* Posts by Flat Phillip

99 publicly visible posts • joined 2 Dec 2010


Have you ever suspected your colleague doesn't hope this email finds you well?*

Flat Phillip

First poll missing an option

Where is the "creates a meeting for every single thing, including pre-meeting meetings"?

First to the wall when the revolution comes.

Hide and seek in outer space highlights a battle here on Earth

Flat Phillip

Wow, they weren't wrong describing him as a one-man environmental disaster.

Network died, hard, during company Christmas party, leaving lone techie to fix it

Flat Phillip


As soon as I read VTP I knew they were in for a bad night.

I'm not saying it always goes bad but touching VTP will generally burn you, especially across switch families or with older IOS.

Pentester says he broke into datacenter via hidden route running behind toilets

Flat Phillip
Thumb Up

I appreciated it at least

"more than just IP access"

Nice, reminds me of those fake names like I.P. Freely.

Heresy: Hare programming language an alternative to C

Flat Phillip

Makes sense

If you can't C you might be able to hare better.

Alarm raised after Microsoft wins data-encoding patent

Flat Phillip

Re: Patenting pi, digit by digit

I agree with Kuhn, get rid of software patents.

They are a curse on the industry as they don't promote innovation and remove it because, for example, anyone looking at doing something new and seeing a patent thicket (nice term) is going to give up.

They are all about big large companies locking in their advantage.

'Set it and forget it' attitude to open-source software has become a major security problem, says Veracode

Flat Phillip

Distributions help here

A lot of the distributions frown upon having "embedded libraries". That is where you have your program in a package and it brings its own special version of libssl or something else along with it.

It's not 100% perfect but when there is a vulnerability for a particular library once it's updated it is done; no need to work out where else has this same library that will also need updating.

It doesn't work too well with modified libraries where the binary maintainer has their own special version with modifications they added to the library. Generally this is a bad idea as there are better ways of getting the same outcome.

China has a satellite with an arm – and America worries it could be used to snatch other spacecraft

Flat Phillip

Space Force predicted this

China needs the arm so you can cut the solar cells off the American satellites.

Also to steal the treasonous monkey.

Australian government fights Facebook news ban by threatening 0.01% of Zuck's ad revenue

Flat Phillip

Re: Just goes to show how out of touch our politicians are

How are you going to read those 10 Articles You Won't Believe (#3 is a shocker) without Facebook News?

AWS has been doing things that are 'just NOT OK since 2015,' says Elastic as firm yanks Apache 2.0 licence

Flat Phillip

Re: Not the first time

So what you are saying is they released software based on a license they didn't understand or they have basically reneged on something they previously released.

You can't blame Stallman and FSF for this; either it is open source (and people are free to make money off the software) or it's not. It's not exactly some strange side-effect or loophole. It is right there, item #6 of the Open Source Definition.

My take is Elasticsearch has seen the $$$ AWS makes and gone... we want some of that action.

On his way out, Trump emits exec order suggesting US cloud giants must verify ID of all foreign customers

Flat Phillip

Re: Was it Trump?

Doesn't even need a fake US ID, any counties will do.

"This looks like a legitimate Elbonian drivers license so you're all good to go on our cloud, Amanda Hugankiss"

The real worry is yes, another database to track people with. Also, depending on how small they go with the order, how good is the provider's security for that data?

'They took away our Cup-a-Soup!' Share your tales of bleak breakout areas with us

Flat Phillip

Re: First they came for the coffee

It's a reasonably reliable sign, especially during the dot-com days.

If they started to muck around with coffee or fruit or whatever, it was time to either burn down your leave or find another contract. It didn't mean things were going bad tomorrow, but you had fair warning.

US taxman wants AI to do the security checks it seemingly can't do itself

Flat Phillip

Needs more work

Here I was hoping it was some new AI killbot that rampaged after SharePoint administrators.

Inept bloke who tried to sell military sat secrets to Russia gets 5 years

Flat Phillip

Looking after dad

If this guy starts making enquiries about life insurance and muscle relaxant when he gets out if I was his dad I'd firmly decline his "help".

nbn™ hits the half-way mark – but has more than half of the job left

Flat Phillip

How ready is ready

I live in one of those locations where it is ready for service (passed the RFS date in March) but... well its not quite orderable yet.

So the website helpfully says



and then:

There’s still work to do before we connect your premises.

So, using their own statistics, which are more about stretching the truth then reporting what is actually happening, am I one of the 50% that is ready for service or the 50% that is not?

Good Guy Comcast: We're not going to sell your data, trust us

Flat Phillip

Aggregate and opt-in

There were two parts that to me seem to be Comcast using the weasel-words.

First, they won't hand over individual data, that doesn't mean it won't be sent in aggregate and who knows how small those "buckets" get. Also it has been shown many times you get enough aggregate data you can sometimes work out who someone is.

The opt-in can of course be covered by 5 scrolling pages of "EULA yada yada" style opt-in in the future, so its all good.

It's Comcast right? We all know how this will end.

Australia's online Census collapses, international hackers blamed

Flat Phillip

Unexpected DDOS

You would think given this is a highly public event with some data privacy contraversy floating around it that they would know someone would try something like this.

There are methods to help against DDOS usually using some sort of service provider.

I think the days of "we didn't think it would happen to us" or "we didn't expect it that big/that way" are long gone.

Liberal Party of Australia: why are you paying so much for ancient software?

Flat Phillip


DataFlex? Now there's a name I've not heard in a long, long time. A long time. I haven't heard software gone by the name DataFlex since, oh, since you were born.

Or maybe 1991; its a close call. And we were trying to remove the awful thing not install it!

Motion Picture Ass. of America to guard online henhouse

Flat Phillip

Someone should build that list. Not because I host anything dodgy but because I don't what my email and/or tiny website at the mercy of some idiot lawyer in Hollywood.

It also sends a very signal to those registrars. Let's face it, it's not like there aren't other choices out there.

Flat Phillip


It will be all ok because of those safeguards, you know the ones that:

* Try to take down sites using

* Remove Debian CDs because they were CDRs

* Tried to nail someone because they were using bittorrent to get valgrind

It seems the rush to find the pirates there may be a somewhat liberal interpretation of what a safeguard is. The hint is, its not "some crap we made up so you all ok about us which we will ignore".

Still it's nothing new; I'm sure there were such things happening in the high seas in Ye Olde Days where some ships that was unknown and/or suspect got taken out.

Australian Greens don't believe Silicon Valley can save the world

Flat Phillip

Not exactly sure

But something about the article makes me think the author is taking the piss at our new-fangled STEM will save the world, or at least Australia, idea our pollies currently have.

I am Craig Wright, inventor of Craig Wright

Flat Phillip

Re: chain of blocks

More likely a chain of bollocks, to use one of those quaint English sayings.

Pop goes the weasel! Large Hadron Collider blown up by critter chomping 66kV cable

Flat Phillip

Cyber Squirrels

Obviously this weasel is part of the Cyber Squirrel conspiracy. While they don't have a break-down of all their agent types and only list successful attacks by Squirrels, bird, raccoons etc, I'm sure it was them.

You can find out what other successes they have had at http://cybersquirrel1.com/

A penguin is a bird, right? (277 successful missions so far)

Miguel de Icaza on his journey from open source to Microsoft: 'It's a different company'

Flat Phillip

Re: open source people DON'T universally hate Miguel.

You do recall correctly. People may want to rewrite the history but Qt around the time Gnome and Gtk started was quite hostile to open source. It was that typical "we'll call it open source but you play by our rules" attitude.

The competition of Gtk definitely put some pressure (but would not be the only reason) to open up Qt; it's all ancient history now but doesn't mean it didn't happen.

Australia's Dick finally drops off

Flat Phillip

Re: dropped off a *long* time ago

Yeah, 25 years seems about right. I was an employee of Dick Smith back then. Half of us had electronic interests and you could see things changing. While there was a full complement of electronic components, there was this temptation to go into consumer electronics because that's where the cash was (Telephone Answer Machines and My kids first computer)

Move forward a few years and noone had any idea and electronics components were those under-stocked annoying things in the corner nobody cared about. I stopped going and went to plays like JB or online instead.

Strangely enough, Jaycar hasn't changed terribly much and is still going.

Admin fishes dirty office chat from mistyped-email bin and then ...?

Flat Phillip

Another era?

I suspect the admin had the best of intentions at the time. There was a time email was newish and he probably thought he was helping people out by fixing typoed email. I doubt he was thinking it would be a problem getting work related emails and sending them on their way.

Me? I'd nuke it and then consider if I want a catch-all anymore. Maybe just check the mail logs and add some alias for some common problems. It is easy to be the armchair general with hindsight though.

DNS root server attack was not aimed at root servers – infosec bods

Flat Phillip

Re: Was it a test?

Not really hard to send stuff from 895M addresses; you can build programs that send it from just over 4 billion addresses. Now; if they were sending it from more than 5 billion addresses and using IPv4 then I'd be impressed.

I'm surprised source IP filtering is still not in yet (and yes I'm quite aware of some of the pitfalls of it). Doesn't make sense for consumer type lines and for the vast majority of commercial ones too.

A Logic Named Joe: The 1946 sci-fi short that nailed modern tech

Flat Phillip
Thumb Up

Re: *Remarkably* sharp prediction?

Brunner had a lot of predictions in that book (others too). Have an upvote.

FBI v Apple spat latest: Bill Gates is really upset that you all thought he was on the Feds' side

Flat Phillip

Re: We are the government

I suggest narrow means "not quite as much as NSA does"

Yahoo! is! up! for! sale! – so! how! much! will! you! bid!?

Flat Phillip

Yahoo should buy Yahoo

After all, it's where all the other failed Internet properties go to die.

D&D geeks were right – their old rule books ARE worth something now

Flat Phillip

Has to be a better way

If only there was a large company filled with nerds that had a really good way to scan books. I'm sure they're not cutting up the library books for the project.

Help! What does 'personal conduct unrelated to operations or financials' mean?

Flat Phillip


My guess he has done something that John McAfee would approve of.

Perhaps they can get together and form some sort of strange start-up.

Samba man 'Tridge' accidentally helps to sink request for Oz voteware source code

Flat Phillip

Voting machines

You do realise that in Australia there are essentially voting machines now? All the bits of paper get counted and then the numbers are sent to a central site and put into a computer, which then does things like send it to the media, update the website and ultimately give the results.

Sure, for simple cases you could pick up fraud, e.g. Voting booth A at electorate B voted 75% Party C, but the scrutineers with their samping might see it only 25% so it looks sus. For more subtle changes its harder, but for the lower house its the edge-cases that get more checks.

For senate (and the story was about the senate voting), good luck with that! There is in theory a 1:1 relationship between the number of bits of paper seen and the numbers that go into the computer but after that it gets hard real quick, especially when you get to the later preferences when the usual suspects have their quotas.

That's not to say I think AEC is fiddling the books, quite the opposite. I'm just pointing out there have been computers involved for quite some time.

The bigger problem is disenfranchising public from the senate voting because it's almost impossible for normal humans to vote how they want in the senate. Not really an IT problem though voting machines might help with the "tablecloth" but a change how the senate is elected would certainly help.

Doctor Who: Even the TARDIS key can't unpick the chronolock in Face the Raven

Flat Phillip

Re: Bring back Clara!

I saw that too. I thought, oh she already has taken it and in the next scene it's back and NOW she's taken it.

Even with Turnbull's NBN, Australian ISPs are getting faster

Flat Phillip

Is it wholesale or retail?

I was never sure, but I assume this is the retail provider, not the wholesale. For example I use the iinet/internode/tpgi borg as my provider which is the retail side but the DSLAM is Telstras, would that make my crappy internet a black mark against i/i/t or Telstra?

If it is based on retail, then it really is that Telstra provides crummy internet. I already know the internet is bad outside metro areas using Telstra wholesale, but then, who else would you use?

Australia on the very brink of cyber-geddon, says ex-spook

Flat Phillip

Sounds like most of those natsec types: the world is going to end in a horrible scary way unless you give us more money or powers. Actually to be sure that nothing scary happens, how about you give us both?

My parents don't know I'm in SEO. They think I play piano in a brothel

Flat Phillip

Re: A very quick education

Well FWIW I found your explanation interesting. I do wish the spammers would back off a bit, I really don't give a rats about my SEO ranking for my own site; execpt perhaps for bragging rights and I'm not paying for that.

NEW ERA for HUMANITY? NASA says something 'major' FOUND ON MARS

Flat Phillip

Do the rock snakes shoot sparkling cannonballs?

Cisco network kit warning: Watch out for malware in the firmware

Flat Phillip

Linked blog

If you try to visit the cisco blog (link is in the article) and attempt to sign-in, you get a weak DH key error. Funny to see that on a blog entry about security.

Get that OFF dot-com, hysterical France screeches at Google

Flat Phillip

Re: Geo-blocking?

It doesn't have to be defamatory or wrong, it just needs to be old or not the current situation. The classic example being someone has gone bankrupt not payed his creditors etc and its reported in the paper. Fast forward a few years later and he is no longer bankrupt, debts are gone etc but you search for their name and the first few hits are those old reports.

The reports are true, just old.

The problem with this sort of law is what is old and what is not relevant? If I am a politician and have done some shady stuff a few years ago, should that data be "forgotten"? What about a hotel with bad reviews?

Also, if I don't like all the other Flat Phillips and want all the hits to be about me, why not just send in a report for all those other websites so I get the first hit on searching.

How British spies really spy: Information that didn't come from Snowden

Flat Phillip

Re: If you've done nothing wrong ... you have everything to fear.

Actually the 96 cyber-attack thing sounds good at first, but depending what it is could be meaningless.

You'd expect someone such as Arbor or other DDoS mitigation company would have detected far more than 96. One security vendor (yes I know they have a drive to increase the number) is saying there were 25,000 attacks today.

Even if they discovered 96 attacks a day, I don't think 0.4% is that impressive for me to have my privacy routinely invaded.

Security tool bod's hell: People think I wrote code for Hacking Team!

Flat Phillip

Re: not possible

During the times of creating the Debian Free Software Guidelines (DFSG) there was a lot of heated discussion around Fields of Endeavour. People were a little uncomfortable with Debian being used on.. certain things. The problem was those "certain things" varied from person to person. For some it could be genetic research, others it was military while there used to be licenses prohibiting software for CB radio (yes this last one actually existed).

In the end, there seemed to be no sensible way of a) working out and agreeing what was universally the "bad thing" and b) having a sensible way of limiting it that could go into a license or the DFSG. Debian now has item #6 as a result.

SourceForge staggers to feet after lengthy STORAGE FAIL outage

Flat Phillip

Re: You can believe everything they say.

My download and summary pages are back, the hosted website isn't.

Glad I moved some of my projects off there already,I wasn't happy with the way they are going so I'm glad I did the move.

Heinz cockup sees Ketchup's QR codes spurt saucy sites

Flat Phillip

I have heard the movies on that site are a bit saucy

Someone had to say it. I'll go now.

Hardcore creationist finds 60-million-year-old fossils in backyard ... 'No, it hasn’t changed my mind about the Bible'

Flat Phillip

Maybe He just messes with carbon dating

You, know like he reaches out with his noodle and messes with the carbon dating machine, or just makes these fake fossiles - pasta can be quite cunning.

Avoiding data retention will be as easy as eating a burger

Flat Phillip

Re: Is Ludlam being a bit naive?

You're missing what he is talking about.

He is talking about the proposed wide-spread data retention scheme that may get introduced in Australia. That scheme will have 2 years of storage of anyone using the internet, to a point and with exceptions.

To get around that specific scheme, just have a Big Mac, or perhaps a Frappe and hook in to the wifi and use something like gmail. The spooks will know that someone in the Maccas accessed gmail but not who they were emailling.

Not exactly Mission Impossible stuff. Meanwhile everyone else using an Internet connection will have their data logged for 2 years all ready for the movie companies or hackers to gain access.

For those that don't understand metadata, EFF has a pretty good page about it at:


Brits need chutzpah to copy Israeli cyberspies' tech creche – ex-spooks

Flat Phillip
Black Helicopters

Re: Easy

This isn't one of those "declare war on France" things some Brits like to go on about; especially after a few beers? It's pretty local and there has been some history with you two.

Seems like a pretty extreme thing to do just to get some firewall startups.

Google boffins PROVE security warnings don't ... LOOK! A funny cat!

Flat Phillip

They are pretty awful messages

I saw this one today:

A secure connection cannot be established because this site uses an unsupported protocol.


I think it means the website is using an old version of SSL, possibly SSLv3; maybe.

Those sort of error messages bug me, you KNOW what is wrong Mr Chrome but you give me a message with OR in it. Firefox was a little better with:

Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

And IE? Well IE 8 just worked fine with no error message at all.

Telstra: we don't collect the metadata the government wants now

Flat Phillip

Why would they retain the IP address for billing? They don't need it.

"User 1234567 downloaded 15 MB at time X" versus "User 1234567 with IP address downloaded 15 MB at time X" doesn't give the carrier any more information. The ones I've seen generally try to aggregate the data as soon as they can for data storage reasons. It costs 1/12th of the price to store hourly data usage versus 5 minutes and from a billing dispute use, the two are pretty much identical. So yes it comes off the actual production systems in short intervals but its only until its "rolled up".

Admittedly, its been a while, but it would mean its a backward step.

There is also the required level of accuracy. The level for operations stuff (think MRTG etc) is pretty low. The level for billing is much higher but still leaves some leeway. The level of accuracy required to say User 1234567 is a terrorist/pedo/pick your boogieman is even higher still. Making sure something is accurate (whatever that means) costs money.

BOO! Grave remote-code exec flaw in GNU C Library TERRIFIES Linux

Flat Phillip

This family of functions is obsolete and anyone needing this sort of feature should be using the more modern (and IPv6 capable) ones instead. The fact that exim is the default for some systems and is remotely vulnerable is a little bit of a worry, but the default setup of exim is to connect to the localhost only. That moves it from a remotely exploitable bug to a privilege escalation one (if its the default setup).

Still, it should get fixed if you have vulnerable versions. Debian Jessie and Sid aren't so no need to update for me.