nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by EnviableOne

653 posts • joined 28 Jan 2016

Page:

FCC's 5G masterstroke little more than big biz cash giveaway – expert

EnviableOne
Bronze badge

American Revisionists

Hmm AT&T first in the world?

Ooredoo, a large mobile network operator in Qatar, launched the first commercial 5G network in the world as of May 2018 in 3.5 GHz band

0
1

What's that smell? Oh, it's Newegg cracked open by card slurpers

EnviableOne
Bronze badge

Content Security Policy

Sureley a CSP would stop this code sliding into their websites?

HTTPS is just not enough

Scott Helme give great advice on this, and even set-up securityheaders.com to check it (along withother websec) and run a service to handle your CSP reports (report-uri.com) (assisted by Troy Hunt)

Quite fankly if your running any sort of secure site and it doesnt Get an A on SSLLabs and an A on Security Headers, your not doing it right

2
0

First Boeing 777 (aged 24) makes its last flight – to a museum

EnviableOne
Bronze badge
Joke

Obv a crab

In the RAF they say a landings ok, if the pilot can get up and walk away,

but in the Fleet Air Arm the chances are grim if the landings piss poor and the pilot cant swim

1
0
EnviableOne
Bronze badge

Re: "I thought the 777 was ETOPS 180?"

A321neo is more economical per seat mile and doesnt need the extra tanks on the westbound now.

i'm prety sure the 320neo could make the trip and is a lot more economical than the 737-9ER

the MAx9 doesnt have the range and the MAX 10 isnt fast enough.

0
0

Equifax IT staff had to rerun hackers' database queries to work out what was nicked – audit

EnviableOne
Bronze badge

Re: Igorance

I am fully aware of risk based security, but if as you said this was seen as so small a risk it could be accepted, then their risk manager needs shot as well, cos they let this happen.

As others have said if its core to your system, it should be maintained, and from the details comming out, Equifax was a hive of poor oversight, poor practice and poor security, if this system is core to their monitoring, it should have been reporting on expiring certificates, and someone should have had the job of making sure something was done about it.

I am not saying I'm perfect, but i am pretty sure i know where the holes are and have multiple layers on the important stuff.

0
0
EnviableOne
Bronze badge

I'd like to know

How does a cerificate being expired prevent a security tool from working,

and if this is the case, why wasn't it picked up?

or do their IT team have Alert Fatigue? seeing as all these unpatched uncertificated services will be flinging alerts at them

3
0

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

EnviableOne
Bronze badge

Re: The Cloud...

Nah I have my own accronym

OPT - Other people's Tin

0
0

Linux kernel's Torvalds: 'I am truly sorry' for my 'unprofessional' rants, I need a break to get help

EnviableOne
Bronze badge

I think you'll find they added some letters

LGBTQIA+

would be the current vernacular, providing they haven't added alphabet since, personally I thought the + was a greedy catch all, but someone wanted the I and A too

1
0
EnviableOne
Bronze badge
Linux

Fair Cop

Linus has always rulled with an iron fist and to be fair, the critisism is usually waranted, and some on the reciving end have even admitted, bit harsh, but i deserved it.

Oh and since when has linus been bothered with security? He has reserved special places in hell for it on several ocasions.

His two priorities are clean code, that runs, no BS, no fluf.

5
1

C'mon, biz: Give white hats a chance to tell you how screwed you are

EnviableOne
Bronze badge

Re: Finance

you think finance IT is under funded, come work in healthcare

we got 1/10th the staff and 1/100th the budget

0
0

Watt the heck is this? A 32-core 3.3GHz Arm server CPU shipping? Yes, says Ampere

EnviableOne
Bronze badge

RE: @cronus Spooknotes speak volumes

As for the Spectre and Meltdown CPU vulnerabilities – which affects a range of CPU architectures, from Intel'x x64 to Arm's Cortex-A families – Ampere's Taylor told us this:

Patches have been installed. As with other Arm-based processors, there are vulnerabilities. For eMAG and all future generations, architectural changes were made and will be made now to address the Arm fix for Spectre and Meltdown.

1
0

UK.gov finally adds Galileo and Copernicus to the Brexit divorce bill

EnviableOne
Bronze badge

The KISS

Wait for deal to be announced

hold referendum with three options:

1.Take deal and GO!

2.Stuff deal and stay!

3.Stuff deal and GO!

the current deal we have with the EU is the best anyone has, if we leave we will have to follow the whole process to come back.

No Disputes with members - That means Gibralter with spain and the Irleland problem need to be sorted before we get back in

Must Join the Euro - try getting that one passed

No Rebate - saves us a good chunk of what we put in

Fix the Surveilence regieme - They hate the 5 EYES and have some other issues too

10
1

US govt confirms FCC's broadband speeds and feeds stats are garbage

EnviableOne
Bronze badge

the problem with comparing US to EU

most EU nations had a former publicy owned telephone company that ran cables to everywhere and has at least one with a Global service obligation. Unfortunatley for them tother side of the pond, this is not the case, and it all comes down to economics, and based on most models, 80% coverage of the US is about economical, the other 20% is going to be costly.

in the Uk this comes down to 95% (due to the size and landsacpe) so the government are (barley) funding the last 5% along with co-ops and collectives, who are paying the national networks for connectivity on a group rate.

1
0

Microsoft accidentally let encrypted Windows 10 out into the world

EnviableOne
Bronze badge

Re: a single "well qualified" in IT person that participates

alpha code please, the final product that makes it to the peons is still beta code (in any organisation that isnt run by SatNad)

3
1

A basement of broken kit, zero budget – now get the team running

EnviableOne
Bronze badge

Re: Loose change to pay the beer bill...??

or the cost of a three bedroom house in newcastle

28
1

Python joins movement to dump 'offensive' master, slave terms

EnviableOne
Bronze badge

Re: "America's" peculiar institution? LMFAO

technically owning another person was leagal in the UK untill the human rights act came in in 1998, but the slave trade was killed by making it not profitable and the ships that powered it were british registered.

the 1807 act created fines for captains who continued with the trade. These fines could be up to £100 per enslaved person found on a ship, which in the times was significant.

All subsequent acts banned the trade in slaves, not the owning of them

1
0
EnviableOne
Bronze badge

High horses all round

Big fan of KISS

the one controls the other the other must do work but does not get paid - Master / Slave

It is a board, it is Black - it is a Black Board

there seems to be little problem with a board that is white being called a white board

people are not (normally) masters or slaves (anymore) and not black or white

people are just bluish-white + brown in varying quantities

2
1

Gartner: Governments want to be digital, but just can't scale it up

EnviableOne
Bronze badge

Re: Ah, Gartner

sounds like government departments then, so they know what they are talking about

0
0

Generally Disclosing Pretty Rapidly: GDPR strapped a jet engine on hacked British Airways

EnviableOne
Bronze badge

Article 33

Its says that "[the company] shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify [...] the supervisory authority [...] unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification [...] is not made within 72 hours, it shall be accompanied by reasons for the delay."

so it doesnt have to be within 72 hrs, but if its not, you have to justify it.

and the fine is based on the Global group turnover, not the business unit, so if there were to be a fine, it would be based on IAG's turnover not BA's

4
0

2-bit punks' weak 40-bit crypto didn't help Tesla keyless fobs one bit

EnviableOne
Bronze badge

1% problems

I'm off to clone the keys of anyone with a Tesla, McLaren, Triumph or Karma round here ...

oh i forgot, Im in NE England there arent any...

6
0

British Airways hack: Infosec experts finger third-party scripts on payment pages

EnviableOne
Bronze badge

Re: Green Locked Padlock icon

dont forget Securityheaders and Report-URI

Scott's done a lot of work on this, and Troy Hunt is joining forces too.

1
0
EnviableOne
Bronze badge

is it just me

Or are RiskIQ just seeing Magecart everywhere?

this could quite reasonably be someone who has an Issue with BA that got hold of the code for the Ticketmaster thing

1
0

Guess who's still in charge of your gas safety, Brits? Capita

EnviableOne
Bronze badge

WC A

Just realised i can play with the CAPITA Name some more

CAPITA-> CRAPITA-> CR*P PIT A-> Toilet A -> WCA

why they are still on the HMG approved suppliers list, i will never know.

0
0

Safari, Edge fans: Is that really the website you think you're visiting? URL spoof bug blabbed

EnviableOne
Bronze badge

Re: Safari's broken affairs...

ahh come on, if intell hadnt spectre'd up their speculative execution, FF Quantum was a shot in the arm and a lot quicker at loading

and to be fair, ESR 60.2 isnt half bad and leaps and bounds ahead of 60, i've nearly got it back to what it was on 52.8

NPAPI needed to go the journey

1
1

Official: Google Chrome 69 kills off the World Wide Web (in URLs)

EnviableOne
Bronze badge

Re-defining RFC3986

Ok so the great Tim et. al defined the uri and included this:

Uniformity provides several benefits. It allows different types of resource identifiers to be used in the same context, even when the mechanisms used to access those resources may differ. It allows uniform semantic interpretation of common syntactic conventions across different types of resource identifiers. It allows introduction of new types of resource identifiers without interfering with the way that existing identifiers are used. It allows the identifiers to be reused in many different contexts, thus permitting new applications or protocols to leverage a pre-existing, large, and widely used set of resource identifiers.

So how can this one use case justify changing what are UNI-FORM across all other implementations, just to justify their drive to render 2/5 less charcters?

oh and what happens if something different is posted at abc.com and www.abc.com? is on my domain

1
0

UK.gov went ahead with under-planned, under-funded IT upgrade? Sounds about right

EnviableOne
Bronze badge

sounds Like Millenium Year Application Software Suite all over again

i thought mergers were suposed to save money

Whole load of people Putting things into and out off MYASS

1
0

Dear America: Want secure elections? Stick to pen and paper for ballots, experts urge

EnviableOne
Bronze badge

Re: In short, the British system

this is the rub, if Merica got off its newer is better high hourse and used the same system that has worked properly for the last 100+ years and not so well for the couple of hundred before that (rotten boroughs etc)

then one man one form one mark in one box

take all the forms, count the marks and roberts your fathers brother

We have 2 parties, as do all FPTP voting systems, its just the Liberals havent died off completley yet since Labour took over as the second party in the 30s-40s

in Scotland its SNP and Labour, in NI its DUP and SF

wales have a hybrid system so Plaid Cymru Labour and Conservitives are all represented.

The problem in the US is the Electoral College System, in which you can win without the popular vote, as states give all their electors to the winner. This means that by tampering with three or four counties, you can tip the three or four swing states and end up winning the election.

if states applied PR to their electors, the results would more closly mirror the popular vote.

1
0

Capita onshores IBM transformer man as chief growth officer

EnviableOne
Bronze badge

"fewer things better"

if they did one thing well i'd be supprised...

0
0

Bug bounty alert: Musk lets pro hackers torpedo Tesla firmware risk free

EnviableOne
Bronze badge

What IF...

Someone playing around on shodan finds x number of devices with a certain port available, connects to one such device, manages to open an remote console and discovers they now have root access to x Tesla vehicles. This is a rather important flaw, now they have not registered with Tesla, and neither are the vehicles they have access to, are they going to get hit by US legal intervention, are the users going to get issues having their car flashed if said researcher made cosmetic changes as PoW?

0
0

Google's 'other' phone platform turns up in post-apocalyptic mobe

EnviableOne
Bronze badge

Whatsapp and Telegram

Signal Please ...

FB Whatsslurp and FSBegram are so passe

1
0

Activists rattle tin to take UK's pr0n block to court

EnviableOne
Bronze badge

Re: COPPA load of this

well wont someone think of the adults for a change?

If we explain to MPs that their pr0n habits will be leaked in either an Ashley Madison or Cambridge analytica style breach, and world +dog will know that they have a penchant for nazi bondage, forcing them to hang head in shame and never be re-elected, perhaps they may think about this again....

5
0
EnviableOne
Bronze badge

COPPA load of this

The US Childrens Online Privacy Protection Act Came into force in 1998 and attempted to limit the collection and use of under 13s data by online sites.

This is why there is a minimum age on facebook accounts. but walk into any school on either side of the pond and ask any 8 yr old how many friends they have on facebook ....

Now if they can't get this right and they've had 20 years, how exactly does HMG expect this to work...

23
0

HTTPS crypto-shame: TV Licensing website pulled offline

EnviableOne
Bronze badge

Re: Password reset emails

Ahh but as far as the unwashed masses are concerned, it is the appearance of security, which gives them confidence to use the interwebs.

if all were so enlitened, the first $1trillion dollar company would be GE in like 20 years, as everyone would have left the security free cesspool that is the internet alone.

0
0

NASA 'sextortionist' allegedly tricked women into revealing their password reset answers, stole their nude selfies

EnviableOne
Bronze badge
Mushroom

Re: It's not rocket science

who blatently gave a way the keys to their virtual kingdom, just cos someone said it was for a school project.

Three simple questions to ask yourself about anyone wanting info from you:

Are they who they say they are?

Do they need to know this information to do what I asked them to?

Do they need to ask me for it?

not rocket surgery or even brain science.

wake up sheeple

8
7

Nope, the NSA isn't sitting in front of a supercomputer hooked up to a terrorist’s hard drive

EnviableOne
Bronze badge

Five Eyes Only

Yeah just the 5 bigest nations divided by the common language of english, that are already spying on each other's citizens for each other.

RIPA in the UK

FISA in the US (section 702 anyone)

AUS are on the way

looks like CAN and NZ are playing catchup

hmm perhaps i should brush up on my forgien language skills or build me a SEALAND

1
0

UK.gov: NHS should be compensated by firms using its data goldmine

EnviableOne
Bronze badge

Have you not heard of the national data opt-out, another one of those government run botched IT projects. You get the right to opt out of your data being used for anything not directly related to making you well.

https://www.nhs.uk/your-nhs-data-matters/

Anyway the point is, Information is valuable, and even completley annonomised data sets are valuable. And currently private firms have access to this data for peanuts and make millions, so to find the shortfall the NHS needs but the Gov dont have, surley they should pay fair price for it.

But the NHS is broken, and throwing money at it wont make it better. It needs to be re-formed, ie get rid of all these "trusts" and go back to one national organistaion that makes everyone better. Remove the postcode lottery, the stupid contracts where you have to get 3 busses for an MRI cos the CCG saves £10 per patient, where the areas that are more efficient pass those savings not to private companies as profits, but to those areas that still need a service, but it costs more to do.

Centralise procurement and de-centralise care, improve patient choice and remove the fat cat Trust Boards, CCGs and Commisioning units, that sap all the sense and care out of the system.

1
0

World Cup TV sales offset dip in computing demand says Dixons Carphone

EnviableOne
Bronze badge

Re: Special deals.

Ahh but as with the likes of maplin, if you dont have the luxury of Prime NOW! and postivily absoloutly have to have it in the next hour, (Currys) PC World is there for you.

0
0

Do you really think crims would do that? Just go on the 'net and exploit a Windows zero-day?

EnviableOne
Bronze badge

Re: So classic way to find an exploit.

like "I don't want to do extra work to check for this" by some lazy overpaid millenial "child" since (it appears that) nearly all senior devs and QA people have left Micro-shaft over the last decade or so...

More like they never even thought they had to, just coppied some other code that did what they wanted, and as it was an example, didnt have the checking in.

Cos Coders arent Programmers

9
0

5G can help us spy on West Midlands with AI CCTV, giggles UK.gov

EnviableOne
Bronze badge

Re: "China-style AI-powered CCTV cameras"

pwned by Mirai et al. the momment they go online then

3
0

If you weren't rich enough to buy a Surface before, you may as well let that dream die

EnviableOne
Bronze badge

For those who really want a Surface on Credit

I belive a certain payments site is offering a similar service now, with intrest free options too

0
1

TSB goes TITSUP: Total Inability To Surprise Users, Probably

EnviableOne
Bronze badge

Re: Is TSB a canary

It appears everyone has forgotten the numerous issues at RBS (NatWest) who it seems TSB have mistakenly coppied their systems from.

most Building societies have there backend run from one of them based in the North East

Llloyds systems are far more stable, HSBC's tend to be pretty good, and I dont recall anything major around Barclays or HBOS

0
0

BT scoops Home Counties chunk of new NHS IT contract

EnviableOne
Bronze badge

Re: Face!!! Palm!!

Apparently, replacing a single source supplier connection agreement, with multiple smaller agreements (most of which will be with said single source supplier) will save the NHS money.

This despite the fact that HSCN is internet facing, and N3 was a private network with Internet gateways.

2
0

Anon man suing Google wants crim conviction to be forgotten

EnviableOne
Bronze badge

Re: Due Dilligence

if your doing due dilligence, google is the last place to look. have you not seen the discalimer at the bottom of seaches: Some results may have been removed under data protection law in Europe.

Dun and Bradstreet, Companies house, FCA, Prudential Regulation authority, etc. would be my calls for Dilligence.

INAL but :

Under GDPR Article 10 and the ROA the spent conviction is no longer relevant information.

Under the EUCJ rulling (AEPD vs Google Sp.) Google/Alphabet are a data controller and subject to Local Data protection law and Google UK Ltd. and Google LLC/ Alphabet Inc. are intrinsically linked entities. So the ruling states a test of need to know vs privacy must apply.

However this is also complicated by the fact that Google LLC own the site in question and can therefore be classed as a publisher

this is further con

1
1

Butcher by name, Butcher by nature? Capita finds new CFO

EnviableOne
Bronze badge

Re: Pat Butcher?

Not the only one to see the Walford link then .....

2
0

It liiives! Sorta. Gentle azure glow of Windows XP clocked in Tesco's self-checkouts, no less

EnviableOne
Bronze badge

all the NCR tills in my area appear to have just had a GUI update, but i doubt the OS has changed.

they now look all wordpress site like

0
0

Scot.gov wins pals with pledge not to keep hold of innocents' mugshots and biometric data

EnviableOne
Bronze badge

NOt so, i believ the driving factor for disclosure scotland use is as with most things Serco et. al are involved with is COST

Disclosure Scotland is cheaper than DBS

7
1

TLS developers should ditch 'pseudo constant time' crypto processing

EnviableOne
Bronze badge

Re: Lucky 13 is an *INSIDER* attack, not an attack against true properties of TLS

The issue isnt the algorithm or more accuratley the protocol (as KRACK is to WPA2), its the implementation of the protocol(TLS). OpenSSL, boringSSL and LibreSSL fixed it properly, WolfSSL, amazon and all the others mentioned didnt.

if you are creating a patch for a problem, check to see its fixed not just the specific one, but the class of problem.

1
0

EU wants one phone plug to rule them all. But we've got a better idea.

EnviableOne
Bronze badge

Back to the Point

Basically the idea is to get Apple to use the same spec as everyone else (USB-C) but this will never happen as they are making too much money licencing others to make lightning connectors or flogging their own at £35 a pop.

it would make everything better if all chargers worked on all devices, but the range of voltages and currents on plugs and cables makes it a nightmare.

most of them are 5v then the ampage changes - 1.0A-4.6A

when you get to QC your looking at up to 20v

0
0
EnviableOne
Bronze badge

Re: £750m for the NHS per week

I believe the current figure for the brexit "dividend" is some where in the region of 20-40m a week

taking into account the rebate(loss) and currently commited payments, and agencies we want to pay to play in .....

0
0

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing