* Posts by damian fell

30 publicly visible posts • joined 14 Dec 2007

Identity stolen because of the Marriott breach? Come and claim your new passport

damian fell

Interestingly after doing some further this gives me a bit more confidence in Marriotts cyber security.

Marriott "merged" with Starwood in 2016 in one of these mergers that's really a takeover.

Looks like their systems integration started in 2017, and this August they combined their loyalty schemes.

This sounds very much like they finished wrapping starwoods systems into their cyber security monitoring and immediately found something nasty that the smaller company previously didn't have sufficient tools or processes to catch.

I'm still cheesed off that I'm affected due to a stay back in 2011, for which they had no reason to retain my details.

Sysadmin misses out on paycheck after student test runs amok

damian fell

I used to like systematic naming conventions until a major data centre replatforming project (several hundred applications and several thousand servers).

Changing hostnames was deemed too high risk (IP address changes broke enough things in poorly architected apps), so physical servers for one legacy DC moved to virtual servers in another DC retaining their old location based name.

Cue several years of telling people to ignore what they thought they could imply from the server's name when assessing change and to actually look at the detailed change plans.

Now I think that going back to random server names would be safer.

Help desk declared code PEBCAK and therefore refused to help!

damian fell

So the thing that confuses me here is :

Why the hell are there multiple helpdesks that can't pass a ticket between resolver teams?

Ok it's not a network problem; so just pass it to the desk-side support team in whatever service management tool (or tools) that you are running.

Basic ITSM process design normally includes how to pass on work that has ended up in the wrong place to a more customer friendly triage team.

Virgin's Project Lightning's very, very frightening: ISP will not hit connection target

damian fell

So I'm sitting here looking at the absolute mess that Virgin have just made of our street, ten days in and there are still holes, barriers and spoil heaps lying around.

On day one, without warning* we all woke up to find our drives barricaded off and polyethylene tubing everywhere without a body in sight (I'll give them credit, they get up bloody early before having a coffee break between 8 and 9 when people get up).

So the upshot on our street is that most of us are wondering how after screwing us around they are going to convince us to take out a contract with them, unless they undercut the competition massively they've just installed a hell of a lot of cable that's not likely to be used anytime soon.

*Well there was a note a few weeks ago saying they were in the area, but nothing with dates or information about planned road or pavement closures.

What the Investigatory Powers Bill will mean for your internet use

damian fell

That really depends how they capture and log this stuff...

Remember that unless you're using DNSCrypt, all your queries to OpenDNS are in plain text, traversing your ISP's network, so even if you don't use their servers they can still see it.

The actual legislation proposed wisely doesn't seem to dictate any specific technical mechanism, so they've got two options:

1. Log your DNS queries to their servers, along with anything other DNS traffic traversing them (easy cheap but not very comprehensive, as many devices and browsers will use a local DNS cache).

2. Inspect the packets exiting your network and process them to capture more accurate destination information (more processor intensive and complex, resulting in a larger data storage volume).

My guess is the smaller or less competent ISPs (hello TalkTalk!) will go for option one, but that the larger ones will be leaned on to go for option 2 (and let's face it ,BT has some history of using deep packet inspection technology).

damian fell

Re: you've forgotten about something

That's not my understanding of how the TLS handshake works in most modern browsers.

The very first "client hello" packet will normally contain the server name, so that the "server hello" packet can respond using the correct certificate for the domain name.

I'll admit that whenever I've used this for performance tuning, I've seen it on the same client device as the browser, but I'm pretty sure that it would also be visible on the wire, as wireshark is only viewing the transport layer.

damian fell

you've forgotten about something

In your paragraph about https you've stated that :

"Only the IP address of the destination (and the port used, usually 443) can be determined"

Actually the domain name is also visible to the ISP as it's needed to request the correct certificate as part of the initial handshake (to accommodate servers hosing multiple domain names), so even if everything you use is HTTPS and you use DNSCrypt or local DNS resolution, your ISP will still be able to see the domain name of the server you contacted.

https://en.wikipedia.org/wiki/Server_Name_Indication

Gaze upon the desirable Son of Alpha: Samsung Galaxy A5

damian fell

The non-replaceable battery is why I've just upgraded my 3.5 year old S2 to an Alpha, specifically because it may be the last Samsung phone with a replaceable battery - which to me is indispensable for those multi day camping trips and the annual Glastonbury pilgrimage!

Now I just need to find the best deal between ebay and amazon on spare batteries before the end of June.

Ubuntu to shutter year-old clock unlock bug

damian fell

Insider risk not appreicated by interviewee

Sometimes we can as professionals be blind to the breadth of threats to information assets.

The interviewee here is thinking in the mindset that the only threats worth defending against are those of remote actors, when in most organizations there are internal threat actors that are just as important, and the constraint of admin access to corporate devices is an important part of protecting against that.

If you "cant see a way" that this is a threat, Imagine a disgruntled employee with physical access, using this to elevate privileges and install a key logger to capture credentials for other systems.

El Reg regains atomic keyring capability

damian fell

Originals still going strong

I still have some of he original Traser glowrings, still glowing away quite brightly. I'd say the ten year estimate on them was conservative to say the least

EE fails to apologise for HUGE T-Mobile outage that hit Brits on Friday

damian fell

Hmm that explains that, cynically I'm now expecting a call next week offering to move me off my nice cheap legacy tmobile contract onto a new shiny EE one!

Mozilla's 'Tiles' ads debut in new Firefox nightlies

damian fell

Adverts I don't have an issue with - I'll be interested though to understand how it selects the tiles it displays to me, and what that may mean about some form of hueristic analysis of my browsing habits.

At the moment I believe that all the analysis is client-side and is simply just your top recently most visited sites (I'm happy to be corrected but I don't think my browser is sending details of my browsing traffic to a central location.).

To effectively target adverts (which is what sponsored tiles are), you would need to have some form of algorithm to identify the msot appropriate people to target, it's how they do that selection process that might result in privacy concerns, rather than the presence of adverts themselves (after all we have to pay for our free software somethow).

*edited for spelling and grammer - why the hell doesn't my IE browser at work have basic functionality such as a spell checker like my FF browser at home does!!

Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network

damian fell

Re: I have to defend the police here...

I think you've misunderstood the purpose of an organisation's IT department, surely in the 21st century after having outsourced and abstracted ourselves away from all management of technology, we are now actully nothing more than informed buyers of "services" on behalf of our various business unit's, we don;t need to know how to install apps on servers, we need to understand how to facilitate the commisioning of services wihtin the risk appetite of our organisation, at an appropriate cost level to meet the value provided by the service. (I'll leave you to decide how much of that statement is tongue in cheek and how much is born of bitter experience).

Ad biz now has one less excuse to sponsor freetards and filth

damian fell

So how many people actually look at the adverts? These days I'm pretty sure that my brain is programmed to tune them out, the only time I ever seem to notice them is when I try to scroll a website on my touchscreen and there's an ad in the side bar (ebay is particulalry bad at this).

What's that burning tire smell? It's Microsoft screeching away from the No-IP car crash

damian fell

Too late - I moved all services to changeip.com last Tuesday - no point going back, and I bet I'm not the only customer who jumped ship.

The good thing about DNS service providers is that there is still a competetive market out there, so finding alternative providers is quick and easy, and you are only limited by the TTL settings of your CNAMEs.

Sorry, chaps! We didn't mean to steamroller legit No-IP users – Microsoft

damian fell

I think MS have just shot no-ip in the back of the head.

Last night after a few hours frantic troubleshooting and cursing, I moved all my Dynamic DNS services to another provider (I even had to drive across the county to reconfigure one device whose IP address I didn't have due to no-ip's web servers being down last night).

I suspect I'm not the only one who will be jumping ship after the service disruption, if enough people (paid and free users) do something similar then no-ip's business model will be shot.

Police at the door? Hit the PANIC button to erase your RAM

damian fell

Re: RIPA2000

Argh Godwin's Law strikes early on.

Top tip, power users – upgrading Ubuntu may knacker your Linux PC

damian fell

Hmm - I actually found this the first upgrade for Ubuntu that worked without breakign anything, so it's obviously not a universal fault.

Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...

damian fell

Unity convert

I hated the Unity interface, that is until last Decemeber when I picked up an ASUS touchscreen laptop, and since then I've found it so much easier to use, that it's almost instinctive now.

Granted if I was just using a mouse and keyboard I think it would drive me nuts, but horses for courses, with a touchscreen the Unity paradigm seems to work (or at least better than MS's metro tiles do for me!).

'Database failure ate my data' – Salesforce customer

damian fell

So is an hour data loss good or bad?

No data loss is "good" but without knowing the RPO and RTO of the salesforce SLA's with their customers (I'm not one of their customers) it's hard to say if it was poor service or within the scope of expectations.

If this was a high availability service with low or no RTO/RPO then they've failed, if it had a RPO of greater than an hour and if the RTO was less than 6 hours then it has probably met expectations (data loss experienced of an hour and recovery time of 5 and a bit hours).

If however you'd chosen a cheap low-cost SLA to save money and the cost to your business is greater than the money you've saved by using Salesforce, you've probably made the wrong outsourcing decision...

Google, Apple, eBay shouldn't pay taxes - people should pay taxes

damian fell

Re: Über capitalist trolling from the reg yet again

I like TIm's article as far as it goes, I'm not sure I agree with all the points, but it touches on what I think is a big flaw in EU taxation co-ordination generally, i.e. that there is no co-ordination and we have enacted a principle in law that more or less garauntees inequity between member states.

So you can trade anywhere in the EU and book your taxes in the lowest tax rated country, (who get to keep your lower tax expenditure), thus upsetting everyone in all the other member states whose population have contributed to your profits.

Arguably a far more equitable mechanism would be to have a uniform EU corporate tax rate (actually this bit alone woudl solve some of the arguments), and for that to be paid centrally to a EU taxation agency and then distribute the income between all the member states (this is the bit that would be a nightmare to agree and implement).

However none of us lives in a federal uptopia and it's highly unlikely that any of our countries will actually agree to this as every state has it's version of UKIP who would demonise such a suggestion as "giving up powers to Brussels".

BOFH: Hasta la Vista... luser

damian fell
Coffee/keyboard

ITIL manual

Finally a sensible use for an ITIL manual - if only mine were still shrinkwrapped in wipe-clean plastic.

Bank Trojan crooks trouser £800k from 30,000 Brits

damian fell

Re: indeed, send it right back at them......

Nice one - But obviously if they get it wrong they should be asked for the same character positions that they've got wrong again, to avoid the interception of the pass phrase by a third party by listenign in on the multiple iterations.

Publishing giants sue open textbook startup over layout

damian fell

Re: Brahms died in 1897

Just a minor point about the photographic copyright.

Copyright in the UK, (and I belvie the US is similar) expires 70 years after the death of the photographer, not the subject.

So if the photograph was taken by a photographer in their mid twenties in 1897, who went on to live to be 80+ and died in the 1950s, the copyright could well still be held by their descendents for another 10 years at least.

Anti-gay bus baron rages at being stuffed in Google closet

damian fell
Unhappy

More to the point what idiot gave this bigotted self-publicist a knighthood?

Microsoft explains Windows 7 Phone phantom data cockup

damian fell
FAIL

windows phone 7 - Fail for so many reasons

To be honest having seen and played with a shiny new HTC HD7 phone, I'm sticking with my winmo 6.5 HD2 and will probably move to Android for my next phone.

Data slurping of my monthly allowance would be a minor inconvenience of upgrading to WP7 in comparison to having no file manager, no bluetooth file transfer, no USB PIM sync ability (unless you use a web based service), no USB storage mounting option, unable to use mp3 as a ringtone (assuming you can transfer the file onto the phone in the first place)....

Unfortunately Microsoft seem to have gone down the iOS route and have locked the device owner out of any useful features unless you buy an app from their marketplace, which is a shame because they've finally got the bloody user interface right

Windows phone 7 is literally just a (slightly) smart phone OS not a mobile computing OS.

Ubuntu demotes Gnome for Unity netbook look

damian fell

Uncertain times ahead

Not installed Maverick yet (becasue lucid works quite well enough), but the first thing I did with my Lucid netbook remix after seeing the god-awful interface was to switch back to a Gnome interface, which works very well.

I hope that on Maverick and Natty this will be as simple as it was on Lucid (one tick box in startup config menu) otehrwise I also will be moving back to debian or mandriva(or whatever fork of mandriva is in existence next year).

People have no bloody idea about saving energy

damian fell

US - UK/US tomato/tomatoe (sic)

I don't think that the US have unswithced sockets by default, wheras in the UK we have mostly switched sockets by default, hence the exhortation to unplug rather than switch off.

BOFH: Balancing the budget...

damian fell
IT Angle

Arrgh the insanity

I seem to rememebr back in a past association with a university chemistry department that there was a frenzied purchasing of such high value returnable items as Gold or Platinum crucibles before the year end, only for them to be reurned to the suppliers for a credit note after the year end.

I'm sure that there were more platinum cricibles in ciruclation than actual experiments that could be done with them at certain times of the year!