* Posts by Skrrp

97 publicly visible posts • joined 6 Oct 2009

Page:

Epson: Cheap printers, expensive ink? Let's turn that upside down

Skrrp
Thumb Up

+1 for Brother

I've got a 4yr old Brother MFC and it keeps going. As you point out, it sits there and cleans its own heads from time to time, never had to run a manual clean.

Brother have been running the 'pay up front, use cheap ink' model for years. This isn't a new Epson invention. I pay £9 for a full set of 3 colour + 2 black (compatible) cartridges and they last me about a year a set (very low usage).

Plus; excellent Linux support from Brother drivers. Works on all my machines.

Not sure what RFID is? Can't hack? You can STILL be a card fraudster with this Android app

Skrrp

Bank cards are not susceptible

I work in this industry.

It is true that Mifare classic has been broken for a long time and can easily be cracked with cheap readers and open source tools.

What the payment card did wrong in this case is held the balance on the card protected only by the lock keys.

If they had implemented some form of readback and check-at-base like I suspect my local bus company does* then they could match card IDs to wildly changing balances and invalidate the IDs of the cards that are being hacked.

Another layer of security such as combining the current balance, the date/time of last transaction and using the card ID as a salt being pumped into a simple bcrypt routine to produce a validation hash would have also foiled this method.

This sounds like sloppy implementation security around guarding the validity of the balance. Nothing to see here.

Bank cards are a different matter. My bank card identifies itself to my phone as a simple Mifare Classic, with a lot of locked sectors. Nothing unusual. When presented to my cracking tool my bank card thinks about it then starts to return timeouts on the sector probes. On the second run, my bank card times out immediately and refuses to talk to the reader. While the chip structure of my bank card may well be a Classic inside, there is something else in there. There is a guard that is sitting between the RFID interface and the chip that is preventing the repeated probings needed to crack the keys. Your bank cards are safe for a while.

*My local bus company uses Desfire cards, so I haven't been able to check their methods.

Dungeons & Dragons relaunches with 'freemium' version 5.0

Skrrp

Paper shortages

"The freebie is 110 pages long, which may explain any unusual paper shortages in your office over recent days."

I would hope that El Reg readers have discovered better systems than D&D by now. The Traveller you mentioned is one such. I personally prefer Alternity; the rules system is far better.

Infinidat quietly files 39 patents. Let's take a closer look

Skrrp

Good eyes

I think it does.

For Windows guest - KVM or XEN and which distro for host?

Skrrp
Go

Dual box

I'm basically running what Bronek is trying to achieve here, albeit at a vastly smaller price tag and want to add another voice to the 2 box setup.

I use Linux in work and for work at home and have a gaming rig running Windows. The Win box is ageing but still suitable for my needs; 3Ghz quad core, 6GB RAM. I play games on it a lot and also need to do heavy lifting - in my case it's ffmepg and kdenlive rather than compiling but the use profile is similar.

I have a Mint VM running in VirtualBox on the Windows machine and give it a stingy 1/2 core (1 virtual core) of the processor and 512MB RAM to work with. Its VDI disk image is out on the NAS box so the VM doesn't have any disk I/O overhead on the host. It runs like a slug but all I use it for is to ssh -X into my Linux laptops and get them to do all the video crunching work I need them to, all while running games as if nothing was happening. The increased network I/O for the VM doesn't impact the network and I can run MMOs and multiplayer FPS games with no lag.

I did try this config using Cygwin but found the X server to be unstable. The first remote X program I ran was fine but then further programs would refuse to start up, complaining about X on Cygwin. I've found the VM way to be far more stable.

Yes, HP will still sue you if you make cartridges for its inkjet printers

Skrrp

And this is why I buy Brother

Canon are ok too.

A BBC-by-subscription 'would be richer', MPs told

Skrrp

Re: Pay by content

What I mean is that I don't want to pay for costume dramas, children's shows, singing shows or cooking as part of my BBC license. The things I do want to pay for are news - which has mass appeal - decent satire which has acceptable appeal and motor racing that I'm prepared to pay for on a niche interest basis.

And who are the twunts who downvoted me? You think it is correct for the government to force me to pay for the making of Pride and Prejudice that I don't watch just because you like it?

Skrrp
Thumb Up

Pay by content

I would happily pay for full access to News 24, Radio 4 and F1 if I could drop the blanket license fee and not fund the crap that the rest of the channels produce.

Vultures circle to feast on carcass of free remote desktop service LogMeIn

Skrrp
Linux

ssh -X ?

There is a very good technology that allows you to access remotely, for free.

Yeah, most people use Windows. I ssh -X into my target network then use rdesktop to hop on to any of the RDP Windows boxes I need. Bonus: no Windows ports exposed to the tinterwebs.

JAILBREAK! US smut spam king Kilbride flees minimum security prison

Skrrp

Re: 2013 closes on a joyous news note!

Who the hell downvoted you? Ah, anons using the fallacy fallacy.

Well, I hate spammers too and I think your post was a sensible solution.

The way I'd like to see the problem tackled is by the big providers tarpitting the problem. If Hotmail, Gmail et al only received 1 email every 5 seconds from each source it would slow the spammers right down. How many humans need to write and send an organic email every 5 seconds?

Weird PHP-poking Linux worm slithers into home routers, Internet of Things

Skrrp

Re: IIS

I prefer my web servers to work, thanks.

telnet> o www.microsoft.com 80

Trying 64.4.11.42...

Connected to www.microsoft.com.

Escape character is '^]'.

OPTIONS * HTTP/1.1

Host: microsoft.com

HTTP/1.1 404 Not Found

Content-Type: text/html

Server: Microsoft-IIS/8.0

X-Powered-By: ASP.NET

Date: Thu, 28 Nov 2013 12:44:17 GMT

Connection: close

Content-Length: 1245

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>

<title>404 - File or directory not found.</title>

<style type="text/css">

<!--

body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}

fieldset{padding:0 15px 10px 15px;}

h1{font-size:2.4em;margin:0;color:#FFF;}

h2{font-size:1.7em;margin:0;color:#CC0000;}

h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}

#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;

background-color:#555555;}

#content{margin:0 0 0 2%;position:relative;}

.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}

-->

</style>

</head>

<body>

<div id="header"><h1>Server Error</h1></div>

<div id="content">

<div class="content-container"><fieldset>

<h2>404 - File or directory not found.</h2>

<h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>

</fieldset></div>

</div>

</body>

</html>

Connection closed by foreign host.

US indicts Brit bloke over backdoor blagging of US troops' data

Skrrp
FAIL

Cost millions ...

"Prosecutors claim that Love's activities cost the affected agencies “millions of dollars”."

We hear this time and time again. It's bollocks.

What this statement means is "we spend millions on infosec consultants after the breach who told us where all the inherent problems in our systems were and how to fix them".

If they had spent the money before, on doing infosec right the first time there wouldn't have been the breach.

This "hacker" is just a convenient excuse to their bosses to make them not look like the bunch of incompetent twunts that they are.

That earth-shattering NSA crypto-cracking: Have spooks smashed RC4?

Skrrp

So can we have updated browser warnings now?

The SSL certificate this site uses is verified by one of the large Trust Authorities, so it should be considered broken.

The SSL certificate this site uses is self-signed, so it should be considered slightly secure.

ISPs scramble to explain mouse-sniffing tool

Skrrp
Thumb Up

Re: Usefulness of the results?

Do you know why El Reg's system is better than The Fail?

I can use the vote system without enabling JavaScript.

'Thundering mechanical behemoth' walker mech to attack Leicester today

Skrrp
Thumb Up

+1 for Diggerland name drop

If you haven't been to one yet then go.

Operating large mechanical beasts is fun.

BlackBerry introduces iOS and Android to Work Space

Skrrp
Thumb Up

A smart company

I think this is a very clever move.

They've lost the handset (OS) war but they retain their unique selling point - secure business comms.

By giving away clients for other operating systems for free they can keep their core business and flog BES licenses. Very well played.

Hey mobile firms: About that Android thing... Did Google add a lockout clause?

Skrrp
Thumb Up

Yeah, I found this trick last night.

Force close, disable, uninstall, really uninstall (yes, I mean it), go back in, disable again then clear data. Ends up with no icon for the app in the tray and 0 memory use on the phone.

Managed to clear all of the vendor crapware (Facebook, Twitter, Dropbox, etc) from my new phone and cleared up 500MB of app memory.

I would also highly recommend rooting your phone to get Ad Block Plus on there, no ads on the phone means a quicker data connection and less data usage.

Signatures no good at protecting databases, says Juniper

Skrrp

Re: Really?

Also the article notes that the attacker may be looking for vendor specific error messages.

Anyone that pumps the actual output of errors to the wide world should be considered foolish.

Skrrp

Re: Really?

I'm also interested to know if this is still a problem. And on what databases?

The proposed solution does sound complex but I guess it could be turned to different things too, such as an attacker sniffing for scripts that might allow directory traversal.

As the author notes though, this would only keep the skiddies out. Any attacker that knows their stuff will be hopping IP and blocking all cookies of any sort.

TalkTalk's tiny package most certainly not 'best value', tuts watchdog

Skrrp
FAIL

Re: Last year someone from talktalk ...

I had a TT cold sales call trying to sell me mobile. It became my record at 44 mins long. I spoke to 3 lovely Indian ladies, 1 of whom was a supervisor. I found out what the weather was like there, that the 1st lady was married with 2 children, had a pet dog and the name of the dog. Never bought a mobile contract though.

I also had TT send a charming but thick girl to my front door trying to flog me 'unlimited' broadband. I asked specifically "so I can light up an illegal torrent station and shift terabytes a month on this?" She told me that I could. She even phoned base and the idiot on the end of the line there told me I could indeed shift unlimited data in illegal torrents. I then read her small print and told her what a "fair use" policy means.

Master Beats: Why doesn't audio quality matter these days?

Skrrp
Thumb Up

Audio on the cheap

I'm not an audiophile but I spend a lot of time walking and listening to mp3s on my phone. A mix of TNS, TNQ, Audible and music.

I've learnt a long time ago that headphones in the 3.5mm jack kills phone sockets in short order so I use a mix of a Jabra Clipper and cheap headphones. The Clippers last about a year and are replaced at £25 each from eBay.

The phones I prefer are £8.99 JVC jobbies from Carphone Warehouse. They last about 6 months and have surprisingly good bass response compared to the other manufacturers I've tried. I suspect most of my money on them goes into magnets rather than packaging or brand.

All in all I spend sub-£45/year on kit and have a happy experience, with the Clipper's ability to answer calls as a bonus.

I'd shell out on the full Jabra over-the-head unit if I thought I wouldn't destroy it in short order and have to pay somewhere near £200/year.

Note: my replacement cycle is not a negative statement about the products or the manufacturers, it is a symptom if the use and abuse I give my kit.

Bill Gates offers big bucks for better condoms

Skrrp
Thumb Up

He doesn't need to go on a search for a better condom

They exist; Pasante Unique:

http://www.lovehoney.co.uk/product.cfm?p=3456 *

Non latex, silicon lube safe, thin and strong. Amazing things. G/f and I love them.

* Other shops are available, couldn't find the actual manufacturer on the first page of Google. Yes, I am lazy.

Throttled customers rage over Virgin Mobile UK's tight cap

Skrrp

Mixed results here

I know that the T-Mobile network has been flaky for me recently. Some periods of outage of up to 20 mins where it shows signal bars but refuses to shift data.

Speed tests just now:

Bournemouth (physically closest): 2Mb down, 1Mb up

Maidenhead (closer to gateway): 3Mb down, 1.8Mb up

Speedy MySQL 5.6 takes aim at NoSQL, MariaDB

Skrrp
Thumb Up

Re: PostgreSQL

Postgres for me too. It's the only sane choice these days.

Which qualifications are worthwhile?

Skrrp

A+

Having looked over the A+ syllabus it's a useful entry tool for helpdesk. Just don't believe the lying course providers. I looked at the skills taught then asked one what the target earnings were for someone with the qualification. He told me £35k+. Best joke I'd heard all year.

If you have a little money and intelligence I thoroughly recommend ISTQB Foundation in System Testing. There appear to be a lot of testing jobs around at the moment and good testers are like gold dust. Pay isn't too bad either.

If you have a lot of money and intelligence the Penetration Testing course is well worth a look. Pen testers are the high paid rock stars of the computing world.

Everything Everywhere prices up UK 4G

Skrrp
Thumb Down

Re: ouch

Massive ouch.

I'm sticking with my £10/mo 3GB allowance on T-Mobile for now.

Fuck you EE.

SAP customers fancy licence payments 'holiday'

Skrrp
Happy

Re: sod that....

"sod that.... just buy an off the shelf system ... hell of a lot cheaper then paying for developers"

Or use a free off the shelf system.

Apache OfBiz.

Is Oracle squeezing the MySQL lemon too hard?

Skrrp
Thumb Down

Re: FUD

I think things have changed. Since moving to Oracle I have noticed a couple of times during an apt-get upgrade that I have to manually accept a closed source binary blob for MySQL for 'security patches'.

Having any sort of interaction during an update is annoying enough but this sort of behaviour has led me to refuse to work with MySQL in production environments.

Mr Bank Manager, help yourself to my smartphone contents

Skrrp

Pretty much as above. The aerial runs several times around the outside of the card.

A cut of about 1cm or less in the middle of the long edge that isn't the mag stripe should do it.

Google image search for 'mifare card' to see examples of internal layouts.

When you do cut, the aerial wires should be visible (may need a magnifying glass) as small copper dots laid next to each other.

Rampant fake Facebook ad clicks riddle hits dead end

Skrrp

Re: I don't get it

I have an alternate theory and it has nothing to do with Facebook themselves or the people paying for advertising.

The social data Facebook holds is hugely valuable to the marketing companies and some of them want access to a whole database of it, not just the promise that FB will target your ads at your demographic.

Hence a couple of years ago we saw penetration by the questions applications. "Does your friend X like thing Y?" X is then told someone answered a question about them and needed to answer a question back to see the answer. This was social data mining with a very thin veneer of being a fun game. It was also bad because as a third party to this I couldn't stop people answering questions about me and my data was in their database because my friends had added the application and guess what permissions it wanted.

I suspect that all this 'clickfraud' is bots run by these database creators, scraping the pages of the people that have allowed the mining applications in to their profiles and following links to see what FB targets at them.

Not even I believe that 80% of hits come from NS + ABP, much as I like and recommend the tools.

BSkyB punches Virgin Media in ads watchdog fist fight

Skrrp
Thumb Up

Fucking whiners ITT

Don't know if I'm just lucky but I live in a house with a 30Mbs Virgin cable connection. Speedtest constantly gives me a rating of 31.5+Mbs down and 3.1+Mbs up.

There are 5 of us living here and I've never seen a speed cap. Maybe we don't hit the 70GB/day mark but we stream videos and download games and play online all the time with no problems. My Steam downloads are always at a nice 3.7MBs speed. Netflix never has a problem.

We don't torrent illegal stuff and we don't hammer the bandwidth all the time but we do get our fair use out of the connection but never have problems. Compared to the clusterfuck that is anything to do with BT twisted pair copper we are more than happy.

Crypto boffins: RSA tokens can be cracked in 13 MINUTES

Skrrp
Thumb Up

This isn't really a real-world threat yet

Firstly, oblig: http://xkcd.com/538/

All these things are well and good but take a long time to mature into in-the-wild attacks. Speaking in a professional capacity* we saw the breaking of the Mifare encryption many years ago but we are still yet to see any serious determined effort in the wild to exploit the knowledge.

We are still selling standard Mifare cards to customers who are quite happy and don't report problems with attacks many years after the cracking method became public knowledge.

These breaking of methods seem to be good for theory in that when a standard is broken it forces manufacturers to up their game and come up with the next more secure solution but outside government level spook games this stuff doesn't seem to have a real world impact.

*Full disclosure: I work in the plastic card security business, not the encryption business. I understand the article but not the encryption engineering behind it.

Jabra Clipper

Skrrp
Thumb Up

Love this headset

Been using it for years now, mainly because it will play audio from the Android music player.

Ignore the price in the article, you can pick them up for about £25 online.

Dish Networks locks horns with broadcasters over ad skipping

Skrrp
Thumb Up

Re: The (low) price of ad-free TV

Advertising in general is a waste of time. As you said, if I want a product I'll search around and word of mouth is more important to me than advertising.

I used to work for a now defunct crap computer maker (named after something that a clock helps you with) and we were once told their stats on adverts. It was £50 per customer footfall and another £150 per computer sale. That's a large chunk of the margin so it was no wonder we were pushed to sell the extended warranties. I guess they were making a loss on a base computer sale. Coupled with that, the computers sold were shite. Factory refurbed and refitted HDDs in new units. They were sold on the basis of advertising alone, while I knew full well where you could buy from a local supplier for the same money and actually get some decent kit.

Now to companies who famously don't advertise; Bentley and Rolls Royce. You heard of them?

If a product is good enough on terms of quality and price you'll have customers beating a path to your door. If your product is sub-standard, you need to advertise.

125,000 Ubuntu PCs to land in Pakistani students' laps

Skrrp
Thumb Up

Re: This could bite them in the arse

Of course none of the science can be directly attributed to a sky wizard but a lot of the great scientists have had religion and felt it was important to them.

Galileo - imprisoned for heresy by the Catholic Church

Newton - Christian(ish)

Darwin - Christian, clergy

Columbus (not a scientist I know) - Christian

As to the Arab world, al-Khwārizmī brought us the number 0 (by the grace of which computers work) and algebra.

/not a god-botherer myself

UK2.NET smashed offline by '10-million-strong' botnet

Skrrp
Stop

Re: the twatters

They were fending off a massive DDOS attack and you were worried about a status page?

I'd rather they were putting in all their resource to fending off an attack.

/Happy UK2 customer for many years

//Other hosts are available

Lords give automatic smut censorship bill the once-over

Skrrp
Stop

I've said it before and I'll say it again ...

Get your damn kids off my Internet.

A better solution would be to set up an alt DNS for the kiddies and just not list smut sites there.

This would make it easier to hunt the grooming paedos too, as their IPs will be connecting to both real and kids' DNS.

HTC Android handsets spew private data to ANY app

Skrrp
Thumb Up

Not on mine

Nexus One with Cyanogen installed, no sign of this .apk file on my phone.

Hackers break SSL encryption used by millions of sites

Skrrp
Go

Browser with no JS support

Lynx.

David Cameron turns water cannons on social networks

Skrrp
Thumb Down

Choppers?

To be fair, the news channels did a frankly shite job of reporting the news.

I was watching News 24 on Monday night and they had their chopper hover over the places that were on fire - where the rioting had been and was no more. I was getting better info from friends who live in London than the news was letting out.

Every time they interviewed a reporter it was by phone and the chopper was never overhead to show us what the ground situation was like.

Apple will 'own games industry'

Skrrp
Thumb Down

He's right and he's wrong

He's right in that digital delivery is set to become the dominant model.

He's wrong in that it will be Apple taking the prize. The ifs and buts he uses are a faulty premise. "If Apple's growth continues in the way it is." No. It won't.

Can I play complex MMOs on an iPad? Even with the advent of streaming game services it'll be pretty difficult to play complex games with touch screen controls more suited to Angry Birds.

I personally predict that Steam will become the dominant delivery system, for consoles too. But that's just my opinion.

European Council: Creating hacking tools should be criminal across EU

Skrrp
Stop

Please do something about this

Everyone who reads this and lives in the EU, please land email on your MEP's desk:

http://www.writetothem.com/

SwiftKey plunders social networks for style

Skrrp
Thumb Up

<3 SwiftKey

Best app I've ever paid for.

Works amazingly.

--sent from my Nexus One

Fedora 15: More than just a pretty interface

Skrrp
Thumb Up

Virtual desktops

Gnome 3 provides 2 by default, in a vertical configuration.

Since it is so raw I haven't found the settings area to change this, but I did notice that as soon as I started working in the 2nd workspace it automatically added a 3rd empty one below it.

DIY kit computer goes Forth against Braben's RaspberryPi

Skrrp
Thumb Up

QBasic?

Does this still ship with MS operating systems?

If not, a simple Linux install will give you access to PHP (via the command line - no need for a full webserver) which is a very forgiving and accessible language for new learners.

Revealed: Secret security plan should Kate leave Wills at the altar

Skrrp
Happy

</title>

El Reg, please please do a Playmobil enactment of this, to the tune of Yakkety Sax.

Google (finally) releases antidote to Google ad webpage drag

Skrrp
Thumb Up

</title>

Or just block iFrames in NoScript.

ISPs and Vaizey set to bump heads over default porn filter

Skrrp

(untitled)

Get the children off the adult internet. Easy.

US woman sues again over XP 'downgrade', seeks class action

Skrrp

OS-free computers

overclockers.co.uk

When you look at their systems they are all listed as without an OS and you choose to add any of the current flavour of MS builds, clearly listing the cost of the component.

Sadly, their laptops are still forced to have an OS.

Orange intros MiFi gadget, refreshes mobile data deals

Skrrp
Thumb Down

Up to 5 devices?

Amateurs. I can connect unlimited* to my phone in tether mode.

*address space allowing.

Page: