* Posts by Adrian Bool

36 publicly visible posts • joined 17 Oct 2007

Starliner to remain docked to the ISS into July – with no new departure date

Adrian Bool

Re: Boeing’s Starliner problems may be worse than we thought

That relates to the previous un-manned test flight in Jan/Feb 2024 - not the current mission.

IBM to acquire Hashi for $6.4B, hopes it will boost software biz and Red Hat

Adrian Bool

Hashi?

What's with the use of "Hashi" in this article, as opposed to the company's actual name of HashiCorp?

GoFetch security exploit can't be disabled on M1 and M2 Apple chips

Adrian Bool

Re: No, not really.. but maybe, someof the time

Note that the GoFetch paper does mention (in footnote 22, just after the Conclusions) that "We observe that setting the data independent timing (DIT) bit disables the DMP behavior on M3, which is not the case with M1 and M2.".

It does seem that whilst Apple provided an API to support the secure handling of crypto material, their implementation fell short — with DMP not being disabled when it should have been on M1/M2 devices. Looks like they noticed the omission and corrected for the M3.

Therefore, it seems that if you followed Apple's guidance for crypto code as per your link; code would be secure on an M3 but not on M1/M2.

(I agree with the rest of your comments about this being a low priority issue for many Mac users - especially as this doesn't impact keys in the secure enclave and hence Filevault and (hopefully?) Key Chain.)

Rust projects open to denial of service thanks to Hyper mistakes

Adrian Bool

Re: So Rust is not memory safe then

> To which I respond "then what did we gain from Ye Olde C Days?"

There is a gain is that, in Rust, this vulnerabilty can't be used to for remote code excution or data leaks — the impact is "limited" to DoS. I fully agree that that this API should be defined in a more robust manner though... DoS is still bad...

Micro Focus COVID-19 costs: Carry the one, decimal 9 places to the right... hmm. Holy cow, it's a $1bn+ loss

Adrian Bool

Re: The office rental market is going to take a severe battering

Possibly not so bad for WeWork and the like – occasional meetings and other face-to-face interaction will still be required and companies may opt for using spaces such as WeWork on a more ad-hoc basis rather than maintaining large, traditional offices.

Firm fat-fingered G Suite and deleted its data, so it escalated its support ticket to a lawsuit

Adrian Bool

Shouldn’t be an issue

Google’s own docs state that deletion of content starts 51 days after the deletion of the G-Suite account. These guys should be fine, something gone wrong in Google’s processes? https://support.google.com/domains/answer/6313602?hl=en-GB

Bank in the UK? Plans afoot to make YOU liable for bank fraud

Adrian Bool

Re: (de-)Training ...

Ooh, letter headed paper - very secure! ;-)

Stephen Fry MADNESS: 'New domain names GENERATE NEW IP NUMBERS'

Adrian Bool
Alert

It did, long ago...

Back in the days of HTTP1/.0 a new domain name did mean a new IP address on a server somewhere... It was only with HTTP/1.1 that single IP could serve many domains.

(Of course, the creating of that domain name did not magic that IP into existence!)

Powershell terminal sucks. Is there a better choice?

Adrian Bool

There is a StackOverflow question asking the same thing,

http://stackoverflow.com/questions/60950/is-there-a-better-windows-console-window

...with the top response being for the ConEmu terminal,

http://sourceforge.net/projects/conemu/

Quite possibly just what you need! I'll be checking it out too!

Google scrambles to block backdoors

Adrian Bool

Re: Not quite

There are often master keys involved - two examples: the private key associated with the certificate used in SSL/TLS, and the password to a password database (e.g. 1Password, Keypass etc).

GCHQ attempts to downplay amazing plaintext password blunder

Adrian Bool
Go

Re: Banks too?

Could still be hashed. When they made this change they could have taken your first successful login and then re-wrote a hash of a lower case version into their database; then from then on they just set your input to lower case before hashing it and doing the compare...

RIPE NCC handing out last European IPv4 addresses

Adrian Bool
Thumb Up

aid@logic.org.uk

FYI: Since "World IPv6 Launch" (06/06/2012) Google no longer requires your ISP to be approved to access them via IPv6.

Fully agree with all your other comments...

Key evidence in Assange case dissolves

Adrian Bool
Stop

aid@logic.org.uk

For the second woman, it's not correct to state that he was requested to stop immediately. From the victim's interview record,

"They fell asleep and she woke by feeling him penetrate her. She immediately asked 'are you wearing anything' and he answered 'you'. She told him 'you better not have HIV' and he replied 'of course not'. She felt it was too late. He was already inside her and she let him continue."

Lloyds TSB online banking, ATMs titsup in server crash

Adrian Bool
Happy

To balance; OK for me

In contrast to your experience, I've always found LloydsTSB's online interface to be reasonably easy to use, quick and reliable. Perhaps something about your browser could be causing your issues? Safari on OSX Lion here.

Ghanaian she-devil chews off bloke's 'nad sack

Adrian Bool
FAIL

aid@logic.org.uk

Check out the comments on the linked website - debating if she is really a witch or not and suggesting the woman should be forced to marry the poor guy! Personally, I wouldn't want her within a mile of me!

Flashback trojan targeting OS X shuns virtual machines

Adrian Bool
Alert

Running *in* VMware

Note, the check is to see if the malware is running *inside* a VMware VM - i.e. a virtual instance of OS X. Merely installing and perhaps running VMware Fusion won't help you.

Cabinet Office allocates £1.6m for single government domain

Adrian Bool

Beyond beta

Or release.gov.uk - which kind of gives us some hope ;-)

OS X Lion roars, coughs on appearance in App Store

Adrian Bool
Meh

1 day, 4 hours

I was worrying that downloading Lion now would effect the available bandwidth on the video call I need to have in an hour - luckily (!?!) I don't think I need to worry given this trickle of data!

PS: Thanks go out to William Gallafent for the hint on finding the estimated download time within the Purchased tab of the App Store.

Gov will spend £400k to destroy ID card data

Adrian Bool
FAIL

What a waste

Seems crazy to me that these systems are destroyed.

Of course proper data sanitation is required if the systems are to leave the government's control and (reasonably) secure data centres; but I would have thought they could be re-purposed for another government project providing that the classification of the their new role was equal or higher to the data held as part of the ID card scheme.

£400k may be the cost to shred the drives; but how much was the purchase cost - money that the government will surely be paying out again for more storage?

Mac App Store giving away pay apps for free

Adrian Bool
Thumb Down

AV Sales

You always get the AV Vendors quoting shite like this; in the desperate hope they can scare Mac users into purchasing their wares.

Apple coughs to iPhone 3G IOS 4 upgrade problems

Adrian Bool
Go

Try...

Holding down both the sleep and home buttons until the device powers down - then restart - TWICE. I did that on mine and its pretty much back to normal - having sucked big time before. Good luck.

Apple iPad – the 'Tickle Me Elmo' of 2010

Adrian Bool
FAIL

...is there?

JaitcH, just how do you know that iOS4 will be chargeable for iPad? Given that iOS4 wasn't a chargeable update for the iTouch; I'd be willing to bet you're wrong.

Anyway, in your nice 'free' Android world the problem is not with billable updates; but with the likely lack of any update for your device once the manufacturer has moved onto their next model - leaving your hardware behind. Look at the Android phone world for a multitude of examples...

Will hybrid SSD/HDD products succeed?

Adrian Bool

forgetfulness

Because when you turn off the power, RAM loses all the data.

Chinese go beyond binary with ternary molecule

Adrian Bool
FAIL

Memory sandwich molecule does not munch three bits!

Referencing the subtitle for the post...

Three bits can represent eight states; the Chinese device only three!

Another annoying cloud pitch

Adrian Bool

There is new; mixed up with the old...

Dr Funk; I think that there are critical differences between the outsourcing that has occurred for decades and the spontaneous availability of computing resources on the 'real' cloud.

The bio company that jimt222 referred to no doubt decided on their solution, put in some credit card details and had access to the systems to power their work within minutes. Critically, when they finished the processing the charging stopped.

With ICL; did the outsourcing of your compute requirements start with the courting by sales types, the to and fro of contracts, minimum spend (though with an element of pay for the level of resources consumed) and importantly minimum contract length - at least a year if not a lot longer? How long did it take between you deciding to outsource and having the systems available? More than an hour, more than six months?

The Cloud is the just the latest buzzword, liberally applied to any compute farm infrastructure; hence so much of the traditional outsourcing market being resold as if were something new.

There is something new here; a new level of flexibility.

Apple seeks specialist for iPhone ARM upgrade

Adrian Bool
Jobs Halo

@Stuart

Perhaps AlitVec experience is required as Apple will be wanting new employe to convert AlitVec based code from parts of OSX through to the ARM world for the iPhone OS?

Jesus Phone vuln delivers fanboys to phishermen

Adrian Bool
Thumb Down

Sigh

Mm. Nice, so you can appear to be a 'trusted' website (forgetting any https controls) as long as the trusted website has exactly 24 characters in it. Aviv even needed to make up the domain 'securelogin.facebook.com' to get this to work right - that domain name does not even exist.

I'm an iPhone user, and now really quaking in my boots with this revelation.. Honest gov..

VMware's fiscal roller coaster tumbles through Q2

Adrian Bool

XenExpress

XenExpress unfortunately has a number of limitations, such as number of VMs, amount of RAM supported on the machine (4GB) and no support for VLANs. Hopefully a free ESXi will not be limited in these ways...

Apple drags its heels on iPhone security patches

Adrian Bool
Boffin

SSH

Chad, you can only SSH into an iPhone if you jailbreak it and install the ssh daemon. If you've done all that and not changed your password, you deserve what you get...

Apple chucks PA Semi at Jesus Phone

Adrian Bool
Jobs Halo

Sounds reasonable to me..

Apple/PA doesn't need to design its own processors as such; ARM's whole business is about selling processor core designs for its customers who integrate these cores with other more specialist logic to form the final chip.

Apple, with PA's expertise, will take these building blocks and combine them to produce the exact mix of facilities that they feel their products require - allowing the products to be made smaller and more power efficient as a result.

Once they've pulled together a design; they will find someone to actually fabricate it for them.

All very sensible.

Mac OS X Tiger out, Leopard back in

Adrian Bool

Time Machine...

"...though I'd like to see the ability to limit its ability to grab as much space as is available on the back-up drive to a user-defined size."

I had the same requirement; simply partition your external drive and point Time Machine at one of your partitions.

BT preps 2000 per cent evening call price hike

Adrian Bool
Paris Hilton

OFCOM, not fit for purpose

Another great example of what a waste of space and money is OFCOM. Miss Hilton chosen as I'm sure she'd be able run OFCOM better.

'Suspicious comment' provokes LAX terminal evacuation

Adrian Bool

@ xjy...

...all you've forgot is the mandatory bible...

Multics source code released into the wild

Adrian Bool

An interesting paper...

Thirty Years Later: Lessons from the Multics Security Evaluation

http://www.acsac.org/2002/papers/classic-multics.pdf

Does Dell scorn EMC with EqualLogic buy?

Adrian Bool

EMC

Perhaps Dell finally realised that selling awful gear like the AX150i is not a great idea? I've never used Equallogic's products - I can only hope they are an improvement...

iTunes battles Amazon with DRM-free price drop

Adrian Bool

Hasty?

Maybe I'm just warped by the Reality Distortion field, but given that Apple is a US company, based in California, any changes are bound to start from there - does it not seem sensible to give them the benefit of the doubt and at least wait 24 hours before bashing them over pricing differences between trading zones???