* Posts by Daniel B.

3172 posts • joined 12 Oct 2007

DEF CON is canceled... No, for real. The in-person event is canceled. We're not joking. It's canceled. We mean it

Daniel B.
Joke

DEFCON is cancelled

Which means that the long running joke is now cancelled?

In other news, thousands of hackers fly into Vegas assuming they’re being punked with the DefCon Cancelled announcement, only to find out its true this time around!

Daniel B.

Re: But why the bother??

True; while I managed to avoid it, I finally came down with the CON-Flu in the aftermath of DEFCON26 (Aug 2018). It also managed to hit me right during my return flight. Dealing with customs and waiting for baggage claim at my home country while getting sick is not a nice experience.

I do wonder if regular con attendees have developed a super boosted immune system?

ICANN finally halts $1.1bn sale of .org registry, says it's 'the right thing to do' after months of controversy

Daniel B.

Yes, but it still has to be owned by some entity. And running the computer in the back room has its own upkeep, even if you never ever upgraded it.

Daniel B.
Angel

Good.

I was shitting bricks over this, as I was going to have to spend a lot in getting a 5 year renewal (or more if possible) of my existing .org domain to give me at least some breathing space and see if I could migrate away from that TLD. I chose to make my main domain a .org precisely because it was less likely to get price gouged at all. Fortunately, this scam was stopped.

Ding dong Dell, servers in the well. Who pulled them out? Little PC stout

Daniel B.
Joke

Dellicious

I still wonder if selling off RSA was a good idea, given that everything related to infosec is gaining value, but I guess Dell (the man) needs to keep the Icahn at bay.

It is however interesting to see that Dell's bet on staying in the personal computer business has paid off, unlike others like IBM who sold their entire personal computing stuff to China.

$2.07bn? That's one Dell of a deal to offload infosec biz RSA

Daniel B.
Facepalm

WTF

Why? Oh why? It’s probably the most valuable bit from EMC!

It's a no to ZFS in the Linux kernel from me, says Torvalds, points finger of blame at Oracle licensing

Daniel B.

Re: The problem is not Oracle (for once)

The problem is ... both.

The GPL is designed to act like a virus, infecting everything it touches.

Oracle is known for being awful on these kind of things, even if you don't count the whole Java API fiasco.

And then the CDDL itself was purposefully made incompatible with the GPL.

Oracle also closed sourced ZFS at some point so there are now two branches: propietary ZFS by Oracle and OpenZFS by BSD. AFAIK OpenZFS is still stuck on the CDDL license.

Like the Death Star on Endor, JEDI created a ton of fallout and stormy weather in cloud market

Daniel B.
Devil

Ewww

So just like the Jedi, they got owned by the Dark Side?

Ubuntu says i386 to be 86'd with Eoan 19.10 release: Ageing 32-bit x86 support will be ex-86

Daniel B.

Re: 16-bit apps

One of those games was rewritten for iOS: SkiFree. Ironically, it’s also dead in the water as it was a 32-bit only game and no longer runs due to iOS 11’s deprecation of 32-bit apps.

Fun fact: GPS uses 10 bits to store the week. That means it runs out... oh heck – April 6, 2019

Daniel B.
Boffin

Re: No planning - again!

Someone who seems to be familiar with GPS development says that it was a deliberate action. It's intended to roll quickly enough so that manufacturers have the correction code in.

Hacky hack on whack 'Hacky Hack Hack' Mac chaps hack attack rap cut some slack

Daniel B.

Well done

This is now my top El Reg headline!

Google Spectre whizz kicked out of Caesars, blocked from DEF CON over hack 'attack' tweet

Daniel B.

Re: Security did no homework, just gut reaction

Defcon security did get involved and cleared out the issue.

Daniel B.

Re: And the airlines are wrong

There’s DEFCON China now, but if anything that’s an actual oppressive regime you’d be dealing with.

iPhone 8 now outsells X, and every other phone

Daniel B.
Boffin

Re: Has nothing to do with "first batch product"

StarTac probably didn't make it to the UK due to it being an analog phone (AMPS/NAMPS) released at a time when the EU had already jumped to GSM.

As for iPhones: I just upgraded from the 5s to a 6s. Why? Because the 6s is the last one that has the jack, and the 7 and 8 are still stupidly expensive at this point. And the X is already a non-starter as it removed the Home button and it has that horrible notch thing. I can cheer for Apple though, thanks to the X any non-X iPhone user is now less prone to being mugged or getting their phone stolen. The X is now the ultimate "mug me, I'm rich!" sign.

Other than that, I find it really dumb to splurge so much money on a smartphone. Especially when it's ugly.

Eclipse Foundation pushes faster, cloudier Jakarta EE

Daniel B.
Boffin

Lennart Poettering

I wouldn't sic Lennart Poettering even on my worst enemy. He's already ruined my formerly favorite OS with systemd, I'm not letting him touch anything related to computers.

Reg writer Richard went to the cupboard, seeking a Windows Phone...

Daniel B.
Boffin

Blackberry OS

Well, the old school Blackberry OS did have quite a number of apps, and at some point they were very useful for everyone. But they fumbled because the Blackberries were horribly underspecced and the "classic" OS was slow as hell. By the time they pushed out BlackBerry 10 it was too late, and their "clean slate" approach to apps (instead of offering a migration path) pretty much doomed them at a time when iOS and Android were taking the top spots for devs. Had they released BB10 back in 2009, when they were still one of the top players, they might've survived.

Hell, Nokia was on the right track on this; they were improving Symbian and cooking up a Plan B OS (Maemo, Harmattan) in case Symbian didn't survive. They were even looking into a migration path from Symbian to Maemo/Meego/Harmattan. It wasn't until Elop came in and set everything on fire that Nokia went down hard. All because Elop had to Borg Nokia for his Microsoft masters. Fortunately Nokia was able to jettison the diseased arm before it took them down.

Daniel B.
FAIL

Re: I use windows phones (because no one else will)

But then, there's many of us who don't give a crap about apps. We just want a mobile phone to use as a phone, not some dinky, overpriced, portable computer.

That doesn't counter the previous user's comments though. He specifically mentioned a Smartphone, not a regular phone. If you want just the phone part of the thing, that's what feature phones, or even dumb cellphones are for. They're even coming back, through the revived not-quite-Nokia resurrection which is now free from Microsoft's claws.

Cloudflare touts privacy-friendly 1.1.1.1 public DNS service. Hmm, let's take a closer look at that

Daniel B.
Boffin

Re: 1.1.1.1 conflict

There was some experiment a couple of years ago (2010) where whoever owned the 1.0.0.0/8 block experimented with advertising the 1.1.1.0/24 and 1.2.3.0/24 routes to the 'net. They got hit with a massive flow of garbage traffic due to these kind of stupid configs. It was so bad that they had to give up using those blocks. Wonder if that has been "solved" recently?

This is the experiment.

Daniel B.
Boffin

Re: Still no go

And where does your DNS get its resolution from? What is it’s parent? Or are you one of those muppets that are hammering the root servers directly?

Proper DNS implementation should be hammering the root servers directly. The only time you should be using a "parent" DNS is when you have your own complex DNS infrastructure inside the organization. Most orgs only have one or two DNS servers, in which case using the root.hints is the proper way of doing stuff.

Super Cali neutral traffic bill makes web throttling bogus

Daniel B.

Re: Doubling down?

Double down is recognized by pretty much anyone.

Daniel B.

Re: Secession by San Andreas

I'd rather not have California secede, precisely because they serve as a counterbalance to the Trumpster madness in the rest of the US.

They're not alone, the Northeastern Corridor also keeps mostly blue, but their 55 EC votes are necessary.

Windows Mixed Reality: Windows Mobile deja vu?

Daniel B.
Boffin

Re: Just the usual then ....

Ok, my previous comment may have sounded like unfounded hate for the platform ... but that wasn't the case in the beginning. Remember HPCs? Those sounded awesome, and that was what Windows CE was made for. I even owned an HP Jornada at some point, which was pretty good for its time. I was more of a Palm guy myself, but those ceased to be good when they went WinMo. The HP Jornada, however, never ceased to be good.

I actually think that the downturn came around the time they decided to morph Windows CE into Windows Mobile. From there they started doing weird things with the platform, then decided to kill it and create Windows Phone ... and everything from there was just pure crap.

I had quite a number of friends using Windows Mobile phones, mostly latecomers to Palm and a couple of pre-Android Samsung handsets. I only got to see a single person using a Windows Phone handset, and he hated its guts.

Daniel B.
Devil

Re: On the positive side...

Their mentality was as though they had dominance. It was so arrogant, it was embarrassing. One of the (many) things that's made me move away from Windows development.

They're used to that arrogance; somehow they don't realize that outside of the desktop/laptop PC OS and office productivity software, they're far from being the predominant player.

See how they pissed away their market share by trying to pull off the DRM fiasco and then ram Kinect down everyone's throats. By the time they relented, it was too late and the PS4 was outselling them 2:1. Even the Switch has sold more units, and that platform was released years after the XBone(d).

Daniel B.
Boffin

Re: Just the usual then ....

Agree with everything but this:

Kill Windows Mobile which with proper development would have been a major competitor for Google / Apple

Nope, Windows Mobile was a stillborn platform. Only Microsoft could believe that anyone would voluntarily get suckered into "that shit OS that always crashes on PCs". They went through many iterations of it and all of them failed. Windows CE. Windows Mobile. Windows Phone. Windows RT. The only thing where they succeeded was in killing any sucker that bet on the platform for their hardware: Sendo, Palm, Nokia. At least Nokia was able to jettison the diseased post-Elopocalypse crap before it took them down.

Europe is living in the past (by nearly six minutes) thanks to Serbia and Kosovo

Daniel B.
Coat

I know what happened

It's Hackerman, he hacked too much time!

Mine's the one with the Kung Fury logo.

James Damore's labor complaint went over about as well as his trash diversity manifesto

Daniel B.

I suspect this article caught the eye of the MRAs, MGTOW and their ilk, which would explain why the comments section seems odd compared to the regular commentards.

X.509 metadata can carry information through the firewall

Daniel B.
Boffin

Re: Erm...

> If you even remotely care about security, you’ll need to check the client certificate at the firewall

You can't do that unless your firewall is performing a man-in-the-middle attack on the session - that is, spoofing a false server certificate back to the client, which the client is configured to trust.

Both are sort of right. You can check both client and server certificates at the firewall, because at that point, the communication is still being made in cleartext. Certificate exchanges are sent as part of the initial handshake. Firewalls are capable of MITMing stuff... however, parsing an X.509 certificate and validating it is going to be resource intensive. It's less the job of a regular firewall and more of an IDS/IPS thing, and even then it's going to be so resource intensive that it'll slow down all outgoing traffic. Why? Because you'll need to check all outgoing traffic, see if it's an SSL/TLS handshake, then check the handshake itself, parse the X.509 certs, validate them .... you get the idea.

This is going to suck, because the only way I see this being mitigated is by forcing all traffic to go through proxies, then having those proxies offload all CONNECT requests to an IPS. There's a lot of software out there that shits itself whenever you try to make it go through a proxy...

Daniel B.

Re: Erm...

The certificate contains the data because that way, you can initiate a TLS connection, have it fail and the firewalls and IDS/IPS systems will only register a failed connection. However, the data dump will already have been sent.

It's sending information on a channel nobody's expecting to actually contain data.

What did we say about Tesla's self-driving tech? SpaceX Roadster skips Mars, steers to asteroids

Daniel B.
Unhappy

Re: "a space-faring publication"?

On a side note, whatever happened to LOHAN?

There hasn't been an update since 2016.

Lester died in 2016; thus the project died with him.

Pro tip: You can log into macOS High Sierra as root with no password

Daniel B.

Re: version?

Ah, someone has been paying attention to the internal Office version shown in the Registry.

Daniel B.
Boffin

OSX user here, and it's a vulnerability. It's probably somewhat mitigated in the sense that setting a password for root plugs the hole, but it's still an embarassment. Not sure if it's remotely exploitable, which would be bad. If it allows for su - without a password, it's probably bad, but it would still require someone to log in with a valid username/password before exploiting it.

If someone already has physical access to the system, there are larger issues at hand.

Dick move: Navy flyboy flings firmament phallus for flabbergasted folk

Daniel B.

Re: Is it too late...

I did use that reference when I retweeted it.

Daniel B.

Superb skills

I hope he doesn't lose his flight status due to that dick move. He's pretty talented to be able to draw that dog with his dong^Wjets, I mean, jets.

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

Daniel B.

Not quite

X.509 *certs* are usually valid for 1 or 2 years. The actual keys can be reused and in fact many companies do so because they don't have to generate another CSR if they do so. Bad practice? Sure. But not uncommon.

A draft US law to secure election computers that isn't braindead. Well, I'm stunned! I gotta lie down

Daniel B.
Coffee/keyboard

President Pence

Now that made my day! And also buy a new keyboard!

Malware hidden in vid app is so nasty, victims should wipe their Macs

Daniel B.

Re: A complete wipe?

Internet recovery is only used if the user explicitly chooses it, or when there is no recovery partition on the HDD/SSD.

Dumb bug of the week: Apple's macOS reveals your encrypted drive's password in the hint box

Daniel B.

The Neutered Disk Utility

I knew I couldn't be the only one mad at this change. I actually held off upgrading to El Capitan because of it. Ended up jumping from Yosemite to Sierra on April because APFS was actually piquing my interest. I didn't really expect it to be released with these kind of bugs, though.

Azure fell over for 7 hours in Europe because someone accidentally set off the fire extinguishers

Daniel B.

BOFH

So I guess we now know where the BOFH is working at these days!

Why the Apple Watch with LTE means a very Apple-y sort of freedom

Daniel B.
Boffin

Re: Heh. A no-win situation with El Reg

Mobile operators have been clinging desperately to physical SIMs in order to prevent customers from switching easily.

Quite the opposite. Mobile operators would love for someone to make non-removable SIMs a thing as that would mean they would get handset lockdown for free. That's what used to happen in the pre-GSM world, and what has been going on for decades in the US with the horrible CDMA carriers.

I hope this crap doesn't take off, because the moment this jumps into GSM handsets, operators will lock 'em down hard. And all because Apple has to keep their control freakery alive.

Fancy that! Craft which float over everything on a cushion of air

Daniel B.
Boffin

I remember them

First learned about them thanks to Quest magazine, which showcased how they worked. Though I had seen them in the Snoopy feature where the Peanuts gang goes to France. Back then, the magazine was also talking about a huge engineering feat: the construction of the Chunnel.

Google sued by Gab over Play Store booting

Daniel B.
Trollface

Gab?

What's that?

Given that the examples for social networking they used are far from being the predominant players anywhere (even Google has realized that Google+ is just not going to take off), it'll probably be dismissed.

We don't need another hero: Huawei overtakes Apple – even without a big-hitter

Daniel B.

@Hans 1

Interesting story.

I've got a 5s as well, and it still works pretty well; I got mine in 2015 as I didn't want the monster sized screens. It still works, the only caveat being the 16Gb storage (should've gone for 64Gb) but other than that, it works. And yes, I've got the latest iOS version installed.

Compare to my wife's Huawei, which is sluggish and keeps crashing even though it's just a year old.

Honestly the only ones I haven't seen go bad are the Samsung phones. Most cheap android devices just stop working as intended after the first year.

WikiLeaks a 'hostile intelligence service', SS7 spying, Russian money laundering – all now on US Congress todo list

Daniel B.

Re: Do you realize...

Ask Karen Silkwood how that works out.

Nokia's comeback is on: The flagship 8 emerges

Daniel B.

Lumia

Please don't talk about those. I consider them the reason why Nokia nearly died, as they were the ones made after the Elopocalypse.

Red Hat banishes Btrfs from RHEL

Daniel B.
Happy

Re: Anyone else just use ext4?

Ah, I thought I was the only one keeping to RHEL/CentOS 6 to avoid the systemd crap. I'm using a mix of ext4 and xfs on those systems. :)

Daniel B.
Boffin

Re: I <3 btrfs

Light years ahead of anything Windows can do.

Everything is light years ahead of anything Windows, period.

As for snapshots, that's available on ZFS too, mostly because btrfs was originally born as an Open Source equivalent to ZFS, mostly sponsored by Oracle. But then Oracle bought Sun and they got access to ZFS, so btrfs was "no longer important". :(

I did try btrfs at some point, but it just didn't work well, so I had to move to ZFS. The latter is supported on pretty much every single OS except Windows (again, everyone's light years ahead of Redmond's OS) so it also serves as a multiplatform FS.

Daniel B.
Boffin

Re: ZFS is the right choice for a server system

For a start. The very founding principle of ZFS (that many people forget) is that it was designed as, and continues to be maintained as a JBOD DAS file system.

This is actually a feature. You simply stick disks into your system, and set up zpools with RAIDZ1/2/3 instead. You'll get exactly the same functionality offered by RAID5/6, but without the dependency on the RAID controller. Ever had a RAID controller failure? Back in 2009, I found out that fakeraid controllers do weird stuff and thus their "RAID" arrays can't be read by other controllers, only the ones from the same brand/chipset you originally used.

ZFS pools can be imported to any system and will always work.

So yes, I'd rather have ZFS on raidz2 than a RAID controller that might leave me SOL if it breaks down and I can't get the same chipset when it does.

World's largest private submarine in mystery sink accident

Daniel B.

Re: Pictures

It's the caterpillar drive, of course!

WannaCry kill-switch hero Marcus Hutchins collared by FBI on way home from DEF CON

Daniel B.
Meh

Welp

This kinda makes me feel better I didn't make it to DEFCON25. But damn, this has all the hallmarks of sloppy investigation. Why would a malware author willingly travel into the US?

50th anniversary of the ATM opens debate about mobile payments

Daniel B.

Naaaah

I know a lot of people that aren't ever going to let go of cash.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020