That's more than three times as hot as the core of the sun, which NASA estimates is a toasty 15 million degrees Celsius (27 million degrees Fahrenheit) – although the outer atmosphere of the sun is much, much hotter.

Please forgive what may be a stupid question, but why is it necessary to create temperatures hotter than the Sun's core? I would have thought that one of the goals of fusion experiments would be to create self-sustaining plasma at the lowest possible temperatures.

Is it the case that the lack of an equivalent to the gravity conditions at the Sun's core mean that we have to create higher temperatures to get the plasma to form?

Official UN panel findings on embassy-squatter released. Assange: I'm 'vindicated'

Alister

* Alleged criminal.

Not at all. For skipping bail there is no presumption of innocence, he most definitely did it.

Alister

So, the UN WGAD thinks that the UK should pay a criminal compensation because he's hiding from the law?

I can see that going well.

RSA awards 7-year infrastructure overhaul deal to Wipro

Alister

Wasn't it Wipro who were looking after Talk Talk?

Who would code a self-destruct feature into their own web browser? Oh, hello, Apple

Alister

Re: Ritual sacrifice

errors that others get don't recur when I'm there. Sheer terror on the part of the machine in question.

I have a reputation for this. Any user that calls me to look at what his machine isn't doing / is doing wrong usually finds that my standing behind them glaring at the machine makes all the errors go away...

Or maybe it's the 2lb Lump hammer I'm idly tapping on the palm of the other hand...

Alister

He has now ditched Chrome and is rediscovering Firefox, a browser he has not installed, let alone launched, for years.

Oh dear.

Sorry Alistair, but that's not going to save the goat.

NASA seeks rocketeers for annual RockOn! shindig

Alister
Facepalm

Obligatory: Ability to solder and US passport

I first parsed that as "Ability to soldier" and thought it was limited to the Armed forces...

But then I thought they were recruiting for astronaut training...