Re: I smell a hoax.
It’s a specific type of HDD with the issue, not all of them have it.
Posts by Daniel B.
3131 publicly visible posts • joined 12 Oct 2007
Page:
Janet Jackson music video declared a cybersecurity exploit
The perfect crime – undone by the perfect email backups
Saturday 25th June 2022 02:23 GMT 
Heh. A classic.
This is the reason why many "delete" functions won't actually delete data but only flag the record/email/whatever as deleted. Of course, this functionality is usually known only to certain parts of IT. Same with corporate shredders; some will not actually shred stuff but send it to a "secure" container which is checked before the documents are actually shredded.
On the other hand: some companies have recently started to implement supposed "retention periods" after which all email gets auto-deleted. It's supposedly to avoid sensitive information leaks, but some suspect that the real reason is that having such a policy means that you won't be able to provide evidence that no longer exists.
Red Hat forced to hire cheaper, less senior engineers amid budget freeze
DEF CON is canceled... No, for real. The in-person event is canceled. We're not joking. It's canceled. We mean it
Monday 11th May 2020 23:48 GMT
Re: But why the bother??
True; while I managed to avoid it, I finally came down with the CON-Flu in the aftermath of DEFCON26 (Aug 2018). It also managed to hit me right during my return flight. Dealing with customs and waiting for baggage claim at my home country while getting sick is not a nice experience.
I do wonder if regular con attendees have developed a super boosted immune system?
ICANN finally halts $1.1bn sale of .org registry, says it's 'the right thing to do' after months of controversy
Sunday 3rd May 2020 07:03 GMT 
Good.
I was shitting bricks over this, as I was going to have to spend a lot in getting a 5 year renewal (or more if possible) of my existing .org domain to give me at least some breathing space and see if I could migrate away from that TLD. I chose to make my main domain a .org precisely because it was less likely to get price gouged at all. Fortunately, this scam was stopped.
Ding dong Dell, servers in the well. Who pulled them out? Little PC stout
Saturday 29th February 2020 02:11 GMT 
Dellicious
I still wonder if selling off RSA was a good idea, given that everything related to infosec is gaining value, but I guess Dell (the man) needs to keep the Icahn at bay.
It is however interesting to see that Dell's bet on staying in the personal computer business has paid off, unlike others like IBM who sold their entire personal computing stuff to China.
$2.07bn? That's one Dell of a deal to offload infosec biz RSA
It's a no to ZFS in the Linux kernel from me, says Torvalds, points finger of blame at Oracle licensing
Tuesday 14th January 2020 21:13 GMT
Re: The problem is not Oracle (for once)
The problem is ... both.
The GPL is designed to act like a virus, infecting everything it touches.
Oracle is known for being awful on these kind of things, even if you don't count the whole Java API fiasco.
And then the CDDL itself was purposefully made incompatible with the GPL.
Oracle also closed sourced ZFS at some point so there are now two branches: propietary ZFS by Oracle and OpenZFS by BSD. AFAIK OpenZFS is still stuck on the CDDL license.
Like the Death Star on Endor, JEDI created a ton of fallout and stormy weather in cloud market
Ubuntu says i386 to be 86'd with Eoan 19.10 release: Ageing 32-bit x86 support will be ex-86
Fun fact: GPS uses 10 bits to store the week. That means it runs out... oh heck – April 6, 2019
Hacky hack on whack 'Hacky Hack Hack' Mac chaps hack attack rap cut some slack
Google Spectre whizz kicked out of Caesars, blocked from DEF CON over hack 'attack' tweet
iPhone 8 now outsells X, and every other phone
Wednesday 25th July 2018 15:42 GMT
Re: Has nothing to do with "first batch product"
StarTac probably didn't make it to the UK due to it being an analog phone (AMPS/NAMPS) released at a time when the EU had already jumped to GSM.
As for iPhones: I just upgraded from the 5s to a 6s. Why? Because the 6s is the last one that has the jack, and the 7 and 8 are still stupidly expensive at this point. And the X is already a non-starter as it removed the Home button and it has that horrible notch thing. I can cheer for Apple though, thanks to the X any non-X iPhone user is now less prone to being mugged or getting their phone stolen. The X is now the ultimate "mug me, I'm rich!" sign.
Other than that, I find it really dumb to splurge so much money on a smartphone. Especially when it's ugly.
Eclipse Foundation pushes faster, cloudier Jakarta EE
Reg writer Richard went to the cupboard, seeking a Windows Phone...
Tuesday 24th April 2018 21:18 GMT
Blackberry OS
Well, the old school Blackberry OS did have quite a number of apps, and at some point they were very useful for everyone. But they fumbled because the Blackberries were horribly underspecced and the "classic" OS was slow as hell. By the time they pushed out BlackBerry 10 it was too late, and their "clean slate" approach to apps (instead of offering a migration path) pretty much doomed them at a time when iOS and Android were taking the top spots for devs. Had they released BB10 back in 2009, when they were still one of the top players, they might've survived.
Hell, Nokia was on the right track on this; they were improving Symbian and cooking up a Plan B OS (Maemo, Harmattan) in case Symbian didn't survive. They were even looking into a migration path from Symbian to Maemo/Meego/Harmattan. It wasn't until Elop came in and set everything on fire that Nokia went down hard. All because Elop had to Borg Nokia for his Microsoft masters. Fortunately Nokia was able to jettison the diseased arm before it took them down.
Tuesday 24th April 2018 21:11 GMT
Re: I use windows phones (because no one else will)
But then, there's many of us who don't give a crap about apps. We just want a mobile phone to use as a phone, not some dinky, overpriced, portable computer.
That doesn't counter the previous user's comments though. He specifically mentioned a Smartphone, not a regular phone. If you want just the phone part of the thing, that's what feature phones, or even dumb cellphones are for. They're even coming back, through the revived not-quite-Nokia resurrection which is now free from Microsoft's claws.
Cloudflare touts privacy-friendly 1.1.1.1 public DNS service. Hmm, let's take a closer look at that
Monday 16th April 2018 11:54 GMT
Re: 1.1.1.1 conflict
There was some experiment a couple of years ago (2010) where whoever owned the 1.0.0.0/8 block experimented with advertising the 1.1.1.0/24 and 1.2.3.0/24 routes to the 'net. They got hit with a massive flow of garbage traffic due to these kind of stupid configs. It was so bad that they had to give up using those blocks. Wonder if that has been "solved" recently?
Monday 16th April 2018 11:49 GMT
Re: Still no go
And where does your DNS get its resolution from? What is it’s parent? Or are you one of those muppets that are hammering the root servers directly?
Proper DNS implementation should be hammering the root servers directly. The only time you should be using a "parent" DNS is when you have your own complex DNS infrastructure inside the organization. Most orgs only have one or two DNS servers, in which case using the root.hints is the proper way of doing stuff.
Super Cali neutral traffic bill makes web throttling bogus
Windows Mixed Reality: Windows Mobile deja vu?
Thursday 15th March 2018 03:16 GMT
Re: Just the usual then ....
Ok, my previous comment may have sounded like unfounded hate for the platform ... but that wasn't the case in the beginning. Remember HPCs? Those sounded awesome, and that was what Windows CE was made for. I even owned an HP Jornada at some point, which was pretty good for its time. I was more of a Palm guy myself, but those ceased to be good when they went WinMo. The HP Jornada, however, never ceased to be good.
I actually think that the downturn came around the time they decided to morph Windows CE into Windows Mobile. From there they started doing weird things with the platform, then decided to kill it and create Windows Phone ... and everything from there was just pure crap.
I had quite a number of friends using Windows Mobile phones, mostly latecomers to Palm and a couple of pre-Android Samsung handsets. I only got to see a single person using a Windows Phone handset, and he hated its guts.
Wednesday 14th March 2018 06:38 GMT
Re: On the positive side...
Their mentality was as though they had dominance. It was so arrogant, it was embarrassing. One of the (many) things that's made me move away from Windows development.
They're used to that arrogance; somehow they don't realize that outside of the desktop/laptop PC OS and office productivity software, they're far from being the predominant player.
See how they pissed away their market share by trying to pull off the DRM fiasco and then ram Kinect down everyone's throats. By the time they relented, it was too late and the PS4 was outselling them 2:1. Even the Switch has sold more units, and that platform was released years after the XBone(d).
Wednesday 14th March 2018 06:30 GMT
Re: Just the usual then ....
Agree with everything but this:
Kill Windows Mobile which with proper development would have been a major competitor for Google / Apple
Nope, Windows Mobile was a stillborn platform. Only Microsoft could believe that anyone would voluntarily get suckered into "that shit OS that always crashes on PCs". They went through many iterations of it and all of them failed. Windows CE. Windows Mobile. Windows Phone. Windows RT. The only thing where they succeeded was in killing any sucker that bet on the platform for their hardware: Sendo, Palm, Nokia. At least Nokia was able to jettison the diseased post-Elopocalypse crap before it took them down.
Europe is living in the past (by nearly six minutes) thanks to Serbia and Kosovo
James Damore's labor complaint went over about as well as his trash diversity manifesto
X.509 metadata can carry information through the firewall
Friday 9th February 2018 09:36 GMT
Re: Erm...
> If you even remotely care about security, you’ll need to check the client certificate at the firewall
You can't do that unless your firewall is performing a man-in-the-middle attack on the session - that is, spoofing a false server certificate back to the client, which the client is configured to trust.
Both are sort of right. You can check both client and server certificates at the firewall, because at that point, the communication is still being made in cleartext. Certificate exchanges are sent as part of the initial handshake. Firewalls are capable of MITMing stuff... however, parsing an X.509 certificate and validating it is going to be resource intensive. It's less the job of a regular firewall and more of an IDS/IPS thing, and even then it's going to be so resource intensive that it'll slow down all outgoing traffic. Why? Because you'll need to check all outgoing traffic, see if it's an SSL/TLS handshake, then check the handshake itself, parse the X.509 certs, validate them .... you get the idea.
This is going to suck, because the only way I see this being mitigated is by forcing all traffic to go through proxies, then having those proxies offload all CONNECT requests to an IPS. There's a lot of software out there that shits itself whenever you try to make it go through a proxy...
Tuesday 6th February 2018 06:55 GMT
Re: Erm...
The certificate contains the data because that way, you can initiate a TLS connection, have it fail and the firewalls and IDS/IPS systems will only register a failed connection. However, the data dump will already have been sent.
It's sending information on a channel nobody's expecting to actually contain data.
What did we say about Tesla's self-driving tech? SpaceX Roadster skips Mars, steers to asteroids
Pro tip: You can log into macOS High Sierra as root with no password
Tuesday 28th November 2017 21:50 GMT
OSX user here, and it's a vulnerability. It's probably somewhat mitigated in the sense that setting a password for root plugs the hole, but it's still an embarassment. Not sure if it's remotely exploitable, which would be bad. If it allows for su - without a password, it's probably bad, but it would still require someone to log in with a valid username/password before exploiting it.
If someone already has physical access to the system, there are larger issues at hand.
Dick move: Navy flyboy flings firmament phallus for flabbergasted folk
Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS
A draft US law to secure election computers that isn't braindead. Well, I'm stunned! I gotta lie down
Malware hidden in vid app is so nasty, victims should wipe their Macs
Dumb bug of the week: Apple's macOS reveals your encrypted drive's password in the hint box
Friday 6th October 2017 02:20 GMT
The Neutered Disk Utility
I knew I couldn't be the only one mad at this change. I actually held off upgrading to El Capitan because of it. Ended up jumping from Yosemite to Sierra on April because APFS was actually piquing my interest. I didn't really expect it to be released with these kind of bugs, though.
Azure fell over for 7 hours in Europe because someone accidentally set off the fire extinguishers
Why the Apple Watch with LTE means a very Apple-y sort of freedom
Saturday 16th September 2017 02:31 GMT
Re: Heh. A no-win situation with El Reg
Mobile operators have been clinging desperately to physical SIMs in order to prevent customers from switching easily.
Quite the opposite. Mobile operators would love for someone to make non-removable SIMs a thing as that would mean they would get handset lockdown for free. That's what used to happen in the pre-GSM world, and what has been going on for decades in the US with the horrible CDMA carriers.
I hope this crap doesn't take off, because the moment this jumps into GSM handsets, operators will lock 'em down hard. And all because Apple has to keep their control freakery alive.
Fancy that! Craft which float over everything on a cushion of air
Google sued by Gab over Play Store booting
We don't need another hero: Huawei overtakes Apple – even without a big-hitter
Friday 8th September 2017 00:35 GMT
@Hans 1
Interesting story.
I've got a 5s as well, and it still works pretty well; I got mine in 2015 as I didn't want the monster sized screens. It still works, the only caveat being the 16Gb storage (should've gone for 64Gb) but other than that, it works. And yes, I've got the latest iOS version installed.
Compare to my wife's Huawei, which is sluggish and keeps crashing even though it's just a year old.
Honestly the only ones I haven't seen go bad are the Samsung phones. Most cheap android devices just stop working as intended after the first year.
WikiLeaks a 'hostile intelligence service', SS7 spying, Russian money laundering – all now on US Congress todo list
Nokia's comeback is on: The flagship 8 emerges
Red Hat banishes Btrfs from RHEL
Wednesday 16th August 2017 18:06 GMT
Re: I <3 btrfs
Light years ahead of anything Windows can do.
Everything is light years ahead of anything Windows, period.
As for snapshots, that's available on ZFS too, mostly because btrfs was originally born as an Open Source equivalent to ZFS, mostly sponsored by Oracle. But then Oracle bought Sun and they got access to ZFS, so btrfs was "no longer important". :(
I did try btrfs at some point, but it just didn't work well, so I had to move to ZFS. The latter is supported on pretty much every single OS except Windows (again, everyone's light years ahead of Redmond's OS) so it also serves as a multiplatform FS.
Wednesday 16th August 2017 17:53 GMT
Re: ZFS is the right choice for a server system
For a start. The very founding principle of ZFS (that many people forget) is that it was designed as, and continues to be maintained as a JBOD DAS file system.
This is actually a feature. You simply stick disks into your system, and set up zpools with RAIDZ1/2/3 instead. You'll get exactly the same functionality offered by RAID5/6, but without the dependency on the RAID controller. Ever had a RAID controller failure? Back in 2009, I found out that fakeraid controllers do weird stuff and thus their "RAID" arrays can't be read by other controllers, only the ones from the same brand/chipset you originally used.
ZFS pools can be imported to any system and will always work.
So yes, I'd rather have ZFS on raidz2 than a RAID controller that might leave me SOL if it breaks down and I can't get the same chipset when it does.
Biting the hand that feeds IT
