* Posts by zb42

52 publicly visible posts • joined 28 Apr 2011


Bank boss hated IT, loved the beach, was clueless about ports and politeness


Re: Every single time

It is more complicated than that.

It depends if the USB device has a unique serial number.

If a USB device does not have a unique serial number then the OS can't tell apart two identical devices.

You could have two identical printers or USB to serial converters or whatever connected to one PC.

Giving each device a unique serial number slightly increases the manufacturing cost so manufacturers often don't bother.

Lawyer guilty of arrogance after ignoring tech support


Re: Are you sure, this isn't the plot of an IT Crowd epsiode?

I think I first read that about twenty five years ago in the "under development" column in Computer Shopper UK magazine, which was monthly tales from a man who ran a small IT company.

Want to feel old? Ethernet just celebrated its 50th birthday


thick coax tthernet

Around the year 1989, I recall the high school computer studies teacher occasionally sending a whole class to search two three-story buildings to find where the network coax was disconnected.

Each classroom had a thick coax drop with a PL259 plug and SO239 socket that was normally linked through but could be connected to an RM nimbus 80186 computer on a sturdy metal desk on wheels.

Uncle Sam wants DEF CON hackers to pwn this Moonlighter satellite in space


Re: Money spent

There are more details in the Moonlighter Mission Statement pdf.

They predict that it will deorbit after 1.5 years.


It is expected to be at an altitude of between 465 km and 500 km.

That means that from where you happen to be on the earths surface it will be above the horizon and in radio range once or twice a day for 30 seconds to a couple of minutes depending on how close to you it gets, how high up you can get your antenna and the terrain around you blocking some of your view of the sky.

Mouse hiding in cable tray cheesed off its bemused user


Re: Happens with cheap Bluetooth mice and keyboards still

TP-link made two models of USB bluetooth adapter, the UB400 and UB500, which use the same MAC address for each model device.

These are little black adapters that plug into a computer and can be paired with whatever bluetooth keyboard and mouse you have.

You can have a UB-400 and a UB-500 in the same room, but not two UB-400's or 500's

Singapore to license pentesters and managed infosec operators


I wonder if this is written to clearly include or clearly exclude random people at home participating in bug bounty programs.

The time you solved that months-long problem in 3 seconds


Loose screws

This reminds me of the case of an aspirating smoke detector.

Rooms containing important equipment often have a smoke detection system where some air is collected by some red pipes running across the ceiling. Sometimes insurance companies will charge less if one is installed, as they can give an early warning of something smouldering.

The main unit, on the wall outside the room, has a filter that has to be changed every year or so.

They are often installed by a fire alarm man who was sent on a one day course, three years ago.

One system was showing errors that the fire alarm man could not figure out and the fire alarm company eventually got someone from the distributor to come and have a look. He immediately diagnosed that the screws in the main unit were not done up tightly enough.

Microsoft to 600 million Indians: feel free to hand over some data


I'm still displeased about the many "I'd like to add you to my professional network" emails

I received a decade ago, sent from Linkedin servers with forged From: addresses and a fake

message that appeared to be from someone I may have exchanged email with once.

The $13 million they paid to settle a lawsuit about that is annoyingly nothing compared to the $26 billion Microsoft paid to buy them.

I find it sad that hoping the general public will choose to stay away from evil companies just does not work.

I still won't buy anything from Sony because they put bad software on audio CD's twenty years ago, their $80 billion in yearly revenue suggests that they won't notice.

Fix five days of server failure with this one weird trick


slightly low voltage

About 21 years ago, an acquaintance of mine had a story about his Amiga harddrive ceasing to work. It turned out that the power supply was producing 4.8volts instead of 5.0volts, apparently enough for the computer to boot but not for the harddrive to work.

Happy 'Freedom Day': Stats suggest many in England don't want it or think it's a terrible idea



The statistics seem mildly bad to me.

A few days ago, infections were about half alpha variant, half delta variant. The delta variant seems to spread more rapidly.


Page 39 in this report says that two does of vaccine are 79% effective at protecting against the delta variant


After initially giving an incorrect statistic, the chief scientific adviser says that 40% of the people who have been admitted to hospital have had two doses of vaccine.

To me, it seems that the numbers indicate that filling stadiums and concert halls with people is still going to result in lots of infections in people who go home to places all over the UK. Vaccination reducing the chance of transmission by a factor of five is not enough.

There's no 'Skype' in Teams: Microsoft lets signing key for its Debian Skype repository slip gently into the night


This reminds me of the time that Microsoft did not pay to renew the domain name hotmail.co.uk and someone else bought it


BT promises firmware update for Mini Whole Home Wi-Fi discs to prevent obsessive Big Tech DNS lookups


BT recently pushed new firmware to "Smart Hub 2" internet boxes.

It broke communicatioms between devices on the 2.4GHz and 5GHz wifi bands.

I have the log from one Hub2, it took a little over a month from BT saying that they had a fixed version of the firmware until it was actually pushed out to the box. An old wifi access point as a workaround is still plugged in at that office.

After staff revolt, Freenode management takes over hundreds of IRC channels for 'policy violations'


Here is an interview where Andrew Lee talks about some blockchain authentication thing called "handshake".

The plan is said to be to "airdrop" tokens on to open source communities, starting with some web-of-trust thing, Freenode and github users who contribute to open source.


Ministry of Defence tells contractors not to answer certain UK census questions over security fears


When the form turned up, I noted that the website for filling in the census online is hosted on Google Cloud and wandered out to a phone box to request a paper form, which took about eight days to arrive.

Google emits data-leaking proof-of-concept Spectre exploit for Intel CPUs to really get everyone's attention


Re: Precision timer?


I like to occasionally play the 48K Spectrum version of Manic Miner in a browser.

Facebook and Apple are toying with us, and it's scarcely believable


This article incorrectly refers to Facebook users as customers.

Facebook's customers are the advertisers and political campaigns that pay them money.

People who use Facebook are not customers of Facebook, they are livestock.

We've paused Sigfox roof aerial payments, says WND-UK, but we'll make you whole after COVID


not just competing with cellular

They are competing with ORBCOMM who have fifty low-orbit satellites and are well established

ORBCOMM have near worldwide coverage, though client devices that are down in a valley may only have a connection sometimes when a satellite is overhead.

I expect this lot is capable of carrying a bit more data than ORBCOMMs typical 6 to 30 byte messages.

One does not simply repurpose an entire internet constellation for sat-nav, but UK might have a go anyway


Re: a few more points

The Oneweb satellites are 750 miles up. GPS satellites are 12500 miles up. The footprint is much smaller.

With 31 operational GPS satellites then from the earths surface a GPS receiver occasionally sees seven satellites at once.

So your claim of 80 LEO satellites giving twenty in view seems obviously wrong to me but I'v never played Kerbal space program.


a few more points

The oneweb satellites, due to their low altitude, can stay in orbit for 5 to 7 years, then they would need replacing (if this ludicrous plan is attempted). Ok, Elon is doing cheap launches but it's still a large ongoing cost.

The oldest operational GPS satellite is 23 years old and the reserve satellites are up to 27 years old.

I very much doubt that they could get it to work in any useful way within the lifetime of the current satellites. Or several more batches.

GPS generally needs to have three satellites in view in the sky.

An FT article suggested that 80 satellites could be fitted with positioning equipment. The low orbit means that having three satellites in view would only happen now and again.

I can't see any rich lunatics coming along to fund the other 80% of oneweb. Starlink is far ahead. Softbank has already wasted a couple of billion on Oneweb and decided not to continue.

Keen to go _ExtInt? LLVM Clang compiler adds support for custom width integers


33bit time

This sounds like a great way to solve the year 2038 problem without wasting those precious extra bits in a 64bit variable. A single extra bit could extend unix time to the year 2106, by which time we will all be dead and it will be somebody else's problem. </sarcasm>

OK brainiacs, we've got an IT cold case for you: Fatal disk errors on an Amiga 4000 with 600MB external SCSI unless the clock app is... just so


slightly low voltage

About 20 years ago, an acquaintance of mine had a story about his Amiga harddrive ceasing to work. It turned out that the power supply was producing 4.8volts instead of 5.0volts, apparently enough for the computer to boot but not for the harddrive to work.

Things that make you go zoom: Huawei rolls out pictastic P40 phones, no Google Play Store in sight


Is there an under a hundred quid way of getting a modern smartphone that Google (or Apple) can't use to spy on me, without any messing about with jailbreaks or firmware flashing?

It’s not true no one wants .uk domains – just look at all these Bulgarians who signed up to nab expired addresses



Four hundred quid to become a nominet member, then a hundred quid a year.

Cheaper than I expected.

Chrome suddenly using Bing after installing Office 365 Pro Plus... Yeah, that might have been us, mumbles Microsoft


Re: Slurp -

I believe the legal term is "tortious interference".

'No BS' web host Gandi lives up to half of its motto... Some customer data wiped out in storage server meltdown


Moxie Marlinspike, known for signal messenger and entertaining blogging about ocean sailing, has a bit of history with Gandi.

Marlinspike make a browser plug-in that anonymized google searches. Ghandi broke it by cancelling the SSL certificate without warning.

A decade ago he found that they accepted null characters in SSL certificates, allowing the issue of certificates that some browsers accepted as being for someone else's website. Ghandi locked his account without warning and customer service later told him he was personally banned.

When the certificates were approaching expiry Ghandi sent him emails suggesting renewals, with links that worked to renew the certificates

El reg passim links



Beware the three-finger-salute, or 'How I Got The Keys To The Kingdom'


Re: ...why Microsoft taught people to hit Ctl-Alt-Del...

This was a deliberate choice, someone could run a program that looks like the normal login screen which actually steals usernames and passwords. Ctrl-alt-del can't be intercepted by a user-mode program.

Larry Osterman wrote a blog post about this in 2005.


Post Office faces potential criminal probe over Fujitsu IT system's accounting failures


A minor IT angle

So much horror in the blog.

A minor IT aspect: The system ran on Windows NT until 2010 (according to Nick Wallis in a BBC interview), five or six years after the end of extended support for that OS,then after a 2015 deal with IBM collapsed it was upgraded to windows 8 (according to computer weekly)

If it was locked down and firewalled appropriately then that may not have been particularly risky, and the upgrade cost would have been huge, but it's not exactly confidence inspiring.

Sod 3G, that can go, but don't rush to turn off 2G, UK still needs it – report


My 2G phone works for three weeks between charges, making a couple of short calls.

The dread sound of the squeaking caster in the humming data centre


Big lead-acid batteries, as used in large UPS systems, are really heavy.

A person who routinely tried to cut corners, usually resulting in aggrieved customers and the rest of us having to do much more work than it would have taken to do things properly the first time, borrowed a milk trolley, a five foot tall metal cage on wheels, loaded it with about 150KG of batteries, got it going down a slope at speed then ran over his own foot.

His broken toes caused him a lot of pain for a while but did not improve his attitude.

Microsoft? Oh it's just another partnership, insists GitHub CEO


I think Microsoft overpaid for github. Microsoft appears primarily driven by a desire for revenue these days.

I consider it very likely that in the next three years some big change will be made at github and people won't like it. I don't know what it will be but some middle manager or bean counter is going to come up with something that he hopes will get him a promotion.

Long term there is a good chance of it being as independent as hotmail now is.

EE switches on 5G: Oi, where are your Mates? Yes, we mean the Huawei phones


I'm reminded of the launch of WAP phones twenty years ago. At the time, I found it baffling that Cellnet spent very large amounts of money on something that a typical person played with for ten minutes and concluded was rubbish and too expensive.

I have since accepted that it is just a normal consequence of human nature that the people in charge of things are usually clueless nitwits.

Wine? No, posh noshery in high spirits despite giving away £4,500 bottle of Bordeaux


A relevant study

There is an interesting paper on the subject of the link between the cost of wine and how much people enjoy it when they don't know how much it costs.

"In a sample of more than 6,000 blind tastings, we find that the correlation between price and overall rating is small and negative, suggesting that individuals on average enjoy more expensive wines slightly less."

Link to the paper:

Do More Expensive Wines Taste Better? Evidence from a Large Sample of Blind Tastings

Bitcoin drops 7 per cent on New York Attorney General's allegations of $850m fraud by Bitfinex


Since 2012 it has been my opinion that only wildly impetuous people set up bitcoin exchanges.

It was highly amusing to read about for years, I lost interest a while back.

I recall Amir using his personal bank account to operate Britcoin. The days when mtgox frequently fell over quite often, if Karpeles was asleep people on the bitcoin IRC channel would call his mobile phone until he woke up. He appeared to do no testing of changes to his software before making it live.

I recall the Polish exchange that disappeared one day, the young men running it tried to increase the RAM on the single virtual server it ran on and accidentally reinstalled it. They had no backup and the private keys for about a hundred thousand BTC were lost. They went silent for a couple of weeks, when they reappeared they claimed they had got drunk for a few days when they lost hope of recovering the bitcoin.

Several hacks of bitcoinica, culminating in the time the source code was deliberately released but contained an important password which was rapidly used to steal the bitcoin.

Nefario setting up his own stock market and being genuinely surprised when he got some legal advice and was told that there are lots of regulations that he should have been following.

There was the exchange that thought they were super secure because only a few laptops could access the servers. The laptops had windows, microsoft office and skype installed. A staff member accepted a document from a phisher on skype and ran it with macros enabled, bye bye bitcoin.

The risks, difficulties and regulatory uncertainty mean that only wildly impetuous people set up bitcoin exchanges resulting in bitcoin exchanges being run by impetuous people who commit terrible blunders and try to keep going.

If you want to store some bitcoin and conclude that keeping it in an exchange account or wallet run by someone else is a terrible idea then running bitcoin software yourself seems like quite a hassle. You need to figure out which version of the software to use if there is currently a battle between different factions over block size or something then download, verify (days of 100% cpu) and store 200GB of blockchain. If you want to receive some BTC and you have not run your software for a while then you may have to wait hours for it to get recent blocks.

Disco Dingo fever: Ubuntu 19.04 has an infrastructure bent, snappier GNOME and another stupid name


I personally find the Ubuntu graphical user interface to be infuriating and laggy. I have installed various versions of ubuntu on virtualbox, KVM and an old desktop and had problems with the display not redrawing properly. Debian with XFCE works and does not annoy me so that is what I use.

On an older version of Ububtu on the old desktop I use for testing unplugging a USB keyboard repeatable caused xwindow to crash.

I know a couple of people who think Ubuntu is great, maybe it's just me.

And here's Intel's Epyc response: Up-to 56-core, 4GHz 14nm second-gen Xeon SP chips, Agilex FPGAs, persistent mem


Am I the only one cynical enough to think that persistent memory is inevitably going to lead to situations where you power the computer off and back on and it remains stuck in an unintended dysfunctional state?

I'm sure they are unusual cases where it is really useful, I just can't see it being worthwhile for typical computer use.

John McAfee is 'liable' for 2012 death of Belize neighbour, rules court


I'v read the slashdot interview with McAfee where he talked about smuggling drugs through south america, I'm still in awe of his tweet about entering a whale F%!$ing contest but he has topped that now. Failing to defend a civil lawsuit in the USA is the most impetuous thing he has done so far.

Windows 0-day pops up out of nowhere Twitter


first windows LPE that I remember

The first windows LPE exploit that I was aware of was released in February 1999 by Dildog of the L0pht, almost twenty years ago.

Google Spectre whizz kicked out of Caesars, blocked from DEF CON over hack 'attack' tweet



This reminds me of the year 2000 Hope conference at the Hotel Pensylvania in New York City.

The phone company circulated a memo to their employees warning about hackers in town.

Conference organiser Emmanuel Goldstein kicked off the social engineering session by telephoning the telco security person who issued the memo and asking about it. After a minute or two the teleco person said something like "I'm not seeing you on the list of employees.."

According to Goldstein the hotel management later got a call complaining that H2K people where trying to hack their mainframe and took it to mean that someone was physically breaking into telco equipment with an axe.

Why you shouldn't trust a stranger's VPN: Plenty leak your IP addresses


This article puts the blame on the wrong people. VPN services should not be messing with your traffic to block webRTC.

Blame the broswer makers for this.

If you follow el reg's advice at the bottom of the article to set up your own vpn using the openvpn software then it will not block webRTC.

Nutanix: Yup, OK, we gobbled PernixData, Calm.io. What you gonna do about it?


For those of us who are not not visualization and storage wonks... what do they sell?

It's... some sort of thing that makes virtual machines faster?

Symantec: I know we said things'd get better when we sold Veritas...


also horrendous security holes in their products

Google security researcher Tavis Ormandy just discovered a load of security holes in code used in Norton antivirus, Symantec Endpoint (All Platforms), SMSME, SSE and probably other products of the "when your antivirus scans a file from email/web/usb-stick software in the file can get running on your machine with full privileges" variety, thus making your machine more vulnerable than it would be without security software.

Sadly this is not going to affect their business.

i seem to recall that around twenty years ago someone found a way to get thunderbyte antivirus to run code from a file that it was scanning, it's not a new problem. Almost nobody is able to usefully assess security software or pays any attention to it's problems. In a rational market McAfee (now Intel security) and symantec would be out of business instead of making billions.

CVE bug system has bugs – quick, use this alternative, say hackers


Distributed Weakness Filing, enough volunteer labour

CVE assignments is easily a full time job for a couple of people if they are cranking them out with very little verification.

There were about 6000 issued in 2015. (the highest numbered is CVE-2015-8822 but they didn't use some numbers).

Just weeding out duplicates, invalid reports, trolls and jokes and publishing a coherent summary will easily take an hour each. That is nowhere near enough time to actually install some software and see if a bug is real.

Raymond Chen of Microsoft, blogging as OldNewThing, complains that Microsoft get a lot of invalid security-hold reports that can be summed up as "if you already have admin privilege you can do blah".

People with enough knowledge to do anything beyond saying "Eh, sounds plausible, have a number" are uncommon and can be out earning money.

I am doubtful about them getting enough volunteer labour to replace the work of Mitre corp.

'$5bn for Slack?! I refuse to pay!' You don't pay – and that's its biggest problem


Mattermost, opewn-souce clone of slack

There is an open source clone of slack called mattermost. It's seems ok, I'v spun it up and played with it for half an hour. I got no futher because the standard way of using it seems to be to use docker. I havn't had the enthusiasm to spend a day learning docker yet, I would have no idea how to fix the mattermost container if it just stopped booting, how to keep it backed up and patched.

Slack costs hundreds of dollars a month for a couple of dozen users. The cost is high enough that getting someone to set up mattermost is a reasonable alternative.

Ancient pager tech SMS: It works, it's fab, but wow, get a load of that incoming SPAM


Initially the networks allowed interworking by gentlemen’s agreement and an understanding that it was in everyone’s best interest to just accept and deliver messages.

Until 1999 the UK GM networks did not deliver messages from one network to another, you could only send a text to someone on the same network. They started exchanging messages between networks very reluctantly.

Smart TVs riddled with DUMB security holes


amusing smart TV hack

Travis Goodspeed described an amusing smart TV hack in one of talks (it's on youtube).

The TV can load firmware updates from a USB stick. It only accepts updates signed by the manufacturer. It reads the file once to check the signature then again to load it into the TV. A little microcontroller board emulating a USB stick that sends different data the second time makes it possible to load alternative firmware.

Personally I feel no desire to buy a TV anytime soon.

Raspberry Pi puts holes in China's Great Firewall


PPTP usually uses MS-CHAP authentication so in most cases the encryption is breakable with modest effort.

Perhaps PPTP is sometimes allowed because they prefer to watch what people are doing over it instead of blocking it.

Marks & Sparks accused of silently bonking punters over the tills


it isn't radio waves

To be pedantic about the physics the communication between the terminal and card isn't a radio wave, it's a high frequency magnetic field. It's radio frequency but not a radio wave in the sense of a propagating electromagnetic wave.