nav search
Data Center Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

* Posts by Mr Flibble

135 posts • joined 15 Jan 2013

Page:

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

Mr Flibble

Re: If these news came before xmas...

It did.

It's just that people were being fairly quiet about it all at the time, preferring to get the patches done…

8
0

Someone tell Thorpe Lane in Suffolk their internet sucks – they're still loading the page

Mr Flibble

That's… awkward to read because of the fact that your browser window was too wide.

Regardless, once you've ruled out local cabling etc., that's TalkBork's problem to fix. They're currently in the process of testing a new network, so (assuming that your problem isn't entirely between you and the cab or exchange) you should see some improvements when they roll that out for everybody.

0
0

Microsoft faces Dutch crunch over Windows 10 private data slurp

Mr Flibble
Headmaster

Re: Much a do

The word for which you're looking is “ado”.

8
0

Virgin Media admits it 'fell short' in broadband speeds ahead of lashing from BBC's Watchdog

Mr Flibble

Re: You get what you pay for

That's actually “up to” 55Mb/s and “up to” 80Mb/s respectively. Blame stupid OFCOM rules for that.

1
0

Alert: Using a web ad blocker may identify you – to advertisers

Mr Flibble
FAIL

Firefox (stock build) demands that I install and use PulseAudio if I want it to play any audio. No, not doing that.

3
0

'Windows 10 destroyed our data!' Microsoft hauled into US court

Mr Flibble
Linux

Re: @Will

Assuming that I've somehow become the owner of a computer with Windows 10 installed for the moment (har har), if that option were removed, I'd expect Micro$ith to pay for its use of my 'net connection at peak times. (Yes, it's metered and yes, the effective cost is higher during office hours.)

1
1

Inside Confide, the chat app 'secretly used by Trump aides': OpenPGP, OpenSSL, and more

Mr Flibble
Boffin

Re: So attacking the phones is the other attack vector for this stuff.

In the absence of hardened phones, I'd use ones which get regular security updates. My understanding is that this limits it to Google Nexus/Pixel and Apple. (I could well be wrong here, but somehow I doubt it.)

I should think that most of us only see the free services provided by Google (I have no experience of Apple in this respect, so I won't comment on that). I've not seen Google's business offerings; but since they cost actual money, I would expect a corresponding lack of information gathering for advertising etc.

I should mention that, for advertising, it's not the information which is sold (that would have huge ethical, not to mention legal, problems); what they sell is a service: matching up adverts to users and actually serving the adverts to those users. But keep thinking that they sell the actual info if it helps.

3
0

New SMB bug: How to crash Windows system with a 'link of death'

Mr Flibble
FAIL

Interesting… the bug was submitted to Microsoft, they ‘fixed’ it then released it anyway before applying the fix. Why not merely revert the bug or just not apply it to their code in the first place?

Or was it a bug report which was submitted and later released…

0
6

Trump decides Breitbart chair Bannon knows more about natsec than actual professionals

Mr Flibble
Mushroom

Re: We need a new icon

Unfortunately, it's only a matter of time now before this one is exactly enough…

24
0

Welcome to the Wipe House: President Trump shreds climate change, privacy, LGBT policies on WhiteHouse.gov

Mr Flibble
Trollface

The Wipe House? Do they sell bog roll there?

5
0

Linux is part of the IoT security problem, dev tells Linux conference

Mr Flibble

Re: Open source, or not

Missing the point somewhat.

Those parts which are open source, ship as source code.

Those parts which are proprietary, ship as blobs ready for linking or executing, as appropriate.

Make sure that those who choose to rebuild the software can usefully do so, i.e. don't just do a raw code dump without any hint as to how to recompile it all. Makefiles, build scripts, build requirements.

3
0

Oi! Linux users! Want some really insecure closed-source software?

Mr Flibble
Linux

Re: Gotta wonder...

On Debian, it's flashplugin-nonfree. Assuming that you have the package installed, run this:

# update-flashplugin-nonfree --install

and (at the time of writing) you'll get version 24.0.0.186.

(That said: come on, BBC, stop using Flash.)

0
0

Top tech company's IP was looted by China, so it plans to hack back

Mr Flibble
Headmaster

That's “free rein”, not “free reign”.

0
0

Standards body warned SMS 2FA is insecure and nobody listened

Mr Flibble

Re: "the statement has had virtually no impact some six months after its announcement"

AIUI, the likes of Google Authenticator don't require a 'net connection except, occasionally, to ensure time sync.

0
0

A Rowhammer ban-hammer for all, and it's all in software

Mr Flibble

Re: Solution

Memtest86 has Rowhammer tests these days. I advise running that for several hours, at least; enough time to let it complete a few runs.

3
0

Microsoft just got its Linux Foundation platinum card, becomes top level member

Mr Flibble
Devil

Re: Embrace...

  • Embrace:: choosing to support Linux-based OSes on Azure.
  • Extend: the Hyper-V client code in the kernel.
  • Extinguish: have they given up?

2
1

Security bods find Android phoning home. Home being China

Mr Flibble
Big Brother

Re: So...

If you gain root access, I would expect that you'll be able to see the files in one of the /data/app* directories. I'd not like to say for certain, though.

0
1
Mr Flibble
Pirate

Those host names currently point to 118.193.254.27.

0
0

IPv4 is OVER. Really. So quit relying on it in new protocols, sheesh

Mr Flibble

Re: Consumer routers?

I've seen some labelled “IPv6 ready”. Unforunately, that looked just a little too much like televisions labelled as “HD Ready”, and as I didn't need anything like that at the time…

(The one which I'm using isn't claimed to be IPv6-ready. I'm only actually using it as switch and AP anyway as I usually find that these things are insufficiently configurable, particularly in the firewall department.)

0
0
Mr Flibble

Consumer routers?

Last time I looked at those available via the likes of PC World (okay, sample size of one, and a few years ago), they relied on IPv4 and if they supported IPv6 at all, it was either via 6to4 gateways or instead of IPv4. Which is not much use with ISPs such as the aforementioned less-cheap more-techy one.

Has the situation changed much?

4
0

We're going to have to start making changes or the adults will do it for us

Mr Flibble
Go

“I really hate this damned machine

I wish that they would sell it.

It never does quite what I want

But only what I tell it.”

2
0
Mr Flibble
Mushroom

Re: Ok, so...

Tabs for block indentation. Spaces (after the block indent) for indentation within a multi-line statement. That way, you get the flexibility of however wide you want your tabs to be today without messing up intra-statement alignment.

Two-space indents? Been there, done that. Was useful where I used it.

Now, the pet hate: people using four spaces just because the tabs happen to look like four spaces. I normally have tabs set to every 8th column, but I will sometimes switch to every 4th. That shows quite nicely where the bad indentation is.

3
0

Euro politicians are hyping the terror threat to steal your privacy

This post has been deleted by a moderator

Linus Torvalds admits 'buggy crap' made it into Linux 4.8

Mr Flibble
Thumb Up

Re: Screw up - 'fess up

Indeed. “Eating his own dog food”.

0
0
Mr Flibble

Re: Mouse bug ?

I've seen similar behaviour. In such situations, one very good thing to do is to log the input from the offending device; in my case, it showed clearly that the mouse had some… slightly odd behaviour in that, for certain buttons, it wouldn't indicate that the button was released until it was next pressed, which (of course) immediately triggered another button press event. That one got fixed in the kernel via the HID quirks mechanism such that the kernel will generate fake release events for the affected buttons, making them effectively instant-release as far as userland is concerned.

That headset sounds like it has the same issue; and the workaround which you found was probably a key combination which sent XF86Ungrab or XF86ClearGrab or similar.

1
0

Smartphones aren't tiny PCs, but that's how we use them in the West

Mr Flibble

Re: QR codes are a great way to point people at malmare

Barcode Scanner reads the QR code and, if the content is a URL, does an HTTP GET. It'll show appropriate information, if any – target URL (in the case that a 301 or 302 response was received) or the page title. Useful, but not quite ideal (could be a large amount of data being returned).

2
0

European Patent Office palace coup bombs

Mr Flibble
Headmaster

“with the authority to reign in management”

They have authority to be monarchs within management?

2
0

Brexit: More cash for mobile operators or consumers? Pick one

Mr Flibble
FAIL

Re: UK legislation

“Letting self serving UK politicians have totally free reign”

Free rein. Why do so many people get this wrong…

2
0

Kill Flash now. Or patch these 36 vulnerabilities. Your choice

Mr Flibble

Slash BBC Flash

The BBC web site is the only good reason I have for keeping Flash around. They can't get rid of it too soon.

2
0

Crims set up fake companies to hoard and sell IPv4 addresses

Mr Flibble
Boffin

Whut? You'd actually want CGNAT? I'll take a public IPv4 address, NAT that locally (as you'd do anyway, unless you should happen to have enough!) and an IPv6 block or 65536.

Incoming traffic gets firewalled (with holes as needed); and should there be an incoming DDoS, I expect my ISP to take care of blocking it. Regarding linking a domain with an IP address ‒ well, the IP address doesn't offer that correlation. DNS does.

2
1

SpaceX winning streak meets explosive end

This post has been deleted by a moderator

Happy mode, sad mode, DevOps mode: Stop worrying and go bimodal

Mr Flibble
Trollface

Peace? I don't think so.

What is it with these hippies and sticking two fingers up at people behind them…

0
0

Google doesn’t care who makes Android phones. Or who it pisses off

Mr Flibble

Re: Galaxy S6 runs Marshmallow

Is it up to date with security patches, i.e. is the patch level showing 1 June 2016?

0
0

TalkTalk scam-scammers still scam-scamming

Mr Flibble
Trollface

Re: Just guessing

Or if you do give them access, make sure that it's to a sacrificial Windows installation. If you can fake a bank account login (false details etc.) when they ask, so much the better.

0
0

UK Home Office is creating mega database by stitching together ALL its gov records

Mr Flibble

“Next up will be your very own id number, expect it to appear on an official document soon.”

NI number?

(Why can't we use <blockquote>…)

2
0

Even in remotest Africa, Windows 10 nagware ruins your day: Update burns satellite link cash

Mr Flibble

I'm using a 'net connection for which download cost varies by time of day (and which day it is too). Were Windows 10 an issue here (it isn't, there being no machines to be updated to it) and I couldn't schedule the download for the cheapest part of the day, I'd be complaining publicly about it and billing Microsith for the extra data costs (unless I could successfully defer the download by temporarily blocking access to the update servers).

8
0

Milky Weigh: Galaxy in kg is...

Mr Flibble
Boffin

Is it safe to mention that weight is measured in Newtons and that you're all actually talking about mass?

0
0

'Windows 10 nagware: You can't click X. Make a date OR ELSE'

Mr Flibble

I'm expecting WW Ⅲ sometime this century anyway, so I don't suppose that it matters all that much. Still, hopefully I'll be proven wrong about that.

2
0

Linux 4.7rc-1 shipped

Mr Flibble

Any last-minute changesets…

… or, rather, what would otherwise have been last-minute probably got missed out. I wonder if anybody got caught out…

0
0

Android Pay debuts in UK

Mr Flibble

As I understand it, Google will only know how much you've spent and where; not what you've bought.

I'd give it a trial run myself, but since my phone's running CM13…

0
0

Malicious Android apps slip into Google Play, top third party charts

Mr Flibble
Thumb Up

CyanogenMod does have per-app options for disabling network access, accessible via Privacy Guard settings.

0
0

Popular cache Squid skids as hacker pops lid

Mr Flibble

Quoting from squid.conf:

SECURITY NOTE:

As described in CVE-2009-0801 when the Host: header alone is used to determine the destination of a request it becomes trivial for malicious scripts on remote websites to bypass browser same-origin security policy and sandboxing protections.

The cause of this is that such applets are allowed to perform their own HTTP stack, in which case the same-origin policy of the browser sandbox only verifies that the applet tries to contact the same IP as from where it was loaded at the IP level. The Host: header may be different from the connected IP and approved origin.

This new reported vulnerability sounds… rather similar, and very much related.

5
0

Google open sources Thread in bid to win IoT standards war

Mr Flibble

More standards!

(Also, “two complementary and inter-dependent parts”, unless they're saying nice things about each other…)

4
1

Blocking ads? Smaller digital publishers are smacked the hardest

Mr Flibble
FAIL

Re: Ads on phones

Full-screen, sudden, in-your-face advertising on phones with click-on-this-pixel-to-dismiss – give them feedback. Complain. Tell them that it's annoying, intrusive, hard to dismiss without accidentally clicking on it at least twice and, consequently, it's driving you away from their site.

It's not long since that I complained to The Independent about one such. I didn't bother reading the rest of the article (and I did mention that I'd given up trying to read it due to advertising) and haven't visited The Ad-Dependent's site since.

1
0

Android's security patch quagmire probed by US watchdogs

Mr Flibble

Re: Sounds like a GREAT idea!

Problem is how the device is updated – one partition each for vendor files (low-level libraries), recovery, radio, boot and system. You'd need two system partitions (Google & vendor OS) for Google themselves to be able to supply updates.

I suspect that Google will need to suspend licences for the Google Apps bundle in order to kick vendors into compliance, with suspensions being triggered when currently-supported devices are more than (say) three months out of date regarding security fixes. It'd be nice if this were, within some reasonable amount of time, extended to all devices running versions of Android which get security updates.

Regarding errors concerning a lack of storage space – older phone with separate partitions for user data (apps, app data) and user files (photographs, music, video etc.)? I've seen cases of that and… strongly encouraged upgrading to something running current Android and with plenty of space for updates for several years yet. Guessing a bit here, but 2GB total in /system and a minimum of 4GB total in /data (double that one if you're an app junkie, and I'm assuming use of SDHC for photographs etc.) should do for at least a few years, allowing for some growth in app sizes.

0
0
Mr Flibble

Re: Nexus NOT immune to this.

I'm fairly sure that whatever security fixes can be applied for older Nexus devices are being applied; though, as you've probably guessed, I don't know this for certain – I'm basing this on datestamps of factory images.

0
1

The 'new' Microsoft? I still wouldn't touch them with a barge pole

Mr Flibble

Re: The lock in Question

I'm happily avoiding Microsith for the most part. When I can't do otherwise, I'll use their stuff – in a VM if that's practical, or on borrowed hardware otherwise.

Regarding systemd and grub, well… I wonder if Red Hat have some Hat Red of the old ways. I'm still using sysvinit and lilo; and Devuan, being a mere sideways step away from Debian, is looking tempting.

13
1

Android hijack bug in detail

Mr Flibble
Headmaster

If we dissemble the inner-class “com.android.internal.telephony.Isms.Stub.Proxy”

They're clearly lying.

0
0

We will end misleading broadband adverts, thunders ASA...

Mr Flibble
Meh

Here's some more discussion about this. TL;DR – not all ISPs do line rental, not all require that your line is with them, not all provide PSTN as standard (or at all) over the line which you rent from them…

I have the distinct impression that this change is for big business by big business.

1
1

Google warned by EU

Mr Flibble

the European Commission has warned the advertising giant over imposing restrictions on Android device manufactureers and mobile network operators, and is thus in breach of EU antitrust rules.

One small problem. That says that the EC, not Google, is in breach of those rules…

0
0

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing