* Posts by Chris Hills

173 publicly visible posts • joined 17 Jul 2008

Page:

The Six Million Dollar Scam: London cops probe Travelex cyber-ransacking amid reports of £m ransomware demand, wide-open VPN server holes

Chris Hills

Head in the sand again

They were told of the insecure Pulse VPN servers and ignored the warning. But I'm sure the execs will get off scot-free.

Cloudflare buys browser isolation biz S2 Systems in bid to realize Sun's network computing vision at long last

Chris Hills

XPRA

I use XPRA (xpra.org) to run linux apps, including browsers, from a web browser (e.g. behing a restrictive proxy).

What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal

Chris Hills

No, silly

It's one rule for them and one rule for us!

IT consultant who deleted every account on UK company Jet2's domain cops 5 months in jail

Chris Hills

Negligence

It sounds like the company were negligent in not using two-factor authentication for privileged accounts, as well as allowing interactive sessions for service accounts.

Where's our data, Google? Chrome 79 update 'a catastrophe' for Android devs with WebView apps

Chris Hills

Carl Sagan seems apt here

"If you wish to make an apple pie, first you must create the universe."

If you do not build every component yourself and instead mix in unknown 3rd party elements, your system will surely have undefined behavior.

Another senior Gov.UK bod makes a dash from public sector, falls into AWS's arms

Chris Hills

ACOBA is a waste of space

See almost every edition of Private Eye.

123-Reg is at it again: Registrar charges chap for domains he didn’t order – and didn't want

Chris Hills

Re: Credit card

Is it possible to do that on an expired card?

Internet world despairs as non-profit .org sold for $$$$ to private equity firm, price caps axed

Chris Hills

Re: Is it just me?

I strongly agree that the internet is on the verge of being lost to corporate and state interests. It is no longer a useful tool for people.

Royal Bank of Scotland IT contractor ban sparks murmurs of legal action

Chris Hills
IT Angle

They are getting rid of them, then offering them a job on new terms. If they don't like it, go get a contract elsewhere.

Chrome devs tell world that DNS over HTTPS won't open the floodgates of hell

Chris Hills

Optional... for now

When it reaches critical mass and websites start breaking without it, Google will inevitably make DoH mandatory.

Tesco parking app hauled offline after exposing 10s of millions of Automatic Number Plate Recognition images

Chris Hills

Re: RFID tags instead of pictures.

What happens when every car park uses its own system, am I supposed to glue 5 different tags to my windscreen?

Microsoft to improve Azure networking with private links to multi-tenant services

Chris Hills

Update to IPv6 already

Then you can use good old fashioned routers and firewalls to connect hosts to each other.

Oops, wait, yeah, we did hand over photos for King's Cross facial-recog CCTV, cops admit

Chris Hills

The remedy

Everyone whose photo was handed over should be offered plastic surgery to have a different face.

GIMP open source image editor forked to fix 'problematic' name

Chris Hills
Coat

I always thought

GIMP would have been a better name for a LaTeX editor.

Fancy a career exposing cloud data leaks? Great news, companies are still largely clueless

Chris Hills

Blind leading the blind

Managers get shifted around and they are suddenly experts by virtue of their position. Many companies have a culture of wilful ignorance and shooting the messenger.

Microsoft blocked TSO Host's email IPs from Hotmail, Outlook inboxes and no one seems to care

Chris Hills

What I do not understand is...

Why do Microsoft's customers not get a choice of what to block? Surey they could let the messages be delivered into their junk folder instead of blocking them outright. This is a denial of service attack on their customers.

Microsoft hikes cost of licensing its software on rival public clouds, introduces Azure 'Dedicated' Hosts

Chris Hills

Good for Linux and alternatives

All the more reason to migrate to non-Microsoft platforms like SUSE, Red Hat and Ubuntu. It is only a matter of time before Microsoft pushes its own Linux distribution.

Get ready for a literal waiting list for European IPv4 addresses. And no jumping the line

Chris Hills

Re: Meanwhile...

Just disappointed that they still have not when they have reported on it many times in the past.

Firefox Preview for Android: Mozilla has another go at a mobile browser

Chris Hills

Thank you Mozilla!

Even though it is only a preview, it is already my default browser on Android now. It is great to have an alternative that is not backed by a for-profit company and actually has the users' interests at heart.

UK's internet registry prepares a £100m windfall for its board members – and everyone else will pay for it

Chris Hills

Please find out

Who can we complain to about this? Is there an independent body?

Google relents slightly in ad-blocker crackdown – for paid-up enterprise Chrome users, everyone else not so much

Chris Hills

This is a massive f*** you

This is a massive f*** you to all the people who have contributed to all the open source projects that makes up Chrome. It began with KHTML, then WebKit, now Blink. I am not surprised because Google is all about the money. I am glad I made the switch back to Firefox.

UK's planned Espionage Act will crack down on Snowden-style Brit whistleblowers, suspected backdoored gear (cough, Huawei)

Chris Hills

In bed with the Saudis and Chinese

Democracy falls further down the slippery slope.

Buying a second-hand hard drive on eBay? You've got a 'one in two' chance of finding personal info still on it

Chris Hills

In my experience

You have a 3 in 4 chance the seller doesn't package it properly and it gets damaged in transit, or when in falls to the floor through the letterbox.

Hold horror stories: Chief, we've got a f*cking idiot on line 1. Oh, you heard all that

Chris Hills

Re: Careful of what you write

Back in the day we used RMS Service Desk. There were two notes fields, one for the customer to view, and one for the technicians.

Wow, fancy that. Web ad giant Google to block ad-blockers in Chrome. For safety, apparently

Chris Hills

Re: Google are crafty

TLS v1.3 will render these middle boxes useless.

Chris Hills

Re: Own DNS server?

This is why they are pushing DNS-over-HTTPS. When the application does its own dns lookups, you lose the facility to block using your own DNS server or hosts file.

Chris Hills

DNS blocking will not work for long...

To those suggesting using a dns server which blocks domains, this will likely also be subverted in the future as browsers implement DNS-over-HTTPS which bypass your DNS server altogether. Whilst you have control over it today, I would not be suprised if Google forces Chrome to use its own DoH servers in the future.

Error pop-up? Don't worry, let's just get this migration done... BTW it's my day off tomorrow

Chris Hills

My story

I was once asked to go live on an email migration project the DAY before I finished my job, with no handover in place (~1000 users). I hope that worked out for the best.

A year after Logitech screwed over Harmony users, it, um, screws over Harmony users: Device API killed off

Chris Hills

No more lock-in

This is why I am building my home automation so that I am in complete control. At the coal face are simple sensors and relays with arduino and rs485, and I plan to use the open source Mycroft to replace Amazon Echo. I will probably write the software myself or use something existing like home assistant.

It's been a week since engineers approved a new DNS encryption standard and everyone is still yelling

Chris Hills

Re: Tough

Nobody is forcing you to use Chrome or Firefox, and these are not the only applications that use DNS. You are incorrectly conflating web browsing with the whole internet. I can use whatever device and whatever software I choose so long as it adheres to the internet rfc's.

Chris Hills

Tough

I am not a proponent of DNS-over-HTTPS, but on the other hand it is just another application that runs using the internet as transport. Users are free to use it if they want to, and it is not for network backbones to pick and choose what to allow. This is sadly why new protocols like SCTP have not been able to gain traction, because a lot of operators just block them. At the end of the day no one person or organization can make the decision for the rest of the internet. Every day I get more and more surprised it still works at all.

GitHub lost a network link for 43 seconds, went TITSUP for a day

Chris Hills

Re: re: Why did GitHub take a day to resync

One concept Microsoft (afaik) came up with is that of a RID master. It gives out blocks of numbers to other servers upon request. When the server passes the watermark it will preemptively request a new block. In the case of a loss of connectivity, it can still create new objects until the block is exhausted. I thought this could well be applied to database replication.

Budget 2018: Landlords could be forced to grant access for full-fibre connections

Chris Hills

Re: "but a lot of landlords, especially those with blocks of flats just ignore them"

It's not ideal but perhaps this could be solved using an external service riser, just for fibre-optic cables. Alternatively, the floors could be configured in a bus with active equipment or taps from top to bottom.

Chris Hills

Gas distribution networks do not just connect properties for the fun of it. If you want a new connection you will often pay £1000 or more for the privilege.

Here you go, cloudy admins: Google emits NATty odds 'n' sods

Chris Hills

Still using IPv4?

You don't need NAT, you need a FIREWALL.

Google taking action against disguised code in Chrome Web Store

Chris Hills

Re: Google taking action against disguised code

If you want to see just how deep Google's tentacles run in Chrome, take a look at the github project https://github.com/Eloston/ungoogled-chromium

Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security

Chris Hills

Personal Data

Right now the only options for MFA are OTP-SMS or TOTP with the Microsoft app, so either you hand over your phone number, or you install a Microsoft app on your phone. I would much prefer using FIDO U2F keys where the key is generated and stored on the key, and cannot be copied. It is as good as a physical key, without which the lock is nigh on impossible to pick. Unlike FIDO2/WebAuth the key is write-once and in my view more secure. For instance, if I generate a key on my computer and install it on the phone, it is possible for the key to be copied, which is "not possible" with a FIDO U2F key.

Microsoft Azure gains Availability Zones and Immutable Blobs

Chris Hills

Re: "can be created and read, but not updated or deleted"

How is this different to an access control list? An administrator could surely just delete the entire pool, or are they saying they guarantee it will be there for time immemorial?

Solid password practice on Capital One's site? Don't bank on it

Chris Hills

Try typing this password

Edit, el reg does not handle unicode very well...

"The post contains some characters we can’t support"

The original was, as unicode codepoints: U+00F6 U+00BB U+0182 U+0236 U+00AE U+0130 U+014B U+01EC U+1F61B U+0116 U+1F63C U+2601 U+1F633 U+262D U+263E U+0147 U+2628 U+1F62A U+022B U+262C U+2649 U+1F63D U+00CF U+0137

Or in HTML escaped: ö»Ƃȶ®İŋǬ😛Ė😼☁😳☭☾Ň☨😪ȫ☬♉😽Ïķ

Supermicro wraps crypto-blanket around server firmware to hide it from malware injectors

Chris Hills

Is this a good fix?

When I buy IT products, I despise not having control of them. Limiting updates to the manufacturer enforces lock-in and obsolescence. There is a middle-ground where-by a physical jumper could be provided when an update is to be applied.

Official: Google Chrome 69 kills off the World Wide Web (in URLs)

Chris Hills

And yet...

Still no support for dynamic discovery of web servers which would make sense by putting in the top level domain, and has the added benefit of fall back servers and non standard ports. For example example.com -> NAPTR E2U+https _https._srv.example.com -> [2001:22:33:44::385]:5443, 12.34.56.78:8443

HTTPS crypto-shame: TV Licensing website pulled offline

Chris Hills

Kind of, Capita gets the majority of the work but there are other contractors. I presume the BBC is responsible for the infrastructure?

Excuse me, but your website's source code appears to be showing

Chris Hills

Hah

These days most source code is embedded in the page itself. Web sites that do not require javascript are getting few and far between. That said, webassmbly seems to have taken off like a rocket so the only javascript in future may be a thin glue layer.

It's official: Chocolate Factory anoints Tink crypto as Google project

Chris Hills

Re: Great, but...

In a company as large as Google, NIH can equeally apply to other teams as well as other companies.

Chris Hills

Great, but...

Why not simply submit pull requests fixing some of the issues in BoringSSL, another case of NIH?

GitHub goes off the Rails as Microsoft closes in

Chris Hills

AKA we're cashing in on the hard work of open source contributors.

UK.gov to tech industry: Hands up who can help cut teachers' admin

Chris Hills

Is anyone keeping track of all the failed government IT projects.

Infrastructure wonks: Tear up Britain's copper phone networks by 2025

Chris Hills

No PON thank you

Surprise surprise Openreach is going down the PON route so it maintains control of the physical layer (as opposed to PTP fibre where ISP's can deliver their own wavelengths to customers). I would like to see more smaller companies, maybe even community non-profits laying the fibre to stir up more competition.

Juniper pours a shot of its data centre juice into campus networks

Chris Hills

802.1aq

This sounds like SPB (shortest path bridging) under another name.

Microsoft gives users options for Office data slurpage – Basic or Full

Chris Hills

Re: Corporate users?

This is not something you can lobby your MP about. It's a simple market choice. If you do not like what the software does, go elsewhere. There are plenty of alternatives available, both free and commercial.

Page: