* Posts by Mike007

283 posts • joined 11 Jun 2009


Finally, a wafer-thin server... Only a tiny little thin one. Oh all right. Just the one...


I used to work in an underground secure control room. Basically a load of people in a room with all of the required servers and other equipment to keep the company running.

The entire bunker was protected by UPSes and backup generators that got tested properly. Tests consisted of a supervisor pulling the main breaker and running on UPS for 10-15 minutes before switching to generators for an hour or so. This test was conducted every single week, with extended tests to empty the tanks every 6 months. The sort of testing regime most people here would love to be able to do.

Then there was an actual power failure. The UPS and Generators worked perfectly and all systems continued running... Except for the air conditioning units, which not only regulated the temperature but also supplied the meat bags with their oxygen. Apparently they lasted about 10 minutes before the shift supervisor told everyone to activate their respective DR procedures and evacuate to the car park.

DevOps to DevOops: Docker Hub proves so secure that 430 Docker images out of 2,500 have no vulnerabilities


Great minds think alike. A shame they didn't think to clarify...

Exactly, what is the criteria for "contains a vulnerability" when you are basically scanning an entire OS image which is likely to only execute a single binary?

Some of the major images have been stripped down to the minimal number of executables and libraries for the application to run, but even then they do not compile a custom version of every shared library that only includes the functions that are actually likely to get called..

You could for example create a Dockerfile that starts off by importing an entire debian base system, then add a standard full apache install and PHP interpreter. You then bundle in your 'application' which consists of a single PHP script with a single line that echos the requesting users IP address.

Let's say that the base debian image contains an outdated version of apt which has a buffer overflow vulnerability. If the apt-get dist-upgrade command is executed with the -y flag then a malicious mirror can send a specially crafted response that executes arbitrary code... I assume that image contains a severe vulnerabily (arbitrary code execution as root!)?

Lettuce Encrypt, Encrypt We Must: Hobby projects change name after Let's Encrypt fires off trademark complaints


I don't believe there would be any requirement to have any financial payment in this case as it is more about the requirement to take action against unauthorised uses, however it would still require that they decide if a project is authorised or not.

If they grant a general license allowing anyone to use the trademark as long as they meet certain criteria then it would still probably allow them to take action against people not meeting that criteria, but what do you specify for the criteria? Come up with a list of criteria and I will give you an example of something that technically meets the criteria but isn't someone you want using your branding! That person now has a license that presumably will be difficult to revoke just because someone decided to change the wording used for newly issued licenses...

You could put in place an application process where projects can request permission to use the trademark, but you are going to want to do some amount of research in to every application before you risk granting them individualised specific permission to associate themselves as having been officially endorsed by you...

Easier just to tell people to use the name of the protocol they support rather than the name of a specific provider, especially if your organisation is supposed to be encouraging adoption of the standard rather than the use of your particular deployment.

An Internet of Trouble lies ahead as root certificates begin to expire en masse, warns security researcher


Whilst I would love to be able to use DANE, browser support is missing not because they haven't added support yet but because browser vendors have independently and for different reasons actively chosen not to support it.

Without going in to all of the discussions on the issues with DANE in browsers, the problem we're meant to be talking about is the process of replacing root signing keys. DNSSEC has done this exactly once, which was delayed by 12 months due to the need to update client software. The amount of manual effort that went in means the theoretical automated key roll process is still pretty much untested and confidence that next time will work flawlessly is not great.

The procedure for rolling the DNSSEC root key involves signing a new key with the old one and publishing in advance so clients can install the new key before it goes live. Once the new key is in production and everything is running smoothly they will then use the new key to sign a revocation of the old key, which again is published for a short period to let clients know to remove it. Once the rollover period is complete the root zone returns to being simply a normal zone signed with a normal key with no record that the old key ever even existed.

The problem with rolling DNSSEC keys in this way is that even if everything works as smoothly and perfectly as it is theoretically designed to, those devices that were on a warehouse shelf during the rollover are now being shipped to customers with old keys and no way of securely updating them...

Any attempt to get around this problem will likely either involve a new set of keys to sign the current root key (which needs all of the same problems to be solved for it!) or devices going and automatically installing completely unsigned keys sourced from the very network it doesn't trust in the first place... Might as well just disable validation, or save yourself the bulky TLS library and stick to plain old HTTP!

Das reboot: That's the only thing to do when the screenshot, er, freezes


Re: Security Risks

Ah, those innocent days, long before the features facilitating such japes became security risks...

You mean the days before security risks were able to access such features. When the only people who could use that functionality were trustworthy people it was fine, the problem only appeared when people who just wanted to cause problems found out about them.

Is being able to access a bank vault a security risk? It is only a problem if the person accessing the vault is there for the purpose of stealing money that isnt theirs.

I would therefore argue that the only security issue that exists is the fact that we have allowed people to have access to computers without first checking that they come from a reputable background. The last time I went to a shop to buy a computer that could connect to "the network" the only information I had to supply was an email address, which was not checked against any kind of approved user list. When I gave the sales person my letters from a judge and a teacher vouching for my moral character she refused to check them and said that as long as I had the money she would give me the computer!

The youth of today with their liberal hippy nonsense... oh crap, when did I become an old person?

Internet root keymasters must think they're cursed: First, a dodgy safe. Now, coronavirus upends IANA ceremony


Re: ... break the rules over non-essential services in Los Angeles...

It's just some technobabble IT thingy, so obviously it isn't essential. Cancel the ceremony and use the budget to buy the latest iphone accessory that the board require for their zoom meetings.

I wish I didn't need to attach the icon...

Attack of the clones: If you were relying on older Xilinx FPGAs to keep your product's hardware code encrypted and secret, here's some bad news


So complex...

Their bitstream is probably really simple, in fact I would bet it was just a sequence of 1's and 0's arranged in a certain order.

In practice most people only need to bother encrypting the documentation that explains the reason the bits are in that specific order.

I extracted the unencrypted CPU instruction codes for Windows ME when they just left it sitting unencrypted on my hard drive! I didn't get very far with my attempt to clone it and sell it as BlockChainCloudAIOS, but someone more fluent in marketing speak might have had better luck with that part.

Cloudflare dumps Google's reCAPTCHA, moves to hCaptcha as free ride ends (and something about privacy)


Re: Let's not go into...

Sorry to interrupt, but can I bum a fag?

UK enters almost-lockdown: Brits urged to keep calm and carry on – as long as it doesn't involve leaving the house


Re: "One form of exercise a day"

We could detain people under the existing powers that have been relaxed. "I believe you have a severe mental health problem and pose a risk to yourself or others. Detained for assesment and treatmemt.".

Treatment options include activities to boost your sense of social participation, such as volunteering to help provide essential supplies as part of the UK governments national food and amazon package delivery network.

BT's Wi-Fi Disc ads banned because there's no evidence the things work


Re: What is best for a house on three levels?

Any "whole home wifi" system should be good. You can base your predictions on what coverage you currently get from the main access point in terms of what sort of range you get per unit.

You put the first unit wherever the best location is and then put another one within range of that one. The unit can be placed in an optimal location on a shelf or wherever and being both stationary and having decent antennas it will get a far better signal than a mobile device on your lap on the sofa. It will then extend the signal the same distance from the starting point. You can put a third one at the edge of that one's coverage to extend it further. If you have an abnormally large house with difficult walls then you might need to go for 4 or 5 units to get the best results but it really is worth the investment once you're already splashing out on a system. If 3 units "just about provides coverage" then 1 extra unit will allow you to shift things slightly and take it from "good enough" to "works perfectly everywhere".

They will self-optimise and figure out for themselves if they can directly talk to the main unit or of it is better to relay through an intermediate.

If you base your positioning on rooms with a just about usable 5Ghz signal then performance will be more than adequate. They should be using 160Mhz wide channels (most of your devices probably do not have radios with that much bandwidth) so will easily achieve hundreds of Mbit of usable throughput. Even what we often classify as a poor signal might get 100-200Mbit for a stationary device near the edge of the usable range. Even if you halve this to account for the fact that packets need to be retransmitted then 100Mbit throughput is more than sufficient for most domestic wifi needs! (some more expensive systems have an extra dedicated radio for backhaul, but for a typical domestic user this is not needed).

I used to have several cheap access points spread around to provide decent coverage in every room, but being independent APs this of course meant if I walked downstairs watching something on my tablet the stream would drop... mesh systems do not have that issue and the automatic configuration and seamless roaming aspects really did me reevaluate my entire approach to "being cost effective". I spent nearly £300 on the TP-Link Deco system "just to see how these things work" out of curiosity. I expected once I had played around with it for a bit it would end up in my spare parts collection in case I needed a quick wifi bridge or whatever, rather than intending to replace my main wifi network with it. It made me realise that I had been putting up with an essential thing I use all the time being utter crap simply because I had never known better...

The TP-Link Deco apparently compares poorly with the competition, yet still wipes the floor with traditional independent APs. Even though I had wiring to some locations I still found myself using wireless backhaul to get better coverage where I couldn't run cables (they had no problem using wired backhaul for a location with existing cabling then wireless to an extra unit in my bedroom which previously had a "just about usable" signal due to powerline being next to useless).

I eventually replaced the TP-Link system with a ubiquity setup, however that was because I run multiple VLANs which isn't supported on the domestic stuff. I splashed out on a ubiquity system because once I saw how well the main network performed I wanted to get the same level of coverage/performance on the additional SSIDs which were still running on my old openwrt routers... once you have had a decent WiFi setup you start to wonder how the hell you coped before! Anyone who uses dual monitors will know what I mean... :)

It's Baaaaaack (or is it?): Microsoft Teams suffers a Tuesday totter


I suspect it is likely to be the educational sector here. Yes there have been a lot of businesses changing how they do things, but that has been spread out over at least a few weeks (the biggest growth anyway) and I suspect microsoft are keeping ahead of this aspect enough that even the further increases this week from this kind of thing would not be a problem.

What you might not realise is that a significant number of universities use the microsoft ecosystem. Microsoft give things like Office365 to them completely free. From a university perspective an industry standard corporate grade email platform for free is worth switching to, and the fact that this subscription also replaces their existing office installs with licenses they got for free whilst giving free licenses to students... oh, and we can also enable this "azure" thing for our domain controllers and we have fewer servers to maintain, and, and, and...

Once a university has signed up that well known tactic of "if all people learn at school is microsoft, companies will have to buy microsoft" kicks in. Microsoft have been trying to "encourage" universities to use Teams for a while, but the reaction has mostly been a shrug as they can't really see much point in changing how they do things and already have systems that seem to work just fine for what they actually use it for.

Yesterday several european countries officially closed all educational institutions, and whilst it is not official in the UK universities did "decide for themselves" to start switching to online-only delivery. They already have this Teams thing that they never used, it claims to be designed for exactly this kind of thing, how many will have decided to give it a try?

I have no idea about colleges and schools, but universities even if "closed" still need to continue running courses and their students are expected to be able to adapt and make use of what is available. Many colleges might also go down the online delivery route, but schools will likely just be "giving up" as they can not expect students to be able to access online resources with equipment they might not have using software nobody has ever shown them how to use. I also suspect that any colleges or schools who do go the online-delivery route are more likely to be looking at Google Classroom which has far bigger market share in that sector.

Deliveroo UK adds 'Don't interact with the help' option for when ordering a burger


What is the daily rate that they are offering, and how does it compare to the usual per-delivery payments that someone who didn't report having a cough would receive?

Also many of their "independent self-employed contractors" offer their services to multiple companies at the same time. How does the Uber Eats daily rate + the Deliveroo daily rate compare to the per-delivery rate that they would normally earn?


My GP surgery sent the following SMS yesterday:

Due to the Corona Virus situation the practice has decided to move to a Total Triage of all appointment requests. We will be recommending that all routine care is either dealt with by telephone or delayed until the risks have reduced. Please see our website for updates

So, presumably the way to get documentation is with a phone call along the lines of:

Self-Employed-Contractor: Hi, I would like to make an appointment please...

Receptionist: OK we need to get a consultant to call you before making an appointment, can you briefly tell me what the problem is and I will get someone to call you back?

Self-Employed-Contractor: I am just feeling a little unwell and I am not sure what it is. I have a cough, a high temperature, and shortness of breath...

Receptionist: OK, I will get someone to call you back as soon as possible.

Self-Employed-Contractor: Do you know when that will be? I need to go to work in a minute.

Receptionist: DO NOT GO IN TO WORK! Stay at home, isolate yourself from any witnesses who can confirm your health status everyone, and again do not go in to work!

Self-Employed-Contractor: But I am a very dedicated employee, and my employer has said that I am allowed to keep working unless given specific written instructions from a medical practitioner preventing me from doing so.

Receptionist: I am already filling out the paperwork, I will put it in the post as soon as the GP signs it and it should be delivered by tomorrow.

Self-Employed-Contractor: OK, Thank you. I guess the only way I will be able to obtain further essential supplies such as toilet roll is to use the convenient and easy to use Deliveroo app to get it delivered to my door in under an hour.

US Homeland Security mistakenly seizes British ad agency's website in prostitution probe gone wrong


Re: > signing a waiver reneging any claim against the US government for damages

I assume (hope) that as it was signed under duress it is worth less than the email it was typed in to...

Researchers trick Tesla into massively breaking the speed limit by sticking a 2-inch piece of electrical tape on a sign


Re: Ooh La La

This is why we have the "National Speed Limit Applies" road sign instead of explicit 60/70 signs on rural roads. The idea was that as vehicles got safer and they increased the limit they wouldn't need to change the signs.

Nothing ever goes according to plan... but, it did allow them to specify different speed limits for different types of vehicles without needing massive complicated signs listing every vehicle category...


Re: Adversarial attacks

No need to broadcast a tone, just need to make sure the business purchases the right model of vacuum cleaner and the doors will close in the cleaner's face every time...

Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months


Re: I understand

LE certs are meant to be automated, so renewals are not an issue. In theory a 1 day validity period could work however for practical reasons they need to be a little longer.

If you are manually installing a LE cert then the problem is that you are doing it wrong. Sitiations where automatic provisioning and renewal isn't practical is where other CAs fill the gap, as they can manually verify legitimacy and issue a certificate that can be manually installed on for example a non-internet-reachable device. I agree that in these situations a 2 or 3 year cert should be allowable, however as there is no distinction between automated validation and manual this is hard to differentiate at a technical level. Perhaps this is where EV certificates could see a use, with the assumption that EV was deliberate and intentional and verified whilst a non-EV cert can be assumed to have been automated at some point and therefore have a lower trust level?

In case anyone is wondering, LE wanted the shortest validity time to reduce risks with temporary hijacks or expired/sold domains but compromised on 60 day renewals to reduce load, with a 30 day grace period to allow for temporary outages and other intermittent failures.

It is also beneficial for automated renewals if it breaks sooner rather than later, because if your renewal script is broken then finding out sooner is far better than finding out after 12 months when everyone involved has either moved on or forgotten about the project. You also get an email if renewals fail before the cert actually expires to give you time to rectify the fault, which is only useful BECAUSE you do not get email notifications unless something is broken. In an ideal world a LE cert would be valid for say 1 week when first issued to pick up on problems sooner, with a renewal on say day 5 which then gives you a normal 3 month cert. But, this increases technical complexity.

Don't Flip out or anything, but the 'flexible glass display' on Samsung's latest pholdable doesn't behave like glass


The inside of the tubes that make up the interwebs contain flexible glass.


Re: Lawsuit time

If a pie were advertised as containing fish but actually contained whale, I suspect the false advertising issue would be less of a concern than the other laws about that.

Microsoft crack habit reports: User claims Surface Laptop 3 screen fractured again after repair


Re: "Physical damage do[es] not happen if there is no external force"

The golden rule of technical support, if someone sends a SYN packet requesting to connect to the "I know what I am doing" port you reply with a RST unless the correct options are present.

The problem is that these days "technical" support is staffed by people who also don't know about packet headers.

Vodafone: Yes, we slurp data on customers' network setups, but we do it for their own good


And when the modem is built in to the router, and has no option to turn off the router side of things and use it as a dumb modem?

The ISP will happily provide an integrated system, but find one willing to supply a dumb modem... and for some reason buying one yourself is more expensive than a full bloatware router with integrated modem.

Was much better when VDSL service required an openreach modem for the VDSL and the ISP supplied a separate router that connected over ethernet, made it easy to just not use the ISP supplied paper weight.


Re: So...

It is a sad aspect of consumers wanting some fully managed service, with the CPE often not properly supporting transparent mode.

I have a Zen line where they supply the PPPoE credentials, however they also supply a CPE which is utter crap. I have a routed subnet, but the CPE does not properly support this (If I recall I could only forward single ports for specific IPs using using it NAT mode, or if I used the public subnet on the "LAN" side with no NAT then it wouldn't let me open up inbound connections at all). The supplied CPE had a "PPPoE passthrough" mode which should in theory be "just a modem" and allow my own router to terminate the PPPoE session to bypass it, but this did not work properly. Zen are a more technically orientated ISP than most so for them to have this crappy CPE just shows the state of the market.

I had an Openreach modem from a previous service, so just plugged that in to terminate the VDSL line and have my router terminate the PPPoE and all works fine. So, it is purely the CPE they supplied that was the problem and I found no way to make the thing stop screwing with my packets and just be a dumb modem. Those plain openreach modems are not avaliable any more, they used to be mandatory but people complained about "needing 2 boxes" so they dropped that rule and required ISPs to supply a modem which they did using integrated units containing Modem+router+wifi+kitchen sink.

It certainly is simple enough to bypass the crap, but even if you can get the required credentials (some ISPs just use IPoE so no creds needed) the problem is that it is a bitch to find a dumb modem (or CPE which will act as one) these days...

Google Chrome to block file downloads – from .exe to .txt – over HTTP by default this year. And we're OK with this


Re: Why would you?

Yeah, fuck those open source projects using servers from multiple sponsors with things like DNS round robins...

There is no excuse for potential sponsors to simply add a line to their crontab then give the project maintainers an IP address and forget about it. If a university really cared about letting people use their spare resources for free they would have a sysadmin configure per-project TLS certificates which have been provisioned through some complex system set up by project maintainers (given that letsencrypt etc only works if you have complete control over the hostname, the project in question would need to find their own solution for provisioning per-server certs and replacing certificates and have mirror servers use that, along side the per-project solution for every other project they donate bandwidth to). All potential sponsors should maintain and renew certificates and per-project server comfigurations and basically have staff dedicate hours of paid time to running the free services. The internet demands that people doing things to help the public suffer the consequences of their decision!

I won't even get started on people who think they are allowed to run their own services without dedicated hostnames under their public domain name and unfiltered global access to the dedicated global IP etc... we all know that hosting things anywhere other than with a large commercial provider is something only terrorists and paedophiles do.

I am currently trying to figure out how to get my WiFi controller to work properly from a VM hosted on a different network, so I can do that HTTPS thing with a free certificate, but for some reason my access points don't seem to be detected. This is weird and makes no sense, because when I tried a temporary test instance running on one of my computers on the local network it worked just fine... obviously that is not a solution because running things on your own network is not the 2020 way of doing things.

Android owners – you'll want to get these latest security patches, especially for this nasty Bluetooth hijack flaw


Re: Who would not do this?

I am not sure the requirements in terms of what is actually needed to exploit the bug, but if it only needs to know the device MAC address then this advice could be incorrect. Discoverable mode enabled and able to be discovered are not the same thing... the reference to guessing bluetooth addresses based on wifi address hints that you merely need the address even if it is not in discoverable mode.

When you explicitly wish to pair a new device you need to be in discoverable mode, where it will respond to probes and be "easy to find", however a device not appearing on the GUI does not mean it is hidden.

Do you use bluetooth headphones? What happens when you turn them on...? The same with pairing to cars etc. Do you have to go and tell your phone to be discoverable before anything will connect? If bluetooth is as much as enabled then even if it isn't currently connected you can simply guess addresses until something responds. Your device will also send out its own probes every few minutes, just in case a paired device is around and didn't auto-connect on startup.

EU we go again: Commission takes aim at Qualcomm over 5G antitrust concerns for radio frequency front end chips


From the relevant register article:

"These payments were not just reductions in price – they were made on the condition that Apple would exclusively use Qualcomm's baseband chipsets in all its iPhones and iPads."

It was not a discount to keep a large customer, I would argue it was worse than what Microsoft did with PC suppliers by offering a discount on the condition of exclusivity.

Why worse? Be because Apple have a large line of existing products they manufacture with these chips. If they wanted to create a new product that used a competitors chips then they wouldn't be able to stop buying the Qualcomm chips for existing products, but would lose the kickbacks that were financially the same as a discount but clearly structured differently.

(It's almost as if this non-obvious way of stricturing the discount was done in the knowledge that it looked far more suspicous than a simple discount, yet could be argued to be a different practice then what was decisively declared illegal in the most famous tech related monopoly abuse case in history...)

At last, the fix no one asked for: Portable home directories merged into systemd


Re: Even better...

Is this the potential compatibility thing mentioned? Encryption doesnt work with some providers...

Protestors in Los Angeles force ICANN board out of hiding over .org sale – for a brief moment, at least


Re: Appearance of impropriety

If you think Welsh independence is the end of the discussion, I invite you to discuss the subject with this friendly bunch of Cornish representatives.

If you are wondering about the pitch forks the answer they gave me was just an expletive directed towards people who live in cities, which I interpreted as they came straight from working the fields and are concerned that if they leave them in the corner while you chat then one of them city folk will steal it.

Chrome suddenly using Bing after installing Office 365 Pro Plus... Yeah, that might have been us, mumbles Microsoft


Re: Antitrust

But at least those hours were made more pleasant by the aboslutely hilarious cursor!

ICANN extracts $20m signing fee for $1bn dot-com price increases – and guess who's going to pay for it?


Who would do this? Which users are resolving against their alternate roots? And How many will continue to do so when the alternate root resolves youtube.com to a different owner than the one recognised by the ICANN endorsed registry?

Two can play that game: China orders ban on US computers and software


Re: Ah the great orange one...

As someone apparently down-voted that comment, I guess I need to explicitly explain that both governments consider themselves china and both governments consider that their territory is the entire area. It's just that one government controls one part of the country and the other controls the other.


Re: Ah the great orange one...

Of course Taiwan is part of China.

Now, as for why the legitimate government of China doesn't do something about those rebels occupying their land... well, each of them has a different excuse. I propose they resolve it with rock paper scissors.

FTC kicks feet through ash pile that once was Cambridge Analytica with belated verdict


Liability limited to shares with no value.

A company has directors who are responsible for running the company. Company directors have a list of legal obligations in relation to running the company. Ensuring paperwork is filed with companies house. Acting in the interests of the company. And... Just a second... I am sure "making sure the company complies with the law" is on this list somewhere... it must be... trying to find it....

Did you hear about that case where the judge ruled that a driver had limited liability for exceeding the speed limit? The court agreed that it was the company that was giving instructions to the accelerator, the director's foot was merely acting on behalf of the company. I would give you a link to the case but I seem to be having difficulty finding information today...

BOFH: Trying to go after IT's budget again?


Re: carbon offsets

If you plant a tree then you are benefiting the environment. If you create something out of renewable resources then you are benefiting the environment. If you recycle the product in a biomass recycling facility then you are benefiting the environment.

Plant a tree. Cut it down and make a door wedge. Then recycle your door wedge using a thermal recycling process. You can claim the carbon credits 3 times, and use the offset to fuel your Ferrari whilst waiting for the new HQ building to be built.

When the IT department speaks, users listen. Or face the consequences


Full symlinks with unix functionality was from XP, with previous versions having a partial implementation.

The problem was that explorer and other tools were ignorant of them, so a loop could lock up the machine and a delete operation would recurse... making it very easy to break things.

Row erupts over who to blame after NordVPN says: One of our servers was hacked via remote management tool


"Even if a hacker could have viewed the traffic while being connected to the server, he could only see what an ordinary ISP would see"

Which is not a problem because... wait, what is their entire sales pitch based on again?

Traffic lights worldwide set to change after Swedish engineer saw red over getting a ticket


Re: Has anyone ever noticed...

Example: roundabouts with traffic lights ON THE ROUNDABOUT.

Junior minister says gov.UK considering facial recognition to verify age of p0rn-watchers


Re: Facial?

"Are you able to demonstrate that you are sexually mature enough to consent to the viewing of pornographic context?"

"What does it look like to you?"

"Looks like I should get out of the way and let you have access to porn"

However there is a potential discrimination aspect to this verification mechanism, as not many laptops are equipped with moisture sensors that can be read by a web page.

Help! I bought a domain and ended up with a stranger's PayPal! And I can't give it back


A white hat would add a filter to drop the emails.

Someone whose hat had faded a bit with age might be tempted to do a password reset and start giving out free refunds.

Someone with a hat that started off a different shade might make some donations to respected charities.

Someone with a hat mimicking the colour preferred by the goth community might decide to transfer the other persons funds to their personal account for safe keeping.

Hundreds charged in internet's biggest child-abuse swap-shop site bust: IP addy leak led cops to sys-op's home


Re: Fair play to the authorities

Did snowden publish that quote from the USA, or did he just go to another country to say it?

I believe the comment you were replying to was pointing out that if a chinese citizen wished to publish information criticising the government then using a server in the USA is probably a better idea than hosting a hidden service from your home address in china.

Any finger will do? Samsung Galaxy S10 with a screen protector reportedly easy to fool


Re: Simple solution

When he unlocked his phone his finger went top right, middle, top right, bottom right... OK, I now know his PIN. Probably the same one as his bank card.

Fingerprint scanners were to get around the fact that you can probably assume that your entire family have the ability to order themselves a Christmas present...

Boris Brexit bluff binds .eu domains to time-bending itinerary


Re: Good luck with that

4) No one has actually pointed to a specific European law and explained what it is that is wrong with it.

The cookie consent law. It is annoying.

Not as annoying as losing my rights as an EU citizen, but it is a specific EU regulation that I am able to point to and explain what is wrong with it!


At least you understand why I downvoted you...

Careful now, UK court ruling says email signature blocks can sign binding contracts


Re: Email?

Erm, yes we do... S/MIME is a standard way to sign or encrypt an email. Support is built in to all significant email clients. Even outlook express (remember that?) supports it. Obviously not supported in webmail clients.

But, nobody uses it... something to do with certificate authorities wanting to make money on everything involving enceyption.

Margin mugs: A bank paid how much for a 2m Ethernet cable? WTF!


Re: Bargain

Billing $400 for reaching in to a box and grabbing a cable might result in questions that are difficult to answer...

Sounds like the sort of client where you check you haven't accidentally got a spare USB stick in your pocket before heading on-site. A billable expense of "Travel to Australia to collect critical component" every time you need to reinstall an OS.

What a bunch of DoSers: Wikipedia says it was walloped by 'bad faith' actors over weekend


You will never be able to stop the attacks, because their DDoS as a service platform is protected by Cloudflare... If you want to be safe from those people, you need to get your protection from Cloudflare as well.

I think that's how things work these days, right?


(To be clear, I am a great supporter of many of the things Cloudflare has done.. But it is well known that a significant number of the DDoS as a service websites are only able to function because Cloudflare is willing to protect them against their rivals - and making it easier to buy a DDoS attack doesn't exactly hurt Cloudflare's business model...)

Web body mulls halving HTTPS cert lifetimes. That screaming in the distance is HTTPS cert sellers fearing orgs will bail for Let's Encrypt


Re: DV's only

Because the browser vendors didn't want to support the standard. Something about not wanting to include a DNS library in the browser... an argument they stopped using when they actually did want to support a new standard.

It is commonly used for opportunistic encryption of SMTP transactions.

Microsoft spreads the Cortana love to more Insiders with new Windows 10 preview


Clippy was limited to "I see you are writing a letter".

Cortana will be able to make suggestions along the lines of "I see you finally got around to writing that complaint. But, when describing the events prior to the employee punching you, just say that you were attempting to submit a verbal complaint regarding the quality of the facilities. If you tell them how many of the bar's products you had tested it might count against you."

Y2K, Windows NT4 Server and Notes. It's a 1990s Who, Me? special


"It is now safe to turn off your computer"

Ahh, yes, the days before electronic devices knew how to turn themselves off...

Which was followed by the brief era of only God's knowing how to hold a button.

People of Britain: You know that you're not locked into using the same ISP forever, right?


Re: "Cost" of switching

One of the few situations where I felt justified to give misleading information - knew someone like this. She got a new android phone and needed help setting it up. I set her up with a gmail account and added her ISP account as an external account. Told her it was because her phone was a google phone and didn't support the ISP email, but any email to her old address would still come through and she could select to send from her ISP address when needed by changing the from address when writing an email.

After several years of every outbound message coming from her gmail address, very few people are still sending to her ISP address which means switching would not be as much hassle as it used to be...

Dishonest? Yes. If she told someone "with a clue" about why her address changed, would they call me clueless and incompetent for such bad advice? Probably... was it the right thing to do? Definately!

(And before anyone comments on the choice of gmail, her ISP email is hosted by google anyway...)


You mean those who want to join, and those who need help to realise that they want to stay...



Biting the hand that feeds IT © 1998–2020