In the year 2017, Eugene Kapsersky was ask to apper before a US congressional committee to answer questions about his anti-virus software.
He requested an expedited visa to enter the USA, which was denied.
54 publicly visible posts • joined 28 Apr 2011
In the year 2012, ICANN allowed anyone who could pay a $185,000 fee to apply to be given control of a new Top Level Domain of their choice.
Microsoft corporation applied for the dot Microsoft TLD and was granted it in the year 2015.
A load of new GTLDs were created. Keeping a TLD alive costs at least $50,000 a year for ICANN fees and servers so some of them have lapsed.
ICANN currently plan to reopen applications in the year 2026.
If more than one entity want a particular TLD, if a TLD is controversial or if there are existing trademarks then the application process can take many years.
It is more complicated than that.
It depends if the USB device has a unique serial number.
If a USB device does not have a unique serial number then the OS can't tell apart two identical devices.
You could have two identical printers or USB to serial converters or whatever connected to one PC.
Giving each device a unique serial number slightly increases the manufacturing cost so manufacturers often don't bother.
Around the year 1989, I recall the high school computer studies teacher occasionally sending a whole class to search two three-story buildings to find where the network coax was disconnected.
Each classroom had a thick coax drop with a PL259 plug and SO239 socket that was normally linked through but could be connected to an RM nimbus 80186 computer on a sturdy metal desk on wheels.
It is expected to be at an altitude of between 465 km and 500 km.
That means that from where you happen to be on the earths surface it will be above the horizon and in radio range once or twice a day for 30 seconds to a couple of minutes depending on how close to you it gets, how high up you can get your antenna and the terrain around you blocking some of your view of the sky.
TP-link made two models of USB bluetooth adapter, the UB400 and UB500, which use the same MAC address for each model device.
These are little black adapters that plug into a computer and can be paired with whatever bluetooth keyboard and mouse you have.
You can have a UB-400 and a UB-500 in the same room, but not two UB-400's or 500's
This reminds me of the case of an aspirating smoke detector.
Rooms containing important equipment often have a smoke detection system where some air is collected by some red pipes running across the ceiling. Sometimes insurance companies will charge less if one is installed, as they can give an early warning of something smouldering.
The main unit, on the wall outside the room, has a filter that has to be changed every year or so.
They are often installed by a fire alarm man who was sent on a one day course, three years ago.
One system was showing errors that the fire alarm man could not figure out and the fire alarm company eventually got someone from the distributor to come and have a look. He immediately diagnosed that the screws in the main unit were not done up tightly enough.
I'm still displeased about the many "I'd like to add you to my professional network" emails
I received a decade ago, sent from Linkedin servers with forged From: addresses and a fake
message that appeared to be from someone I may have exchanged email with once.
The $13 million they paid to settle a lawsuit about that is annoyingly nothing compared to the $26 billion Microsoft paid to buy them.
I find it sad that hoping the general public will choose to stay away from evil companies just does not work.
I still won't buy anything from Sony because they put bad software on audio CD's twenty years ago, their $80 billion in yearly revenue suggests that they won't notice.
The statistics seem mildly bad to me.
A few days ago, infections were about half alpha variant, half delta variant. The delta variant seems to spread more rapidly.
https://www.gov.uk/government/publications/covid-19-variants-genomically-confirmed-case-numbers/variants-distribution-of-case-data-16-july-2021
Page 39 in this report says that two does of vaccine are 79% effective at protecting against the delta variant
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1001354/Variants_of_Concern_VOC_Technical_Briefing_17.pdf
After initially giving an incorrect statistic, the chief scientific adviser says that 40% of the people who have been admitted to hospital have had two doses of vaccine.
To me, it seems that the numbers indicate that filling stadiums and concert halls with people is still going to result in lots of infections in people who go home to places all over the UK. Vaccination reducing the chance of transmission by a factor of five is not enough.
BT recently pushed new firmware to "Smart Hub 2" internet boxes.
It broke communicatioms between devices on the 2.4GHz and 5GHz wifi bands.
I have the log from one Hub2, it took a little over a month from BT saying that they had a fixed version of the firmware until it was actually pushed out to the box. An old wifi access point as a workaround is still plugged in at that office.
Here is an interview where Andrew Lee talks about some blockchain authentication thing called "handshake".
The plan is said to be to "airdrop" tokens on to open source communities, starting with some web-of-trust thing, Freenode and github users who contribute to open source.
http://www.hashedpost.com/2018/11/hashed-people-handshake-co-founders.html
They are competing with ORBCOMM who have fifty low-orbit satellites and are well established
ORBCOMM have near worldwide coverage, though client devices that are down in a valley may only have a connection sometimes when a satellite is overhead.
I expect this lot is capable of carrying a bit more data than ORBCOMMs typical 6 to 30 byte messages.
The Oneweb satellites are 750 miles up. GPS satellites are 12500 miles up. The footprint is much smaller.
With 31 operational GPS satellites then from the earths surface a GPS receiver occasionally sees seven satellites at once.
So your claim of 80 LEO satellites giving twenty in view seems obviously wrong to me but I'v never played Kerbal space program.
The oneweb satellites, due to their low altitude, can stay in orbit for 5 to 7 years, then they would need replacing (if this ludicrous plan is attempted). Ok, Elon is doing cheap launches but it's still a large ongoing cost.
The oldest operational GPS satellite is 23 years old and the reserve satellites are up to 27 years old.
I very much doubt that they could get it to work in any useful way within the lifetime of the current satellites. Or several more batches.
GPS generally needs to have three satellites in view in the sky.
An FT article suggested that 80 satellites could be fitted with positioning equipment. The low orbit means that having three satellites in view would only happen now and again.
I can't see any rich lunatics coming along to fund the other 80% of oneweb. Starlink is far ahead. Softbank has already wasted a couple of billion on Oneweb and decided not to continue.
Moxie Marlinspike, known for signal messenger and entertaining blogging about ocean sailing, has a bit of history with Gandi.
Marlinspike make a browser plug-in that anonymized google searches. Ghandi broke it by cancelling the SSL certificate without warning.
A decade ago he found that they accepted null characters in SSL certificates, allowing the issue of certificates that some browsers accepted as being for someone else's website. Ghandi locked his account without warning and customer service later told him he was personally banned.
When the certificates were approaching expiry Ghandi sent him emails suggesting renewals, with links that worked to renew the certificates
El reg passim links
https://www.theregister.co.uk/2010/04/05/googlesharing_cert_revoked/
https://www.theregister.co.uk/2009/07/30/universal_ssl_certificate/
This was a deliberate choice, someone could run a program that looks like the normal login screen which actually steals usernames and passwords. Ctrl-alt-del can't be intercepted by a user-mode program.
Larry Osterman wrote a blog post about this in 2005.
https://blogs.msdn.microsoft.com/larryosterman/2005/01/24/why-is-control-alt-delete-the-secure-attention-sequence-sas/
So much horror in the blog.
A minor IT aspect: The system ran on Windows NT until 2010 (according to Nick Wallis in a BBC interview), five or six years after the end of extended support for that OS,then after a 2015 deal with IBM collapsed it was upgraded to windows 8 (according to computer weekly)
If it was locked down and firewalled appropriately then that may not have been particularly risky, and the upgrade cost would have been huge, but it's not exactly confidence inspiring.
Big lead-acid batteries, as used in large UPS systems, are really heavy.
A person who routinely tried to cut corners, usually resulting in aggrieved customers and the rest of us having to do much more work than it would have taken to do things properly the first time, borrowed a milk trolley, a five foot tall metal cage on wheels, loaded it with about 150KG of batteries, got it going down a slope at speed then ran over his own foot.
His broken toes caused him a lot of pain for a while but did not improve his attitude.
I think Microsoft overpaid for github. Microsoft appears primarily driven by a desire for revenue these days.
I consider it very likely that in the next three years some big change will be made at github and people won't like it. I don't know what it will be but some middle manager or bean counter is going to come up with something that he hopes will get him a promotion.
Long term there is a good chance of it being as independent as hotmail now is.
I'm reminded of the launch of WAP phones twenty years ago. At the time, I found it baffling that Cellnet spent very large amounts of money on something that a typical person played with for ten minutes and concluded was rubbish and too expensive.
I have since accepted that it is just a normal consequence of human nature that the people in charge of things are usually clueless nitwits.
There is an interesting paper on the subject of the link between the cost of wine and how much people enjoy it when they don't know how much it costs.
"In a sample of more than 6,000 blind tastings, we find that the correlation between price and overall rating is small and negative, suggesting that individuals on average enjoy more expensive wines slightly less."
Link to the paper:
Do More Expensive Wines Taste Better? Evidence from a Large Sample of Blind Tastings
Since 2012 it has been my opinion that only wildly impetuous people set up bitcoin exchanges.
It was highly amusing to read about for years, I lost interest a while back.
I recall Amir using his personal bank account to operate Britcoin. The days when mtgox frequently fell over quite often, if Karpeles was asleep people on the bitcoin IRC channel would call his mobile phone until he woke up. He appeared to do no testing of changes to his software before making it live.
I recall the Polish exchange that disappeared one day, the young men running it tried to increase the RAM on the single virtual server it ran on and accidentally reinstalled it. They had no backup and the private keys for about a hundred thousand BTC were lost. They went silent for a couple of weeks, when they reappeared they claimed they had got drunk for a few days when they lost hope of recovering the bitcoin.
Several hacks of bitcoinica, culminating in the time the source code was deliberately released but contained an important password which was rapidly used to steal the bitcoin.
Nefario setting up his own stock market and being genuinely surprised when he got some legal advice and was told that there are lots of regulations that he should have been following.
There was the exchange that thought they were super secure because only a few laptops could access the servers. The laptops had windows, microsoft office and skype installed. A staff member accepted a document from a phisher on skype and ran it with macros enabled, bye bye bitcoin.
The risks, difficulties and regulatory uncertainty mean that only wildly impetuous people set up bitcoin exchanges resulting in bitcoin exchanges being run by impetuous people who commit terrible blunders and try to keep going.
If you want to store some bitcoin and conclude that keeping it in an exchange account or wallet run by someone else is a terrible idea then running bitcoin software yourself seems like quite a hassle. You need to figure out which version of the software to use if there is currently a battle between different factions over block size or something then download, verify (days of 100% cpu) and store 200GB of blockchain. If you want to receive some BTC and you have not run your software for a while then you may have to wait hours for it to get recent blocks.
I personally find the Ubuntu graphical user interface to be infuriating and laggy. I have installed various versions of ubuntu on virtualbox, KVM and an old desktop and had problems with the display not redrawing properly. Debian with XFCE works and does not annoy me so that is what I use.
On an older version of Ububtu on the old desktop I use for testing unplugging a USB keyboard repeatable caused xwindow to crash.
I know a couple of people who think Ubuntu is great, maybe it's just me.
Am I the only one cynical enough to think that persistent memory is inevitably going to lead to situations where you power the computer off and back on and it remains stuck in an unintended dysfunctional state?
I'm sure they are unusual cases where it is really useful, I just can't see it being worthwhile for typical computer use.
I'v read the slashdot interview with McAfee where he talked about smuggling drugs through south america, I'm still in awe of his tweet about entering a whale F%!$ing contest but he has topped that now. Failing to defend a civil lawsuit in the USA is the most impetuous thing he has done so far.
This reminds me of the year 2000 Hope conference at the Hotel Pensylvania in New York City.
The phone company circulated a memo to their employees warning about hackers in town.
Conference organiser Emmanuel Goldstein kicked off the social engineering session by telephoning the telco security person who issued the memo and asking about it. After a minute or two the teleco person said something like "I'm not seeing you on the list of employees.."
According to Goldstein the hotel management later got a call complaining that H2K people where trying to hack their mainframe and took it to mean that someone was physically breaking into telco equipment with an axe.
Google security researcher Tavis Ormandy just discovered a load of security holes in code used in Norton antivirus, Symantec Endpoint (All Platforms), SMSME, SSE and probably other products of the "when your antivirus scans a file from email/web/usb-stick software in the file can get running on your machine with full privileges" variety, thus making your machine more vulnerable than it would be without security software.
Sadly this is not going to affect their business.
i seem to recall that around twenty years ago someone found a way to get thunderbyte antivirus to run code from a file that it was scanning, it's not a new problem. Almost nobody is able to usefully assess security software or pays any attention to it's problems. In a rational market McAfee (now Intel security) and symantec would be out of business instead of making billions.
CVE assignments is easily a full time job for a couple of people if they are cranking them out with very little verification.
There were about 6000 issued in 2015. (the highest numbered is CVE-2015-8822 but they didn't use some numbers).
Just weeding out duplicates, invalid reports, trolls and jokes and publishing a coherent summary will easily take an hour each. That is nowhere near enough time to actually install some software and see if a bug is real.
Raymond Chen of Microsoft, blogging as OldNewThing, complains that Microsoft get a lot of invalid security-hold reports that can be summed up as "if you already have admin privilege you can do blah".
People with enough knowledge to do anything beyond saying "Eh, sounds plausible, have a number" are uncommon and can be out earning money.
I am doubtful about them getting enough volunteer labour to replace the work of Mitre corp.
There is an open source clone of slack called mattermost. It's seems ok, I'v spun it up and played with it for half an hour. I got no futher because the standard way of using it seems to be to use docker. I havn't had the enthusiasm to spend a day learning docker yet, I would have no idea how to fix the mattermost container if it just stopped booting, how to keep it backed up and patched.
Slack costs hundreds of dollars a month for a couple of dozen users. The cost is high enough that getting someone to set up mattermost is a reasonable alternative.
Initially the networks allowed interworking by gentlemen’s agreement and an understanding that it was in everyone’s best interest to just accept and deliver messages.
Until 1999 the UK GM networks did not deliver messages from one network to another, you could only send a text to someone on the same network. They started exchanging messages between networks very reluctantly.
Travis Goodspeed described an amusing smart TV hack in one of talks (it's on youtube).
The TV can load firmware updates from a USB stick. It only accepts updates signed by the manufacturer. It reads the file once to check the signature then again to load it into the TV. A little microcontroller board emulating a USB stick that sends different data the second time makes it possible to load alternative firmware.
Personally I feel no desire to buy a TV anytime soon.