nav search
Data Center Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by EnviableOne

460 posts • joined 28 Jan 2016

Page:

Community Fibre wins £18m from UK.gov infrastructure fund

EnviableOne
Bronze badge

if the fixed line operators dont sort their lives out soon the mobile operators will take all their business.

the average 4G speeds in the UK are 20Mbps down / 10Mbps up and if they can add more spectrum with LTE+ this is showing in current areas at 42/20 which is as faster than FTTC (infinity1) (38/10)

and if they can use the FTTC infrastructure to do fibre backhaul, they could get 5G going too.

0
1

Brexit has shafted the UK's space sector, lord warns science minister

EnviableOne
Bronze badge

@fruitoftheloon Statistics

https://www.electoralcommission.org.uk/find-information-by-subject/elections-and-referendums/past-elections-and-referendums/eu-referendum/eu-referendum-result-visualisations

https://yougov.co.uk/news/2016/06/27/how-britain-voted/

the fact remains that 51.9% of 72.2% of the voting population voted in a non-binding referendum to leave the EU (the remaining 27.8% not bothering to vote.)

this result is in contrast to the only other national referendums, 1975 EC referendum where 67.23% voted to remain (a two thirds majority) and the 2011 UK AV referendum where 67.9% voted to not change. turnouts were 64% and 42% respectivley.

there is no argument that the EU as it stands is a less than effective organisation, but the only way to fix it is with a seat at the table. The Leave campaign were pushing the "Norway" option throughout the campaign, which leaves the UK part of the customs union and subject to the majority of eu rules, with no seat at the table, and lower commitments to EU institutions. the Idea of a hard brexit and its stark economic relaities were downplayed, and the slight yes on the soft option, taken as a hard yes of the extreme option by the May Cabinet.

consiquently there are some leave voters jumping up and down saying, this is nt what we voted for, and the remainers sticking to there you got to be in the club to fix the club.

8
3

US sanctions on Turkey for Russia purchases could ground Brit F-35s

EnviableOne
Bronze badge

Re: Could I interest the UK in...

not to mention the RN Historic Flight

2
0
EnviableOne
Bronze badge

Re: Could I interest the UK in...

sorry we still have the fairey swordfishes that took out the bismark ...

Oh and a collection of seaFury's and SeaPhantoms to play with ...

and a bunch of wildcats, merlins and some Seakings lying around ....

Oh and theirs them hawks we got sitting around for target practice...

2
0
EnviableOne
Bronze badge

Re: Madness

tearing their hair out cos they were told they had to buy the F35, and now its taking up so much of their budgets, they cant afford to do their actual jobs

2
0

Shhh! Don’t tell KillBots the UN’s about to debate which ones to ban

EnviableOne
Bronze badge

Re: Cynical? Moi?

@Nick Kew - I think your statistics are a little out of date, the uk doesnt amke it into the top 5, as we dont have any decent manufacturers any more. All the ones we had have borged into BAe Systems, and they're only a float because of gov.uk contracts. the only report that ranks us behind only the US is written by the UK.gov and is definatley not credible. How many british made and still used weapons systems can you name compared to US or Russian? the biggest deal recently has been 48 typhoons to saudis, but the US has "sold" F35s right left and centre, even to us. Sukoi and MiG out sell BAe too, and the french have been selling rafaeles to world+dog.

According to international studies: between 2010-2015 (percentage of global arms sales)

US=33

Russia=25

China=5.9

France=5.6

Germany=4.7

UK=4.5

0
0

Don't want to alarm you, but defence bods think North Korea could nuke UK 'within a few years'

EnviableOne
Bronze badge

Malcolm Rifkin is a seasoned professional, and skillful practionioner of the politions art, having been through the benches of parliment, he's seen the games and played them all.

John Humphrys is a buldog, not one to work his way round an opponent, which is why he never got to do newsnight.

Paxo, Kirsty Walk or Evan Davis would have got more from him.

1
0

1.5 BEEELLION sensitive files found exposed online dwarf Panama Papers leak

EnviableOne
Bronze badge

Re: Just goes to prove

GDPR itself wont force change,

But if the first fine of 4% global turnover goes to someone big, it will make everyone sit up.

just for context, Amazon only make 2% profit on turnover, so a max fine would eat its profits for two years.

8
1

Facebook to extend bug bounty to cover data leakage, sever ties to data brokers

EnviableOne
Bronze badge

Promises promises

S2D2 heard this all before from FB, when they actually change something and set accoutns to locked down by default, i will start to believe them.

0
0

Cloudflare touts privacy-friendly 1.1.1.1 public DNS service. Hmm, let's take a closer look at that

EnviableOne
Bronze badge
Coat

Re:@Dan 55 No mention of 9.9.9.9?

And co-founded by City of London Police.

I remain to be convinced convicted.

15
0

We need to go deeper: Meltdown and Spectre flaws will force security further down the stack

EnviableOne
Bronze badge
Holmes

Security By Design and Default

Its baked into GDPR, things have to change, we know the momment time pressures come in, the first three things to go are documentation, testing and security.

But by changing our ways of working, so security isnt the afterthought, its just the way we do things, will lead to more efficient, more secure, programming and less patches and hapier customers who will pay more.

If you design in the security in the first place, using never conditions, error handling, input validation, not hardcoding passwords etc. then it solves a lot of the issues before they become vulnerabilities.

and the whole speculative execution thing, if Intel had just asked should we, rather than just can we, it would

0
0

Whois? No, Whowas: Incoming Euro privacy rules torpedo domain registration system

EnviableOne
Bronze badge

Re: Companies house publishing personal data

Companies house is the public record of limited companies

you dont have to have your address listed, providing details are maintained and available

at the registered office address, and then all you have to provide is a name.

0
0

World celebrates, cyber-snoops cry as TLS 1.3 internet crypto approved

EnviableOne
Bronze badge
Mushroom

Still think it should be TLS2.0

its a major overhaul of the entire protocol, not the simple patch and perfect a dot release is meant to be, but that lead to more infighting and options than you can imagine.

Suggestions on the Mailing list came wide and varied

you cant have TLS2.0 as its too close to SSL2.0

you should call it 4.0 cos so peopl know its better than SSL3.0

you should call it 3.4 if you take it back to the start of SSL

I like 2.0

it shouldnt be TLS 2.0 it should be TLS/2 like HTTP

bunch of winers copped out and stuck with 1.3

Its TLS not SSL, its a new version, so increment main number, return sub to zero.

</rant>

2
0
EnviableOne
Bronze badge

Re: Block The Laggarts

cant do that, you'd not be able to work with the .gov or the banks or anyone who should really know better.

1
0

Brit MPs chide UK.gov: You're acting like EU data adequacy prep is easy

EnviableOne
Bronze badge

Considering the EU-Canada trade deal took 9 years, and thats just trade. Brexit is going to take considerably longer to negotiate as its a lot more that needs decided on. Tentativley i recon to fully Brexit it will take at lest twice that and the relationships are so deep that it might even never complete (NI-Eire border etc.) and adequacy is going to be a hard sell as the people that decide it (Article 29 Working Party) have always had issues with how the 1998 DPA implemeted 95/46/EC and there are more concerns that were brought up in the article.

There are already some lessons learned for the next EU exit process (probably Grexit or Itexit), article 50 will be modified to: anyone wishing to leave must agree a transition period which must end as the next EU budget cycle begins, or extend their membership for another budget cycle.

10
2

Windows Server 2019 coming next year and the price is going up

EnviableOne
Bronze badge

MS revenue run rate is due to Azure being +$$$$ than AWS and you can grow faster when you're smaller.

AWS are still inovating, wheras MS are still playing catchup.

Amazon dont care how cheapit is as long as it covers the costs (just) and provide everything you need to just get it going. MS factor cost + profit into everything and then screw you for add-ons, integrations, and stuff to make it actually work. Hence MS top the revenue table, but i bet customer wise and usefull workload wise AWS is far ahead.

6
0

Now that's a bad trip: 880k credit cards 'likely' stolen by Orbitz hackers

EnviableOne
Bronze badge

The travel industry is another one that needs taking to task over data security, the whole network is holes, not just the agents, but the booking frameworks, pre-checking and flight data, miles and rewards, etc

But untill DS is on the same footing as H&S (Directors are criminally responsible) and the fines actually hit the bottom line hard, there will be no improvement.

0
0

British Level 4 driverless pods are whizzing along ... er, a London path

EnviableOne
Bronze badge

When the TfL controll room's stated aim is to keep traffic moving at 10mph, it wont make any difference in rush hour (well 6-10am, 4pm-7pm) and lunchtime (10am-4pm)

4
0

Leading by example: UK.gov's secure server setup is patchy at best

EnviableOne
Bronze badge

Try checking the banks first

Security headers is run by Scott Helme, and Has the backing of Troy Hunt (of haveibeenpwned)

Troy did a blog post on the major banks, they cant even get the Qualys SSL basics right, so HMRC are ahead of them all, and BCC are ahead of most of them.

The other issue is calling a local council part of the central government, local councils have a huge funding squeze, Council tax has been on hold for like 10 years, with inflation topping 3% for most of those years, and there central funds being cut considerably, so they have budgets that are less and less and are being pushed to offer more and more

1
0

OpenMSA: A devops framework for the network admin

EnviableOne
Bronze badge

network vendors do this

Not sure who they are talking to, or what sort of networking they have, but with the exeption of the slowly improving cisco GUI's this is simple to do from just about any vendor's management tool. try provisioning 4000 switch ports before the devices are installed with 1 click on the Cisco Meraki portal.

See:

Dell OMNM

Xtreme (Avaya) COM

Cisco Prime LMS

any of the cloud managed platforms.

0
0

Breaking up is hard to do: Airbus, new bae Google and clinging on to Microsoft's 'solutions'

EnviableOne
Bronze badge

Ok so Gsuite > O365

when

Microsoft Cloud has Data Protection equivalance (Google don't)

Sheets < Excel Online (not even on prem)

Docs < Word Online

Slides < Powerpoint Online

Hangouts < Skype For Business/Teams

Calendar/mail < Exchange/Outlook.com

Keep < OneNote

Jamboard\sites < sharepoint online

O365 allows on prem where you need it

O365 doesnt require mass format changes

O365 can handle cloud-onprem hibridisation nativley (Azure AD)

2
0

UK.gov told: Draw up code of practice for cops bulk-slurping car plates

EnviableOne
Bronze badge

Simples

No non-government entity gets the database,

the DVLA Hold a registration of every car in the uk.

They control Road Find Licence (Road Tax), so add a flag for this

Association of British Motor Insurers provide a list of insured drivers, this set an insured flag

the National Police Computer provides details of Stolen reports and Traffic violations, these set flags

DVLA Has an API

each company/organisation gets its own Key

most Keys only give access to registered owner details.

To get more than that you need Secretary of State approval

If they violate the Terms their key gets suspended

NPC gets RO and Flags.

the NPC system is designed to drop the list of requestes once a clear response is recived

if any of the flags are not present, or the record is not present it generates an alert

then the location time and date data are stored and routed to the relevant local team.

these Registrations are re-checked periodically, and once a clear response is recived, all records expunged from NPC.

2
0

Whois? More like WHOWAS: Domain database on verge of collapse over EU privacy

EnviableOne
Bronze badge

Re: What's the Problem?

Thats the point of GDPR. it should be your choice as to whether you're fine with it, and you shouldnt have to pay for a service if you're not.

Nominet already go most of the way.

on my many domains, the only personal detail is my actual name, everything else is "The registrant is a non-trading individual who has opted to have their <x> omitted from the WHOIS service"

if I transfer them to my company (probably will do down the line) this gets filled with the companies registered address and contacts I provide.

2
0

Ugh, of course Germany trounces Blighty for cyber security salaries

EnviableOne
Bronze badge

Re: Switzerland

you think they are low in london, try anywhere in the UK not london, they are even less

0
0

Crooks opt for Monero as crypto of choice to launder ill-gotten gains

EnviableOne
Bronze badge

Tell Paypal you are an online/app based game provider

set your store out with items x tokens for £5 £10 £15 etc and spread the payments around the mid point (cost/convienience) and start small and ramp up.

looks perfectly normal from a payment provider point of view, and bots can make these transactions with little effort, especially if you use your ill gotten gains to purchase more PayPal accounts to rpelicate the growth in subscribers.

1
0

Facebook suspends account of Cambridge Analytica whistleblower

EnviableOne
Bronze badge

Re: Young folk have no such qualms, understand the transactions they participate in

"Young folk have no such qualms, they dont understand or know they are even taking participating in transactions" FTFY

kids dont realise what they are sharing, or who they are sharing it with, i doubt they have even read the T&Cs for one of the services they signed up to, and only scrolled to the end cos they had to to click accept.

8
1

OK, deep breath, relax... Let's have a sober look at these 'ere annoying AMD chip security flaws

EnviableOne
Bronze badge

Re: Closed black box firmware

Enjoy your remotley pwnable without creds Intel processor with the AMT flaw.

I'll stick to an AMD with a requires local root access to do anything

40
0

It's begun: 'First' IPv6 denial-of-service attack puts IT bods on notice

EnviableOne
Bronze badge

IPv5 = RFC1819 Internet Stream Protocol

EUI-64 is just a way to extend a MAC-48 to give a unique IPv6 address (adding FF:FE between OUI and Device Identifier)

The MAC address 0021.86b5.6e10 (48 bit) becomes

the EUI-64 address 0221.86ff.feb5.6e10 (64 bit)

if you employ the same space saving measures used in IPv6 with the smaller address space and extend the ASN field from IPv4 you end up with plenty addresses to use!

2^48 is more than enough address space, and when your talking 4 addresses in an IPSEC packet, it makes a huge overhead difference.

0
0
EnviableOne
Bronze badge

I think we need a v7 with an address space that is less overkil, and a bit more privacy built in.

if we used a MAC address sized space (2^48) rather than the Ipv6 monster

headers get smaller, and there is plenty of address space for use, along with scope for nat and feasable dotted decimal repreentations ....

0
2

Symantec ends cheap Norton offer to NRA members

EnviableOne
Bronze badge

See previous post -> The NRA are a JOKE

private non-military gun ownership per capita in the US is twice the next highest country

1
0
EnviableOne
Bronze badge
IT Angle

The NRA are a JOKE

on average a US citizen owns at least 1 gun this average is a bit on the skewed side as 3% of the population own over half the guns (at least 17 each) and 57% of housholds don't own one.

the NRA has 5 million members (or less than 1% of the population.)

7.7 million Americans own over 40 guns, so theres at least 2.7million people who own over 40 guns who arent NRA members.

So how do they claim to speak for US gun owners?

Oh and all this second ammendment stuff is really a reach, here it is in all its glory:

"A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed"

so its basically saying that the individual states have the power to retain an armed force that can be used to defend the freedom of the people and this will not be infringed by the forming of the United States. the NRA et all like to forget the first part of it.

The NRA try to whip up the gun owners by saying gun regulations will remove their right to own any, but even talking to NRA confrence delegates or Trump supporters, they accept that some people shouldn't have guns, and that some controlls are nessacary.

limit legal arms to Hunting rifles and Handguns, except where stored secureley at a licenced gun club, that is inspected and controlled.

Mandatory check on applicants for mental illness, violent convictions or other relevant crimes.

Mandatory training on safe use and storage

that will not impinge the avarge gun user, apart from the time to carry out checks, but but any sensible person will build that into there scheduling.

2
0

German government confirms hackers blitzkrieged its servers to steal data

EnviableOne
Bronze badge

If in Doubt ...

Blame the Fancy Bear

or if you dont want to blame the russians

Blame Lazarus

0
0

RIP... almost: Brit high street gadget shack Maplin Electronics

EnviableOne
Bronze badge

simple plan

shed 100 stores, invest in website and distribution, drop prices 33% = PROFIT

2
0

Oi, drag this creaking, 217-year-old UK census into the data-driven age

EnviableOne
Bronze badge

Re: IL6 ?

Information level 6 its an old security level marking under the HMG IS5

Would now be TOP SECRET or FIVE EYES ONLY

ANyway the more Data Points they collect, the easier it is to De-Annomise the data, which is now a criminal offense under the DPA2017

1
0

Comcast offers £22bn to snatch Sky from Rupert Murdoch

EnviableOne
Bronze badge

"We have provisionally found that if the Fox/Sky merger went ahead as proposed, it would be against the public interest. It would result in the Murdoch family having too much control over news providers in the UK, and too much influence over public opinion and the political agenda."

doesn't a Murdoch Run SKY anyway .... (the chief executive officer (CEO) of 21st Century Fox, and chairman of Sky plc.)

anyway, They've already agreed to sell the lot to disney!

Got a feeling this is just to put a spanner in the Disney deal so they can leverage Warner Cable out of Fox

0
0

iPhone X 'slump' is real, whisper supply chain moles

EnviableOne
Bronze badge

BOM to Launch RRP

Apple

$225 to $649 (i7) or 65% markup

$278 to $769 (i7+) or 64% markup

$255 to $699 (i8) or 64% markup

$288 to $799 (i8+) or 64% markup

$370 to $999 (iX) or 63% markup

Samsung

$258 to $750 (S7) or 66% markup

$265 to $769 (S7E) or 66% markup

$301 to $720 (S8) or 58% markup

$325* to $790(S8+) or 58% markup

$350 to $929 (Note8) or 62% markup

3
0

UK.gov's Brexiteers warned not to push for divergence on data protection laws

EnviableOne
Bronze badge

Brexit, GDPR and FUD

I got the best advice about brexit from a Data Protection Specialist from one of our local law firms back in October 2015

She set out 5 options for what the UKs relationship with the EU will look like after brexit and i still think not much has been decided either way.

The basic options are Remain, EEA/EFTA, Bilatteral agreements, Customs Agreement, WTO rules.

Remain means we are subject to all regs, but have a seat at the table to decide them

EEA/EFTA, like Norway/Iceland means we have to apply most rules, dont have to pay in as much, get the free-trade and free-movement, but dont get a seat at the table

Bilateral agreements, Like Switzerland - takes forever to set up, will probally end up with us haing to follow most regulations, gives us custom agreements for each sector, no seat at the table either.

Customs Agreement like turkey - Allows access to free trade, sets external tariffs, covers most goods, but no services

WTO Rules - no Regs, no free-trade, no support, tarrifs and border checks increased cost of goods http://stat.wto.org/TariffProfiles/E28_e.htm

During the referendum campaign, the leave campaign talked up the norway/Iceland senario, but it looks increasingly likely that they are going for a swiss senario, but the agreements woont be in place in time, so we will end up with the WTO cliff edge.

but untill we actualy have some information, its all FUD.

Oh and BTW Data Protection equivalance is not a foregone conclusion, the EU working party for data protection (WP29) have three large grounds they dont think our current regieme is inline with the old directive (that the 1998 dpa is based on) starting with the Five Eyes agreement and the snoopers charter.

4
0

National Museum of Computing rattles the bucket: Help shift war-winning proto-puter

EnviableOne
Bronze badge

Bomba Before

Correct me if i'm wrong, but the origonal bombes were designed about October 1938 by Polish Cipher Bureau cryptologist Marian Rejewski, and Turings design was adapted from it with the assistance of Rejewski and one of the bomba that was smuggled out of Poland.

the UK had two great advantages:

1) not occupied by germans

2) had some cash and resource

1
0

Facial recognition software easily IDs white men, but error rates soar for black women

EnviableOne
Bronze badge

Human eyes and lenses are actually auful compared to modern cameras and lenses.

The human brain however is an infinitley better image processor and interpolator than anything we have managed to develop technologically.

contrast is probably an issue as is the data set used, but this can be fixed by running the custoday photo database the police refuse to get rid of through the training profile. this will probably bias the system the other direction, if the custody book from my local Cop Shop is to be believed

2
0

It's official: .corp, .home, .mail will never be top-level domains on the 'net

EnviableOne
Bronze badge

IF we can have RFC 1918 IPs for internal use,

Why cant we have .internal .private .pdn or .pipa domains too

0
0

Still not on Windows 10? Fine, sighs Microsoft, here are its antivirus tools for Windows 7, 8.1

EnviableOne
Bronze badge

Re: Could have been good news, but I've had enough of doze and I'm migrating to Linux

https://www.reddit.com/r/linux/comments/5zl1a7/linux_distros_that_do_not_use_systemd_or_can_be/

plenty of distros without or that you can disable systemd

Thats the thing with Linux, if you want something, somone has probably done it already.

1
0

You dopes! US state's pot dealer database pwned after security goes up in smoke

EnviableOne
Bronze badge

Re: A lot of ignorance about US law here ...

yeah but a good 70% of UK law is not on the statute book, it lives in the case law.

and the US law in question is the Bill of rights, the first ammendments to the consitution, and as i am lead to believe, required learning in any US grade school.

0
1

PSA: If your security starts and ends with bug bounties, you're gonna have a bad time

EnviableOne
Bronze badge
Mushroom

Easy way to stop people extorting you:

learn to program properly and STOP MAKING Bloated and buggy code.

if the so called "web developers" new what a never condition was and actually sanitised their inputs, we might just get some code that was secure and see a reduction in the number of bugs identified and CVEs issued.

if these so called experts stopped bloating there programs with unused library code and actually understood what their programs were doing, then speculative execution wouldnt have been needed, and we wouldnt be sitting here with vulnerable machines.....

</rant>

0
0

Talk about a hot mic: Dodgy Pixel mobe audio lands Google in court

EnviableOne
Bronze badge

Re: Every 30 months?

this varies from country to country.

in the UK for electronic goods, waranty was decided to be 1 year or product was not fit for the purpose it was sold. Its the vendors responsibility to prove it wasnt faulty when they sold it in the first 6 months, after that its the users responsibility to prove that it was.

In mainland europe its mostly 24 months, in enlightened Norway its 5 years (regardless) gets to be a nightmare when you support multiple countries.

At the time i was working Consumer CS, 90 days was standard in the states, but CS teams threw freebies at everyone.

0
0

Unlucky 13 collared by cops hunting cyber-crew who stole up to $2.2bn

EnviableOne
Bronze badge

Would that be Vlads mate

Dmitry

Nothing like keeping it in the family

1
0

MPs: Lack of technical skills for Brexit could create 'damaging, unmanageable muddle'

EnviableOne
Bronze badge
Coat

Hmm..

Maybe all those contractors they deemed inside IR35 would be usefull

if anyof them hadn't taken there coats .....

2
0

Adobe: Two critical Flash security bugs fixed for the price of one

EnviableOne
Bronze badge

Roll on 2020

The whole web will be safer when it's gone

0
0

Long haul flights on a one-aisle plane? Airbus thinks you’re up for it

EnviableOne
Bronze badge

Airbus Layout

Boht Airbus and Boeing's standard layouts feature reasonable legroom and amenities, its sadists like Oleary that take out the amenities and shove in more seats.

the typical capacity on a A321 is 206 (6 rows less than max) giving a rather spacious 31" seat pitch in economy and 45 in business

3
0

Peers approve Brit film board as pr0n overlords despite concerns

EnviableOne
Bronze badge
Childcatcher

When will they realise

in the age of the internet, Corporations rule, not nations ....

Hail Zuck, Bezos, Musk, Page Et All.

Conspiracy theories aside, wont someone stop thinking about the children for 1 minute and think about the adults?

4
0

Knock, knock. Who’s there? Another Amazon Key door-lock hack

EnviableOne
Bronze badge

Re: Okay, let's pretend I had an aneurysm and bought one of these IoT lock thingies

http://www.walkerlocksmiths.co.uk/mortice-picks-tools/try-out-keys/%205-lever-try%20-out-keys

2
0

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing