nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by DropBear

4037 posts • joined 4 Mar 2013

Phased out: IT architect plugs hole in clean-freak admin's wiring design

DropBear
Silver badge

Re: Ah... the bypass switch

Not sure about that, but it definitely was the handbook illustrating how to make a "detector" out of a Gillette blade and a graphite pencil lead...

6
0
DropBear
Silver badge
Trollface

Re: Ah... the bypass switch

Take up ham radio as a hobby, get an outdoors long-wire aerial and you have the perfect excuse to connect it through one of those lovely bakelite-handle knife switches - the old radio handbook I read as a kid swore that these used to be switched over to a grounding lead in stormy weather...

6
0

Top Euro court: No, you can't steal images from other websites (too bad a school had to be sued to confirm this little fact)

DropBear
Silver badge

Much fun to be had especially whenever there's a well known object of touristic interest and a single very obvious vantage point with a good view to photograph it from. Cue gazillion versions of the exact same picture, with a few pixels differing. All of them _technically_ distinguishable from each other, _technically_ each with its own "copyright", all of them incorporating precisely zero actual creativity. But never mind that because all that matters is "MUH RIGHTS!!!"

2
0

Internet overseer ICANN loses a THIRD time in Whois GDPR legal war

DropBear
Silver badge
Trollface

Re: "a true global politics free body created"

There is clearly only one man who can save us, who can reign in such a mismanaged shambles of an organization. He fears no man. He answers to no man. His name... is Battistelli!

4
1

Cache of the Titans: Let's take a closer look at Google's own two-factor security keys

DropBear
Silver badge

Re: Single device secret

@MJB7 I accept all your arguments as valid, except the last: I don't expect the hardware key to facilitate creation of my keys - I only want it to store them. I want to be in control of how I obtain / create my own keys, and I want them to be fully and completely independent, and I only want Yubikey to store / retrieve them. That is clearly not about to happen and thus I will clearly never use a Yubikey - but I would have no problem using the exact same protocol logging me into various places, as long as I can get some other hardware key to carry my key sets created BY WHATEVER MEANS NO BUSINESS OF THAT FUCKING HARDWARE KEY.

0
0
DropBear
Silver badge
Facepalm

My issue with Yubikey is that all your various keys for various places you log into using their token are not independent, but derivatives generated from the same single "device secret". Granted, that is supposed to stay secret and never leave the device; however, with different truly independent keys compromising one set of credentials to a specific site would do nothing to the rest of my credential sets, while this way it would compromise all of them in one go because it would mean you effectively know my one "device secret" that unlocks every login I have.

No, I have no idea how you would go about finding it out short of coercing it by physical abuse out of a device in your physical possession - but the fact remains that if you could by some means find it out, you would have a duplicate of my key opening absolutely everything mine opens.

The funny thing is, this is not even U2F's weakness - U2F does not concern itself with how or where you keep your key sets safe. It was specifically Yubico's idea for their own keys, because only ever using a single "secret" means their key can log you into an unlimited number of places while using unrelated sets of keys would obviously need storage space proportional to the number of your accounts...

1
1

'Unhackable' Bitfi crypto-currency wallet maker will be shocked to find fingernails exist

DropBear
Silver badge

Re: "Uncrackable"

Hardly fair to blame them for that considering the mind-boggling repulsion between the nucleus and any other proton you might consider using for said cracking - and that when they said that, nobody had any idea that neutrons existed...

2
0

SMS 2FA gave us sweet FA security, says Reddit: Hackers stole database backup of user account info, posts, messages

DropBear
Silver badge

Re: Should have used a hardware dongle

I would really like to know what your definition of "something you have" is, or alternatively what is in your opinion "not something you know", seeing as how even a physical lock's key (or your fingerprints) are nothing but "something you know" as soon as anyone has e.g. a suitably detailed photo of either (or the manufacturer's bitting code for that key). In that respect, modern hardware tokens are far more "uncopiable" considering their secret key is supposed to be stored inside and not retrievable. I have my own issues with them, but I'm hard pressed to think of something more "something you have" than they are, for all practical purposes...

3
0
DropBear
Silver badge
Trollface

Re: Thirteen Years of Operation...

"I'm impressed."

No need to rush that, he might still turn out to be the same guy as the sole sysadmin, in a second shift...

0
0

Now that's a dodgy Giza: Eggheads claim Great Pyramid can focus electromagnetic waves

DropBear
Silver badge
Trollface

Re: "building material with the properties of an ordinary limestone is evenly distributed"

Shhhh! It's a Yagi pyramid, but don't tell them...

13
0
DropBear
Silver badge
Facepalm

Re: Correlation, causation, and all that

Yes, well, that's the crucial bit and the only one worth remembering about the whole "study" (I think I'd prefer to investigate the scattering effects of a glass of Martini instead - well, it definitely scatters my brain...). Unfortunately, all the nutjobs will hear is "see, I told you! Glowing crystals and stuff!" instead of "stand here and you have reception, stand there and you don't - or maybe you get two bars less..."

14
0

India mulls ban on probes into anonymized data use – with GDPR-style privacy laws

DropBear
Silver badge
Childcatcher

Re: India? Good for them... I hope.

But those are the Fake News of BT! This is unacceptable! BT must be forced by law to hire thousands of prank call moderators who should weed those out in real time, as they happen! How long can we allow BT to get away claiming no responsibility like this?!? Think of the children!

2
0

Relax, Amazon workers – OpenAI-trained robo hand isn't much use (well, not right now)

DropBear
Silver badge
Trollface

"Surely gravity is a constant force?"

Maybe they were angling for a NASA / ISS-Robonaut grant...?

1
0

Pentagon 'do not buy' list says нет to Russia, 不要 to Chinese code

DropBear
Silver badge

Actually, I'm starting to wonder whether he's actually some sort of novel number station...

2
0

UK 'fake news' inquiry calls for end to tech middleman excuses, election law overhaul

DropBear
Silver badge

Re: No such animal

"Once *their* algorithm "chooses" what I see, they no longer are "neutral" - they've meddle with my newsfeed."

Not so. Specifically, not necessarily. There are huge qualitative differences between situations where "their algorithm" "chooses" to show you something a) because it's part of $entity's fiendish agenda du jour, or b) because it's most similar to other things you liked in the past or c) because its category isn't unchecked in you profile preferences. The one doing the meddling with your newsfeed is them for "a" but for "b" and "c" it's YOU (assuming it's made crystal clear for "b" that this is happening, preferably with an option to switch it off if you wish, preferably as an opt-in in the first place).

There's a wide range of greys on that scale, depending on exactly where the algorithm's criteria are coming from, and whether they're influenced by something you do, your social contacts do, thinkfluencers at the provider of the service do, or activists out to sway your judgement do - and as you may have noticed, two and four can quite possibly be inseparable in outcome if not in intent.

It is NOT the provider's job to do the hard thinking for you. Their job is only to offer you adequate controls allowing you to make your own choices and be transparent enough about what drives the clockwork to let you do that somewhat effectively. You don't need to know the complete blueprint to do that, only which input levers are engaged. Who do you trust and why is up to you, and unless your provider explicitly declares itself a full-on bona fide news agency, scrubbing the next "OMG $candidate did $vile_thing" of questionable truthfulness from your feed is not their job - it's YOURS.

0
2
DropBear
Silver badge
WTF?

Re: Why are people getting their news from from Social Media?

"I rely on el'reg [...] fair and balanced "

You forgot the joke icon. And He Who Must Not Be Named unless you want to chance your comment deleted "by you ('its author')" is merely the most well known (and least subtle) but by no means the only example.

1
0

You want to know which is the best smartphone this season? Tbh, it's tricky to tell 'em apart

DropBear
Silver badge

Re: My wishlist

Another vote for the portrait mode full qwerty. All the OP's wishes are on my list too but I would give them all up (including some more of my own) for an actual keyboard.

4
0

Sysadmin trained his offshore replacements, sat back, watched ex-employer's world burn

DropBear
Silver badge
Trollface

Re: Timing is everything

You just use Norton Commander instead. Simples! Well, okay, Volkov Commander is fine too. Yes, X-Tree Gold if we must. No...? Look, what kind of shady fly-by-night outfit are you operating here?!?

13
0

Some of you really don't want Windows 10's April 2018 update on your rigs

DropBear
Silver badge

Re: Use Linux...

"Linux isn't designed for grandma."

You seem to have forgotten mentioning the two kinds of nagging issues that Linux comes bundled with free of charge: those that will merely eat up every single moment of your spare time from now on until you either give up or die if you attempt to fix them, and those that are for all practical purposes completely unfixable by you leaving you the option to give up or wait until you die, which _will_ happen before any of them would ever get fixed. Using Linux is a perpetual swim _against_ a current that is _much_ stronger than you, where the most you can hope for is not to drown immediately - and I say that as someone who hasn't given up trying to swim. Yet.

11
34
DropBear
Silver badge

Re: Stop breaking stuff

"1920*1080 is nothing more than a basic resolution today"

Clearly not so by the makers of every single operating system ever, anywhere: they all default to UI elements and fonts that are perfectly sized on a traditional 1024x768 or so, but require a typical 125-130% zoom by whatever means on the "basic" 1920x1080 - and HiDPI is useless because it only knows how to double pixels which is ludicrously untenable on FullHD; granted, that's not what HiDPI is for, but without it stuff is so tiny I have to glue the monitor to my face to make it usable (yes, I do wear glasses - funnily enough they seem to work just fine for everything else). I'll spare you the hilarity that ensues as soon as one tampers with either font sizes or discrete DPI settings (if any) under any OS - the UI is permanently on the verge of almost working / not clipping, but never really gets there...

10
0

Nah, it won't install: The return of the ad-blocker-blocker

DropBear
Silver badge

"refusal to show complete content unless you disable the blocker first"

That's ok, if manually updating the adblocker's lists doesn't wipe the overlay away then I rip it off manually using ublock's picker, HackTheWeb or the dev tools of the browser - and if all that fails, I go away and never return. If any of it succeeds, I read what I came for and never return.

6
0

HPE supercomputer is still crunching numbers in space after 340 days

DropBear
Silver badge
Trollface

Well, one could always locate the server box at the centre of the crew water tank for shielding...

7
0

Hurrah! Boffins finally discover liquid water sloshing around on Mars

DropBear
Silver badge

Re: That conclusion seems a bit fast to me

"But we like The Register that way, right?"

Actually, no. I mostly enjoy the well-placed snark as much as the next guy, but prefer the actual information to stay as factually correct as possible. Admittedly this specific one is a very subjective example, but I for one was left with the impression of having read "ok guys, this time we found water for realsies, the matter is conclusively settled, full stop" when what the researchers wrote was merely "we found something consistent with the presence of liquid water and we have no idea what else could cause it". That's very, very far from "we found something that we know can be exclusively and only caused by presence of liquid water". And I don't appreciate needing to read the whole original source material just to untangle what the factual information I'm reading about is supposed to actually be.

23
3

Some Things just aren't meant to be (on Internet of Things networks). But we can work around that

DropBear
Silver badge

"You might as well broadcast"

Is that so? Granted, not broadcasting the SSID is not going to keep it some sort of inaccessible secret, but it will prevent your WiFi showing up in the list on a casual scan which is all you need to prevent 99.9% of all access attempts. If someone is staying put for long enough to methodically scan your neighbourhood and chance upon your smartphone connecting as you return home (as everything else will likely just stay connected 24/7) chances are you're up against a threat you can't even begin to hope to successfully counter. Yes, it won't simply magically keep you safe all by its own - but useless? Hell no.

7
3

Sorry, Neil Armstrong. Boffins say you may not have been first life-form to set foot on the Moon

DropBear
Silver badge
Trollface

Re: Simple explanation

"Plan ten from outer space"...? Nine sounds vaguely catchier but I've heard it's taken...

1
0

Here's why AI can't make a catchier tune than the worst pop song in the charts right now

DropBear
Silver badge
WTF?

Lots of people here seem to confuse catchy, original music with unremarkable, derivative tunes (of which even humans - even quite talented ones - produce a lot more than of the former) and emotionally charged personal interpretations that resonate with the listener with flat, strictly by-the-book playback (a master composer's work may be a lot less palatable played in a mechanic fashion but it is still distinctly original and a masterpiece).

I believe machines are going to need a good approximation of the human experience to produce the former kinds (for which strong AI is only a prerequisite), but I see no reason why machines couldn't produce the latter kind which is nothing but variations and mash-ups on existing material - it would still need to sound acceptable in a non-random sense and that's still a non-trivial problem, but would require exactly zero "creativity" - coincidentally about as much as mediocre human output contains.

1
0

On Android, US antitrust can go where nervous EU fears to tread

DropBear
Silver badge
Happy

It also makes marketing bridges to prospective buyers who actually live near them so much easier...

1
0

Insecure web still too prevalent: Boffins unveil HSTS wall of shame

DropBear
Silver badge
Trollface

Re: Advice from Aunty, regarding HTTP websites

maybe something like "dogdogdogcatmouse"

Passable, but for real security use a cryptid-based one instead, like "sasquatchogopogochupacabra" - I mean "crypto" is right there in the name...

0
0

ReactOS 0.4.9 release metes out stability and self-hosting, still looks like a '90s fever dream

DropBear
Silver badge

That interface looks many orders of magnitude better to me than anything offered currently, be it waving flag- or penguin-branded (not even MATE is escaping Gtk3-inflicted "improvements" not to mention notifications are still broken - for years now - even on the latest Mint). Linux distros and wine are unapologetic about not actually being windows, and whenever that matters you're left out in the cold - which is exactly what ReactOS is attempting to fix. The glacial pace is truly regrettable but other than that this was the worst possible place to break out the can bucket tank truck oil tanker of snark.

12
0

All that dust on Mars is coming from one weird giant alien structure

DropBear
Silver badge
Trollface

Re: Pyramids!

Planetary trolling: place an Ozymandias "foot" sculpture in the middle of the wasteland, with the words on it, and nothing else. Imagine archaeologists of the future rack their brains on where any other trace of this clearly magnificent ancient civilization could possibly have disappeared that thoroughly...

29
0
DropBear
Silver badge
Trollface

Re: 1993

Oh come on, Mars has _already_ got a "thin atmosphere" problem - and you want to make it even worse...? Remember, if you flip the reverse switch even trees go right back where they were so certainly dust would too...

10
0

Intel Xeon workhorses boot evil maids out of the hotel: USB-based spying thwarted by fix

DropBear
Silver badge
Trollface

Re: and in other news

Maybe they should have used the game port - it used to carry MIDI signals if I recall correctly, which should be bidirectional so there's your comms interface right there; and I suspect the intersection of hardcore retro-gaming musicians and server admins is really, really, really close to the empty set...

5
0

Sysadmin sank IBM mainframe by going one VM too deep

DropBear
Silver badge

Re: Yep been there done that

To the best of my understanding the insulated base is there to prevent touching energized pins while the plug is neither "in" nor "out" - ie. by the time the pins connect to the socket only the insulated part is supposed to be exposed.

4
0
DropBear
Silver badge

Re: Yep been there done that

If uninsulated wires or bare terminals were close enough to each other that forceful handling* was able to cause a direct short, you DID have a dodgy extension block.

*If it involved liberating chunks of plaster and wall anchors, I might come back to that statement...

9
0
DropBear
Silver badge
Trollface

Re: @Sam Liddicott

Seeing as how "#" looks like "not equal" only twice as much, the party hereby decrees that it was always called "doubleplusunequal".

28
1

Microsoft: The Kremlin's hackers are already sniffing, probing around America's 2018 elections

DropBear
Silver badge
Joke

Re: "seized in as little as 24 to 48 hours"

Except Cuba. Attempt no landing there...!

2
0

Friday FYI: 9 out of 10 of website login attempts? Yeah, that'll be hackers

DropBear
Silver badge

Re: 2fa? wtf?

I don't see why there would be any sales drop if 2FA is _enabled_ as an _optional_ feature for those who wish to use it. I can't see any harm in promoting it on the site either, within reasonable limits. You could even offer a modest financial incentive like a 5-10% discount campaign for those who switch over and stick with it (or maybe some sort of bonus accumulating with each 2FA login). There's no need to just drop it on everyone like a ton of bricks, whatever got you by so far can probably keep doing it for the immediate future for those who don't switch 2FA on right away...

0
0
DropBear
Silver badge

Re: Follow the money

So in your mind the same user id and password repeated again and again, probably over multiple sites, is the exact same thing as a never-twice-the-same reply to a cryptographic challenge generated based on a crypto key that never leaves the auth key hardware...? Interesting...

0
0
DropBear
Silver badge

Re: Another reason this is such a successful exploit

If you think I would use and remember a different "username" for each of the hundred or so various places I might need to log into anywhere from every day to every five years, you're off your rocker. I can't help but wonder what exactly you'd stand to gain compromising any of these forum identities (not that anyone gives a #$@ about what I write even when I'm the one doing it) and various web shop logins (none of them stores payment methods since I pay cash on delivery, or paypal on international ones). Amazon, Ebay, PayPal logins use passwords not used elsewhere and the email they all converge into has a unique password and 2FA. But the other hundred ones are more or less the same (secondary) email-as-id and password, you're welcome to have a go at it...

1
0
DropBear
Silver badge
Mushroom

Re: Checks out

As a counterpoint, I'd like to extend a lovely bouquet of carefully chosen deadly curses to those acerebral primates who insist on throwing me a captcha after an otherwise successful login on the first attempt, from an IP address that cannot possibly be flagged having been in my use for at least several days prior.

You're welcome to enable TOTP 2FA if you think you must and I'll gladly use it, or you can even mail me a link to click on if you have actual solid grounds for actual justifiable suspicion, but DO NOT throw me captchas when I did nothing wrong or suspicious. I regularly have to give up trying to "solve" them after a dozen "yeah okay but solve one more page of these continuously replaced tiles" follow-up requests without any signs of slowing down.

1
0

Microsoft still longs to be a 'lifestyle' brand, but the cupboard looks bare

DropBear
Silver badge

Re: Clueless

"They fail to realize that most consumers want reliable, long lasting products"

I strongly doubt that. I suspect they simply see consumer's wishes for long-lasting products as directly conflicting with their own interests (as basically every other industry in existence), the resulting conclusion being "meh, they'll bend over...".

0
0
DropBear
Silver badge

Definition of insanity

...so you're suggesting everyone doing the exact same dice throw is hallucinating getting different results each time...? Much of the world is chaotic, and getting different results by doing the same thing - to the best of your necessarily limited ability - is the very definition of a chaotic process. That quote is meaningless anywhere outside a science lab, and often even inside it.

0
0
DropBear
Silver badge
Mushroom

Re: Upgrade your Lifestyle with Microsoft!

I beg to differ - as a general, non-Microsoft-specific issue I find software far, far, _far_ more perishable than hardware. Excepting specific examples that might have a limited life as a given thing after which they wear out (such as how many times one can recharge a battery), my experience with hardware in general is that most of it is quite willing to outlive me and just keep trucking. I can't remember when was the last time I had a piece of consumer tech break.

Software on the other hand is gone in only a few years, guaranteed. Not in the sense of suddenly stopping to work just as it did before - clearly, given the appropriate hardware, a DOS 6.22 install will work no differently today than on day one - but in the sense of it becoming utterly unusable in the context of the rest of the world. Security updates are merely the trivial example - software that was "fine" yesterday will paint a ludicrously large target on your back tomorrow unless you move on the new version - but one needs not use that specific issue to illustrate the point.

Let's forget about security - you try surfing websites with a browser a few years old then come back to tell how well it went. In my experience, the current ESR Firefox fails to understand at least half of what the internet throws at it right now - some of it goes unnoticed except for error consoles, some of it flat out breaks everything on a website to the point of uselessness. Or how about watching a nice movie? I hope your vintage software is fine with HEVC / x.265 encoding, seeing as how my not-quite-up-to-date Mythbuntu definitely isn't. And surely your OS/2 CD can edit docx files, right? And view webp pictures...? And let's not mention how my slightly older grub swears an ext4 filesystem is a horrifying alien from outer space merely because it was created with current tools that casually added the "metadata_csum" and "64bit" features to it, because if I think too much about it I might start spontaneously dual-wielding chainsaws.

TL;DR: BULLSHIT, Sir. Software is the absolute most perishable tech humanity has invented yet, rotting away within the year. Hardware typically outlives it by multiple orders of magnitude.

3
5

Doctor, doctor, I feel like my IoT-enabled vacuum cleaner is spying on me

DropBear
Silver badge

Re: IoT foolishness

"why does it need an SD card, which the article implies is removable?"

That's actually one of the sanest backup ways to deliver updates in an unbrickable and also user-friendly way, if an OTA update borks the device for some reason. Most users would manage to download a file to an SD card and stick it into the vacuum cleaner if it went TITSUP (Total Inability To SUck Properly). The devil is in the details (and the haxxors in all your base) of course...

0
0
DropBear
Silver badge
Joke

That's what you thought would save you from Daleks too. How well did that work out...?

1
0

If only 3D desktop printers could 3D print sales! Units crash in Q1

DropBear
Silver badge
Flame

Nonono. As long as we're talking about the personal / amateur / home / hobby / DIY / "maker" market (ie. anything that isn't industrial use) something around $200-300 is a "low cost 3D printer", $500-600 is "a 3D printer" and anything above $700 is "lighting your money on fire" a.k.a. "why aren't these clowns out of business yet well never mind they will be soon enough".

10
0

Either my name, my password or my soul is invalid – but which?

DropBear
Silver badge

Re: "Wrong" email addresses

I'd say not excepting those users would have been the preferable approach...

8
2

Boss helped sysadmin take down horrible client with swift kick to the nether regions

DropBear
Silver badge

Re: Good luck!

Heard that one in various forms, it's one of my major pet peeves. I for one much prefer that other anecdote where the hungry traveller being asked to pay for the smell of the food from an inn pays the innkeeper fittingly with the sound of his coins.

23
0

Declassified files reveal how pre-WW2 Brits smashed Russian crypto

DropBear
Silver badge

Re: Paranoia and hot pockets

I suggest that having your phone catch fire exactly when you're "invited to step out of the queue" would be the polar opposite of plausible deniability. Especially after it happened for the second time (with someone else).

5
0
DropBear
Silver badge

Re: The clue is in the name

Also, being aware that (properly used, properly random) one-time pads are the strongest encryption there is, laypeople might not grasp the magnitude of their gaffe when re-using it twice, possibly thinking "well maybe it's a bit weaker this way but surely it must still be plenty strong..."

12
0

The Register - Independent news and views for the tech community. Part of Situation Publishing