* Posts by TJ1

120 posts • joined 16 Jun 2011


Here's a list of the flaws Russia, China, Iran and pals exploit most often, say Five Eyes infosec agencies


It's in the name!

So, if it has "Secure", "VPN", "net", "IP", or "Microsoft" in the name don't trust it !?

Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away


Re: Remind me please

Being regularly pi^h^rained on ?

If your internet wobbled last weekend, you have Vodafone India to thank for it

Thumb Up

Sporting errors...

"...should have been using well-known techniques that stop this sport of error ..."

Irony of Typos :)

NASA's Mars helicopter spins up its blades ahead of hoped-for 12 April hover


Re: Fingers crossed

Someone warn Gatwick airport so they don't close due to 'reports' of UFOs!

After ten years, the Google vs Oracle API copyright mega-battle finally hit the Supreme Court – and we listened in

Thumb Up

And the winner is ... Fair-Use (Google)

Decision: https://www.supremecourt.gov/opinions/20pdf/18-956_d18f.pdf

‘Radiation upset’ confused computers, caused false alarm on International Space Station


Has somone been taking...

... the piss?

You wouldn’t know my new database, she goes to another school: Oracle boasts of earthshattering tech the outside world cannot see


Re: autonomous database definition

But is it level 5 autonomous fully self-driving or more like a possibly-level-2-but-take-your-eyes-off-and-it-crashes ?

I'd guess the latter!

Intel's SGX cloud-server security defeated by $30 chip, electrical shenanigans


OS updates often do apply microcode updates

At least on most security-conscious Linux distributions, microcode updates are applied early in the boot process; usually they're prepended to the initial ramdisk image (initrd.img) or equivalent and installed by the kernel, or earlier by GRUB with an additional "initrd /boot/microcode.cpio".

Debian and derivatives have packages intel-microcode and amd-microcode.

Post Office coughs £57.75m to settle wonky Horizon IT system case


Re: What was the ping fix?

This transcript of the trial [0] seems to show the Ping Fix was a correction to the Horizon system involving reconciling of Camelot/Lottery transactions which originally were not handled by Horizon - the Ping Fix is apparently the addition of functionality to Horizon that relies on data provided by Camelot but still didn't get it right:

"PG so lottery and paystation weren’t part of the original Horizon design and that introduced the pre-PING issue of mistakes between terminals and post-PING it introduced the issue of dodgy TAs and integrity of the datastream?

AB yes"

From that transcript it seems like originally the Camelot/Lottery transactions were reconciled almost manually at PO HQ and in doing so introduced lots of errors, and after the Ping Fix were/should have had Transaction Corrections (TCs) but those often did not receive Transaction Acknowledgements (TAs) or TCs and TAs were applied in error - the meaning of the acronyms is not spelt out there so I may have those wrong..

Sounds to me like the whole mess was due to transactions from branch A being mixed up with some other branch due to the poor system integration and reconciliation of transactions.

"AB confirms the situation of really important transaction data (as wrt to this last example) not appearing on Credence and ARQ logs (relied on in court by the Post Office to prosecute Subpostmasters) has not yet been corrected"

Overflow or signed integer ID field error anyone?

[0] https://threadreaderapp.com/thread/1107591068974047235.html

After four years, Rust-based Redox OS is nearly self-hosting

Thumb Up

Re: 3 seconds boot time?

Many times slow boot (or more accurately, time to reach "graphical.target") is due to waiting for the "network-online.target" which will only be reached on most laptops once the/a WiFi network is found and connected.

This is usually a side effect of configuring a Network Manager (WiFi) connection to be available to all system users which causes it to be brought up before desktop log-in is reached.

However, for the more general case systemd provides useful tools for identifying where boot-time delays occurred:

systemd-analyze critical-chain

systemd-analyze blame

By default these assume "--system" but with "--user" the user session start-up can be analysed separately.

"critical-chain" is the most useful when one service is delaying others, such as when waiting for a network connection to become available. The numbers show the @when and the +duration of each unit. E.g: on my laptop it takes +5.649s for the WiFi connection to be established:

graphical.target @11.614s

└─multi-user.target @11.614s

└─kerneloops.service @11.579s +34ms

└─network-online.target @11.570s

└─NetworkManager-wait-online.service @5.919s +5.649s

└─NetworkManager.service @5.419s +403ms

└─dbus.service @5.158s

└─basic.target @5.091s

(Bug alert: seems like ElReg's CODE and PRE tags do not preserve layout - the above should be indented and each line shouldn't be wrapped in P tags)

As always

man systemd-analyze

details many more useful reports and visualisations of the boot process and how to interpret the output.

Christmas in tatters for Nottinghamshire tots after mayor tells them Santa's too busy


"Lies to Children"

Should have told them about the Hogfather. Brings back warm memories of Discworld. Thanks PTerry.

Dammit Insight! You just had two big jobs to do on Mars and you're failing at one of those


When the Martians won't give you the finger...

... and that's all it needs on top of the HP³ to give gravity a boost.

You better get a wiggle on then: BT said to be mulling switching off UK's copper internets by 2027

Thumb Up

BT dig up copper before thieves do!

Reports suggest spending £30 billion - that is the ball-park of what most experts believe the cost of delivering Fibre To The Premises nationwide would likely be.

According to reports in 2014 when the Government was first consulting on switching off the analogue network, and later in 2018 when BT/Opereach began consulting about withdrawing the Wholesale Line Rental (PSTN) products in favour of VoIP [2]:

"Most of the telephone network is owned by BT, some 75 million miles of wire, worth between £2.5bn and £5bn according to a 2011 estimate by Investec bank"

There was disagreement by BT at the time over the original Investec estimate that the copper could be worth £50 billion so it isn't clear what the current value is but it looks like, if it can be extracted cheaply, it could fund part of the switch to a full fibre diet, err, network!

Let's not knock the target - if it transpires BT/Openreach does want to rapidly convert to a full-fibre network (finally) including rural areas - cheer them on, even if the reality is it cannot be delivered to an unrealistic timetable; once the ball is rolling it is going to gain momentum.

As someone on the end of 2km of (quality) copper with VDSL hovering around 10Mbs/0.9Mbps I for one welcome the fibre overlords!

Cali court backs ex-Apple engineer who says he invented Find My iPhone and Passbook


Re: Prior Art

The way I read it Apple are claiming there was prior art *from within Apple* to show that other employees had already done what Eastman is claiming he invented.

WTF is Boeing on? Not just customer databases lying around on the web. 787 jetliner code, too, security bugs and all


One Network to Rule Them All

And we can believe Boeing are 100% correct both in hope and via proofs and evidence because...?

... of how bug-free the Maneuvering Characteristics Augmentation System (MCAS) has been proved to be?

Train maker's coder goes loco, choo-choo-chooses to flee to China with top-secret code – allegedly


Device(s) cloned by immigration/customs at O'Hare?

According to the indictment:

"j. On or about November 18, 2015, defendant YAO travelled from China to O'Hare International Airport in Chicago, Illinois. At the time, he had in his possession over 3,000 unique electronic files containing Company A's proprietary and trade secret information, including nine complete copies of Company A's control system source code and the systems specifications that explained how the control system source code worked."

Unless Yao was arrested at O'Hare how is this known unless Yao's devices were cloned and the images later inspected ?

Or is this sleight-of-hand wording to imply Yao was carrying those documents through the airport? Note the indictment uses the term "in his possession" which isn't the same as "carrying" - potentially all this means is Yao is alleged to still have copies of those trade-secret documents after ceasing to be employed by Company A. It could be this wording is being used to satisfy the 'inter-state' requirement for bringing charges.

Amazon: Carbon emissions from our Australian bit barns aren't for public viewing


Profit Margins

I agree with others that this data should be published, but in terms of guessing what Amazon's reasoning is, I'd suspect it might have to do with revealing to its competitors what their energy cost is and therefore, indirectly, what their margins are. Energy is probably the largest ongoing operational expense for a data centre so small differences in efficiencies probably represent several % points of profit margin.

Standards group W3C wins support from all major players to get AI working in the browser

Thumb Up

Great for people with sensory impairment

I work with people with visual and sensory impairment. One of the major problems for these people is that the technology aids designed and made for them are extremely expensive due to high R&D costs and low volume.

The advent of powerful PDAs (you may call them 'smart'phones) has lowered the cost dramatically for many aids (no more need for dedicated devices) and there is work ongoing in university labs and elsewhere to use machine learning to describe the scene the camera can see, including recognising objects, reading labels and signs, and more [0].

Some of this technology is available in dedicated devices that are very expensive, e.g. the Orcam MyEye 2 [1].

If the same technology could be enabled in the browser it would reduce the cost dramatically and expand the areas where it can usefully aid users.

[0] https://www.microsoft.com/en-us/research/product/soundscape/

[1] https://www.orcam.com/en/myeye2/

Oh Snapd! Gimme-root-now security bug lets miscreants sock it to your Ubuntu boxes


Snaps from L. Poettering ?

Snaps (snappy) is developed at Canonical, and originated for the now-defunct Ubuntu Phone.

Unless I missed something L. Poettering works for Red Hat and has never been a developer of Snappy/snapcraft.io/snapd et al.

The *idea* is a reasonable one - for an OS that uses system libraries that are not compatible with some application, make it possible for the application developer to publish, at will, a blob that contains all the required dependencies, and isolate it from the host OS to limit opportunities for compromise.

The bigger the delta between the host OS and the application though, the more needs to be included in the blob.

In your particular case "just a media player" is a vast under-appreciation of VLC. It needs all the plugin libraries, and the libraries they depend on, possibly down to libc itself.

I would assume the snap has to ship almost all plugins rather than them being able to install on demand as the Host OS can do, so you'll end up with that is effectively another OS image.

The typical dependency tree for 'vlc' on a Debian/Ubuntu/Mint system (even ignoring Recommends: and Suggests:) is 5,700 packages! Here's the rough calculation:

$ apt-cache depends --no-suggests --no-recommends --recurse vlc | egrep 'Depends:' | cut -d: -f 2 | sort | uniq | wc -l

London Gatwick Airport reopens but drone chaos perps still not found


New info from Police Dec 29th

Sussex Chief Constable today tells us that two drones that have been found in the area have been ruled out of the investigation and there were 115 reports of drone sightings with 92 from apparently credible witnesses.

Oh, and the Police were flying their own drones in the area which could be what some witnesses reported.


The only thing stacking up here is the holding pattern

Am I missing something or do the reports and reactions of the airport not stack up?

Originally we're told there were sightings of drone(s) at 21:03 on Wednesday. Then the further night-time reports (both sets of reports apparently from airfield personnel) So, rather dark. Being able to see and identify a drone would require it to be extremely close. Otherwise its just "lights in the sky moving in what appears to be a controlled manner".

As a result the airport shuts down air operations.

The 'reported sightings' in daylight don't add any clarity - many may well be false and/or mis-identified reports due to people being primed to expect 'drones'.

Then this further - at this time apparently 'unconfirmed sighting' according to the BBC's report of the police statement - sighting Thursday, again after dark, and the air operations shut down again.

The reaction seems like extreme over-reaction unless those in charge at the airport know something we've not been told. It's almost as if they had something in mind when 'drone' was reported and were reacting to that - e.g. possibly a prior threat to attack an aircraft with drones that was thought to be a hoax, so when a 'drone' is apparently detected they react to the prior threat, not this sighting.

The reason I suggest this is we've had previous alleged near-misses and drone sightings by pilots and ground staff at various arifields across the world and not one of them has shut down air operations like this - so why is Gatwick reacting differently?

GCHQ pushes for 'virtual crocodile clips' on chat apps – the ability to silently slip into private encrypted comms

Thumb Up

End-to-End and Open Source

This is where open-source and end-to-end encryption strengths really lie.

Open-source means experts in the field have the ability to test via reproducible builds that any binaries match the source code, and that the source code does not allow unauthorised parties.

End-to-End encryption and Perfect Forward Secrecy (correctly implemented) can properly protect against a communications provider (MITM) being able to add a party to the 'conference'.

US Republicans bash UK for tech tax plan


Nice to see the Special Relationship in action...

... roll on leaving the EU so the UK can negotiate a wonderful free trade deal with the USA.

Hubble 'scope gyro drama: Hey, NASA, have you tried turning it off and on again? Oh, you did. And it worked? Cool


Someone left the ash tray open...

... in that SpaceX Tesla Roadster.

It's all that space junk I tell ya!

Smartphone SatNavs to get centimetre-perfect GNSS receivers in 2018


Aiming for (semi-) autonomous vehicles?

Sounds like this is the kind of back-up data source that would aid many quasi-autonomous driver assistance systems.

If it is accurate enough to differentiate lanes, or even possibly lane-drift, it could act as a component of the position awareness/warning system. Think of drivers allowing the vehicle to drift due to being distracted, dozing, arguing with kids in the back, etc.

If we're heading for a world of 'connected' vehicles (in the sense of each transmitting its position and velocity to the immediate surroundings) it also offers options to prevent driving too close to other vehicles even in conditions where LIDAR, cameras, and other sensors become unreliable.

Get orf the air over moi land Irish farmer roars at drones

Black Helicopters


By the Irish legal logic surely a Clay Pigeon is also an "aircraft" (at least temporarily) so if Mr Farmer just happens to be out shooting clays with his shot-gun he can't be blamed if a drone flies into the field of fire, now can he?

Supermicro boasts of secret super server Silicon Valley win


Whose DC is it - Intel's maybe?

Intel's formerly vacant chip fabs in Santa Clara [0], maybe? There's an Intel white-paper describing their high density sub 1.07 PUE design [1].

Nuclear because their hot aisles can reach 54 degrees Celsius.

[0] http://datacenterfrontier.com/intel-data-center-new-heights-efficiency/

[1] http://www.intel.com/content/dam/www/public/us/en/documents/best-practices/intel-it-extremely-energy-efficient-high-density-data-centers-paper.pdf

Bits of Google's dead Project Ara modular mobe live on in Linux 4.9


Virtually Mapped (kernel) Stacks

CONFIG_HAVE_ARCH_VMAP_STACK: this is a great addition. Initially for x86 but hopefully the other architectures where this is possible will follow suit sooner rather than later.

For those not understanding its purpose or operation - it is simply using the virtual memory mapper to allocate pages of memory for the stack of each kernel task and including guard pages either end so that any stray writes can be detected and contained almost as soon as they happen.

[0] http://lwn.net/Articles/691631/

BBC to demand logins for iPlayer in early 2017


Is this a breach of the BBC Royal Charter?

So before we can consume networked BBC iplayer content we have to enter into an additional contract involving the exchange of our (valuable) personal data?

<sarcasm> Will the over-the-air broadcasts refuse to decode if we don't provide the same data to those 'smart' TVs and radios? </sarcasm>

It seems like the iplayer content is no longer 'free'. How does this square with the BBC's current charter which says:

13. No charge to be made for reception of the UK Public Services and associated content.

(1) The BBC must not charge any person, either directly or indirectly, in respect of the

reception in the UK, by any means, of—

(a) the UK Public Services

It is arguable that requiring personal data as a condition is a (direct or indirect) charge in that the BBC requires valuable information (if it was not of value to the BBC there would be no reason to ask for it).

She cannae take it, Captain Kirk! USS Zumwalt breaks down


Weapons: 750 x 155mm shells, 2 launchers, 154km range

It's a few things but the 155mm launchers are a 'traditional' naval gun platform, although looks like another application of asymmetric warfare.

It's ironic that for general navigation and interaction with civilian vessels they are going to have to hang damn great RADAR reflectors on the sides so that other vessels can 'see' it!

'Neural network' spotted deep inside Samsung's Galaxy S7 silicon brain

Thumb Up

Linux kernel does branch prediction weighting

Linux kernel has the macros LIKELY and UNLIKELY [0] which causes the compiler to arrange conditional jump instruction destinations so as to favour the branch predictor.

[0] https://kernelnewbies.org/FAQ/LikelyUnlikely

UK IT consultant subject to insane sex ban order mounts legal challenge


Exercise the SRO

Seems like one man can now tie up the entire resources of the Yorkshire constabulary by simply continually informing them daily or even hourly of his intentions to have "sexually explicit conversation", then talk to Siri or whatever other AI is out there, or even the speaking clock (if it still exists!).

Time to re-file your patents and trademarks, Britain


Re: 'EU' -> 'UK' -> 'K'

Sure have!

Currently: The United Kingdom of Great Britain and Northern Ireland

After Scottish Independence: Little Britain and Northern Ireland

After N.I. Border Poll is triggered and results in 'unify with Ireland' : Little Britain

As US court bans smart meter blueprints from public, sysadmin tells of fight for security info


Forget the 'terrorist' straw man, it's far worse...

... remote controlled so-called 'smart' devices connected to a publicly accessible communications network (whether Internet, cellular, or dedicated radio-frequency access) is an open invitation for script kiddies, malcontents, and probably a new pastime for the 'swatters'.

Imagine arriving home every day to find fridge and freezer contents mysteriously spoiled, HVAC not working, security systems knocked out, and so on. Imagine if you rely on a home kidney dialysis machine, breathing support device, or other mains reliant medical device.

If there are any systemic vulnerabilities in these devices that can be exploited using a shotgun approach it has the real potential to cause extreme aggravation and hardship to thousands of homes and possibly injury or death.

Yay for 'smart' meters ... just like 'smart' phones that have forgotten what the telephone experience should be like, 'smart' televisions that become moronic if the Internet connection drops, 'smart' books that delete themselves, and 'smart' web-sites that are unable to render basic HTML without a full-blown Turing Complete executable code environment!

German boffins smash records with 37km wireless spurt at 6Gbps


"enough to transmit a DVD" - Teleportation German style!

... but do we have to stand under the dish to catch them or are they deployed as bird scarers?

Google-backed Yieldify has acquired IP from ‘world’s biggest patent troll’


TLDR: need leverage to spin settlement out of copyright/patent infringement

Yieldify's series A funding of US$11.5m was jointly from Google Ventures *and* Softbank.

This isn't a Google-owned company.

Bounce Exchange (am I the only one keeps calling them BouncyCastle!?) have sued for Copyright infringement in New York and Patent infringement in Texas. They allege the Yieldify (this is a trading name of Zeus Enterprise Ltd.) directors/founders attended a demonstration of the BouncyCastle software and later ripped off the code.

Just this week Yieldify laid off 10% of its work-force and announced a new 'senior management team'.

It looks very much like the company is trying to find some bargaining leverage to reach a settlement with Bounce Exchange rather than go to trial and they believe this patent is the ammunition they need.

In the original New York suit part of Yieldify's defence reads:

"in March 2013, Mr. Jay Radia, Defendant's Chief Executive Officer, and Mr. Meelan Radia, Defendant's Chief Technical Officer, met with representatives of Plaintiff. At that meeting, Plaintiff demonstrated certain public-facing aspects of its behavioral marketing automation software. Plaintiff did not reveal any confidential information to Defendant, and did not show Defendant any of its source code, either at this meeting or otherwise."

I call that downright disingenuous and designed to mislead non-technical (legal) people.

The code at issue is client-side Javascript, so Yieldify or anyone else could easily copy Bounce Exchange's source-code without it being 'revealed' by them.

All it requires is to visit a web-site that uses Bounce Exchange's service to have the site send the source-code as an integral part of the HTTP request.

Amazingly, the Yieldify web-site states the legal entity is "Zeus Enterprises Ltd" but it is actually "Zeus Enterprise Ltd" (Co # 08037124) - OK, it's a small typo but you'd think they'd get the basic legal title correct, and it's repeated throughout their Privacy Policy and Cookies Policy.

Microsoft half-bricks Asus Windows 7 PCs with UEFI boot glitch


Seem to be missing some critical information

If the mobo has Secure Boot enabled, that infers it'll boot in UEFI mode, which implies either an entry in the firmware's boot menu, or the boot device has a removable media (simple) boot path loader at /EFI/BOOT/BOOTx64.EFI in an EFI System Partition, and that the boot-loader has a signing certificate indicating it was signed by a key trusted by a Certificate Authority embedded in the firmware.

It sounds as if the Asus firmware is doing something that isn't in the UEFI specification - namely when Secure Boot is enabled it isn't actually enabled so much as *optional* - if the initial boot-loader stub it reads doesn't have a signing certificate attached the firmware will boot with Secure Boot disabled.

If the MS KB3133977 update contains a boot-loader that is signed that would trigger Secure-Boot mode, but when the next stage is loaded and is found not to be signed it throws the reported error.

If this is correct then the Asus firmware could very easily mislead a user into believing a Secure Boot happened with an OS that does support Secure Boot when it didn't - any malware or physical intervention could replace the initial EFI stub with an unsigned version and the system would boot without a warning.

I hope this hypothesis is proved wrong else that's a big security FAIL on Asus' part.

If you're interested in the attack vectors I recommend reading this Intel & Phoenix "UEFI Secure Boot in Modern Computer Security Solutions" paper [0] and footnote 1 on page 7 and its reference 21 link to the Blackhat USA 2013 paper "A Tale of One Software Bypass of Windows 8 Secure Boot" [1].

[0] http://www.uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf

[1] http://www.c7zero.info/stuff/Windows8SecureBoot_Bulygin-Furtak-Bazhniuk_BHUSA2013.pdf

Japan's Hitomi space 'scope bricked, declared lost after software bug


Good to see DevOps in Space!

Now we know why El Reg has been pushing DevOps so hard... they reckon it's rocket science!

Linux greybeards release beta of systemd-free Debian fork


@jerky_rs read the documentation

systemctl status --state active

systemctl list-sockets

systemctl list-dependencies ssh.service {--before | --after}

journalctl -u ssh.service

systemd-analyze {critical-chain | blame}

systemd-analyze dump

As an employer of admins for over 30 years if those admins can't be bothered to read the documentation, in man-pages or other forms, then I consider them remiss in the *most* important skill any admin should be using constantly.

When something isn't familiar you read the documentation, explore the commands themselves, do some lab-work, and become familiar with the tools.

systemd in particular has provided some excellent consistent tooling for gaining insights into service state, configuration, dependencies, resources and more.


Problems with Systemd and Pulseaudio

I find the technical design, configuration flexibility, single syntax, and tooling for analysing configuration and actions to be far superior to the alternatives especially on more complex systems.

I say that as someone who was originally set against accepting systemd at all and resisted it for a long time.

I've come to discover that in the main the problems attributed to systemd are more due to distributions adopting it before it is ready to take over the duties of other daemons, in that it hadn't reached feature-equivalence with the disparate services it extinguished.

Pulseaudio suffered the same way - it was introduced by maintainers before its features were complete for many mainstream use-cases, even though it was doing more sophisticated things without user intervention (I recall one such being automatic up/down sampling to match bit-rates for sources and sinks). In the case of Pulseaudio many people tend to forget that before it arrived the ALSA tooling it replaced didn't support multiple applications using the sound output at the same time, and that issue was a very big cause of desktop user bug reports and complaints.

With systemd one example is not supporting key-files for encrypted file-systems but it replaces the working cryptsetup scripts. That's something the distro maintainers could avoid by not including the systemd-cryptsetup service.

The reasoning behind the missing feature is technical perfection. There have been several pushes to add functionality but Lennart has held out against band-aid solutions and wants a once-and-for-all design which utilizes the kernel key-ring for handling the encryption keys.

So part of the problem is systemd-cryptsetup not implementing the full set of what I'd call 'standard' features but the distro maintainers enabling it, therefore causing regressions in user experience.

It is possible for distro maintainers to build only selected modules of systemd so that where features are not yet comparable the original service could remain, but mostly they don't do that.

Docker hired private detectives to pursue woman engineer's rape, death threat trolls


Troll mentality? - a story of abuse

Having been in from before the start of IRC - the first generally available anonymous Internet chat (excluding compuserve et al.) - I've observed this troll behaviour with some fascination, coming to understand or at least rationalise it, since it is an alien mentality to me.

I adopt the "laugh at them" approach, both for attacks aimed at me and at others around me - but just once - then totally ignore the trolling either mentally, or using technical measures (/ignore /ban etc.).

What I've observed is that all troll's *CRAVE* attention and wither away rapidly if they feel they're ignored. Even if you're reacting in the background (logging, tracing IPs, dropping honey-pot URLs into your conversation for them to visit [giving you info about their browser agent]) there should be a total lack of reaction in the troll's eyes.

A few years back my partner ( a man) was subject to escalating abuse that began online with blackmail-style attempts (threats to make allegations to me that would cause distrust in our relationship, etc.).

My partner was hugely upset and depressed by it, adopted what I call the 'victim mentality' and generally playing into the abuser's hands until I became aware and initiated a plan to identify them and put a stop to it.

It rapidly escalated to the real-world, first with poison letters to me, then to getting home visits from random (male) strangers at silly hours of the night who thought they were onto a random sex meet-up!

For the latter we tried to persuade several to provide details of how they had been fooled but most - understandably - were very embarrassed and eager to leave. So much so we recorded their vehicle registration numbers and later passed them to the police.

Due to the personal knowledge it was a reasonably good bet someone who knew us well was responsible so we set a honeytrap web-site and managed to get our primary suspect to visit it. That allowed us to correlate the IP and user-agent with details in some supposedly anonymous emails sent via services that add the SMTP X-Originating-IP header.

That gave us information about the ISP being used which correlated with yet more information we gathered on our range of suspects (from postmarks, etc), and we eventually got a perfect match that confirmed our primary suspect.

With all that information we made a complaint of harassment to the local police. A regular copper dealt with it and couldn't have been more helpful. Although she lacked the technical knowledge she was able to follow our (well organised and explained) evidence and through more technical colleagues rapidly came to the same conclusion as us.

The ISP information we'd gathered turned out to be the suspect's sister's family so when the police called at their house (in another county on the East Coast near Skegness) it of course made the entire family aware. From the sister they obtained the telephone number of the suspect and invited him in for an interview where - we are told - he was a trembling wreck. Presented with the evidence fell apart, admitted it, but had no rational explanation for the behaviour.

He was given a formal caution and a warning that any further contact and he'd be charged and taken to court. The last we heard was one last anonymous message saying he was "goodbye, I'm going to kill myself tonight". That was four years ago and we've not heard anything since.

I theorise it can't have done any harm in the online communities my partner used to hear the story since it marked him as someone to be wary of.

Sorry for the ramble but I wanted to give some confidence to others who may be targets that you do have options, especially if you have, or can obtain, technically literate expertise and a more cunning thought process!

In summary, trolls crave attention, are usually (but not always) meek and retiring in person, and generally have an inferiority complex. Thus, they feel safe to use anonymous mediums to attack people they deem weaker than themselves in an attempt to boost their own ego in their own eyes.

So, laughing at them can send the message "I'm confident and more psychologically strong than you" which lets them know they'll end up loosing so they rapidly loose interest.

If you are subject to such abuse and aren't mentally strong enough to counter it yourself I urge you to ask for help from someone who is and can - but avoid hot-heads that think making threats to the abuser will help in any way. At the least register a complaint (in writing, get an incident number, etc.) with the police to establish a history so if it later escalates it will be dealt with more urgently.

Official: EU goes after Google, alleges it uses Android to kill competition


Google not so astute

This has been so obviously on the cards for a long time; the parallels with the antitrust convictions of Microsoft between 1994-2013 are striking.

I'm just amazed that Google management refused to see this and amend their agreements a long time ago.

If they'd done that and competed on excellence and support for OEMs (including developing a unified patch/update C.I. pipeline) the EU would have been satisfied but the market would in all likelyhood have still overwhelming choosen the Google flavour.

Chinese crypto techie sentenced to death for leaking state secrets


Re: dollar payments

US$ is the de-facto alternative currency in many if not most countries due to its status as a reserve currency.

Moon miners book Kiwi rockets for 2017 lunar landing


It will then use hydrogen peroxide fuel...

... and if that fails at least it'll not have a bad-hair day.

UK authorities probe 'drone hitting plane at Heathrow'


Kepp those A320s out of our airspace!

How dare those airlines fly their large heavy dangerous airplanes into our small, light, perfectly 'armless remote controlled kids toys - won't somebody think of the children!?

CEO meeting fails to resolve Oracle-versus-Google java case


Re: Nuisance suite

You've got confused over the GNU GPLv2 issue and several of your statements are wrong.

The Java library code the Android Inc. company (later acquired by Google) used was Apache Harmony [1] under an Apache License and Android was originally a derivative of Harmony after they ditched the idea of using Java Mobile Edition (ME).

Dalivk was *not* a derivative of Java, it was a clean-room implementation of a virtual machine using a register-machine architecture and its own byte-code. Compiled Java class files have to be converted to the Dalvik DEX format.

The disputed code in the Oracle vs Google case was code developed directly by Google [2], not from Apache Harmony, but the API dispute is in regard to the sub-set of the entire Java SE API from Apache Harmony that Android Inc., originally adopted.

Android has now switched to the OpenJDK GNU GPLv2 licensed implementation.

Regardless of where concepts originate, the copyright exists in the *implementation* itself.

Oracle do *own* the Java API, by virtue of their purchase of Sun Microsystems. Copy-left licenses do not give away ownership, they give rights to distribute and receive source-code which otherwise would not exist.

In the U.S.A. the Federal Circuit Court of Appeals (the 'patent' circuit) has decided that APIs are subject to copyright and has remanded the issue back to the trial court for a new trial where Google's primary argument will presumably be that the Harmony/Android implementation was "Fair Use" [3].

[1] https://en.wikipedia.org/wiki/Apache_Harmony

[2] http://www.theregister.co.uk/2010/11/01/oracle_hits_google_with_code_copying_claims/

[3] https://en.wikipedia.org/wiki/Oracle_America,_Inc._v._Google,_Inc.#Appeals_Court

Linux command line mistake 'nukes web boss'S biz'


Whilst you're here...

... so you avoid the other 'rm' gotchya that traverses into the parent directory of the target when intending to delete 'dotfiles' via something like:

rm -rf .*

which matches ".." - the parent directory inode - and will merrily remove all entries in that directory too.

The shell file-name wildcard expansion is responsible. Use this instead (example with 'ls' to avoid damage):

bash/dash/sh: ls .[!.]*

bash/csh/zsh: ls .[^.]*

which will pick all the dot-files but not double-dot (link to parent directory). Only time this will be problematic is if there are files/directories named with the style "...three-dot-file".

US anti-encryption law is so 'braindead' it will outlaw file compression


And if everyone emails random data...

... imagine the fun when the government tries to force 'decryption' to plain-text :)

Any cryptographically secure data should be indistinguishable from random data.

BT hauled into Old Bailey after engineer's 7-metre fall broke both his ankles


And his colleague is still there, waiting for him!

Warning: black humour!

See Streetview: https://goo.gl/maps/z7WUjxGdXdN2

Bundling ZFS and Linux is impossible says Richard Stallman


You probably don't want to use OpenZFS on Linux...

... on your SSDs since it has no discard (TRIM/UNMAP) erase-block support in the file-system.

There are *experimental* patches coming along but they won't be in Ubuntu 16.04 LTS.

For TRIM/UNMAP discard support use eXT4 or BTRFS.



Biting the hand that feeds IT © 1998–2021