Posts by Jamie Jones 4305 publicly visible posts • joined 14 Jun 2007
I'm surprised that people people believed that adding a delayed copy of a wave to the original wouldn't screw things up when the wwaveform varies... But then, I come from an electrical/electronic/engineering background, not a snake-oil one.
" it becomes immediately obvious how bad DAB, MiniDisc and MP3 are and that the only lossy codec that has any merit is AAC (at an adequate bit rate). "
This isn't a loaded question - legitimately curious - where does OGG vorbis stand here?
Hi, maybe the analogy is a bit crappy. I was trying to think in terms of a personal case without using a lawyer. I.E. just me trying to claim for damages to my car, and being referred to as an ambulance chaser in the process.... Yes, I know, insurance companies do this part - as I said, crappy analogy!
Now, this case is complete bollocks, and I agree entirely with your opinion on them.
I hate the scum sucking parasites who behave this way, but then, I'm not saying this in a court where a verdict has yet to be reached.
As such, (and IANAL) I still believe this is a fair decission.
I hate these scum-bastards as much as the next guy, but surely this is a reasonable request as this sort of language is prejudicial - they've not been found guilty yet!
I'm sure if you legitimately took someone to court for rear-ending you, you wouldn't feel it fair if the defence kept referring to you as the litigious ambulance chasing con-man
Firstly, I'm not one of those who will blindly defend UNIX, and downvote anyone who dares criticise it (even if they have a valid point) but I'm sorry, this is absolute bollocks.
"Since this bug originates from a design problem it will be very interesting on how operating system vendors address this problem. It is something you cannot fix with a simple patch. The way on how the system interacts with files has to be completely redesigned," SEC Consult writes.
Seriously, what is their agenda? As others have pointed out, this has been known by any half-compitent UNIX user for ages. There is no OS level bug to fix.
No UNIX system needs to be completely redesigned (and if it was a real problem, it would only be the SHELL and it's globbing that would need to be 'fixed' - this has bugger all to do with the way the 'system' (kernel, compiled executables etc.) work)
As has already been mentioned here, any fault solely lies within buggy crappy programs ("buggy crappy programs holding hands" *cough* /coat) and they can be fixed without needing to make any changes to the UNIX kernel, userland, or even the bloody shell.
TO BE FAIR.....
It can be argued that the fact the way globbing works makes it easy for incompetent shell programs to screw up is at best unfortunate.
Indeed, there are many who argue that kernels should not allow files to exist which start with a '-', or contain spaces, newlines, tabs, various binary characters etc...
But, all competent UNIX programmers know that filenames can contain *ANY* value from the 256 in a byte, apart from ascii '/' and NUL, and therefore code appropriately.
This flexability may be a curse to some, but it can be useful to proper programmers (after all, why should a program written in C be restricted from storing files with 'special' characters just because some badly written shell scripts can't cope? -- especially as spne of these systems will be storing files that NEVER need to be accessed from the shell)
Yes, this has been known for years. Just like sql-injection, and other problems, you simply need programers who know what they are doing, without forcing syntax restrictions on them to appese the stupid.
There is a very well written website that describes these issues (and it itself has been around for years):
http://www.dwheeler.com/essays/fixing-unix-linux-filenames.html
well worth a read, but to be blunt, anyone who is surprised at what it says shouldn't be bloody programming shell scripts to be consumed anywhere other than their home computer in the first place.
/rant
" ...A peddler of creepy advertising, like a tobacco executive who peddles cigarettes to children in developing countries.... I'd wake up and ask myself: What am I doing with my life...???
If I was the anon coward who had posted this same message at least 3 times now, in different El Reg forums, I'd be wondering similar.
Noooooo! I've just upvoted Matt again! :-)
I fear he's right though - MS will bask in the glory of being seen to be policing the internet - however misguided this may seem to us lot.
And yeah, mega-corp won't give a crap about any outage that doesn't affect them
It's always harder trying to work out exactly was has been setup incorrectly with just the results to go on... A bit like reverse engineering in a way.
I don't have the inside knowledge that you have, but I tried to explain similar in my incoherent post above (which deserved down-voting for the formatting alone!)
However, I'm wary about your solution - assuming their configs are pretty much 'stock', simply changing the zones to authoritative will mean the servers will not look elsewhere for the data, but will expect it to live locally. - of course, the zone data isn't local to microsoft, due to their kludgy solution (which can be made to work, but errrr. not like that)
As you are aware, but I'll try to clarify for anyone else who maybe confused (I'm looking at you, Microsoft!), the difference between authoritative/non-authoritative is as follows: (and to the techie pedants, I'm purposefully leaving out some stuff not relevant to the situation)
Basically, there are 2 separate functions performed by nameservers. Generally these days, nameservers are configured to do one or the other.
However, nameserver software can perform both roles simultaneously, and in the past, they usually did, adding to some peoples confusion.
These 2 functions are:
1) "Lookup addresses for people" - These are the nameservers you configure in your home systems, usually the nameservers of your ISP or googleDNS or opendns. These are known as 'recursive' - they probe the various servers in the chain until they find the answer you're looking for, and then return it to you as a 'non-authoritative' - this means the nameserver you queried doesn't "own" that answer. It got it from elsewhere.
2) "Host and supply the actual data being looked up for a zone" - These are 'authoritative' nameservers. Different domains are assigned to specific sets of authoritative nameservers. These are the servers your ISP's nameserver finally contact to get the info you require.
For example, the authoritative nameservers for theregister.co.uk hold in a file (db/text/etc.) a record containing the address 92.52.96.89 which is returned when someone queries www.the.register.co.uk -- Change this data held on the authoritative nameservers, and the change will propagate across the whole internet.
If you talk direct to an authoritative nameserver, and query a host in a domain it is authoritative for,it will return the *authoritative* (straight from the horses mouth) results. If it doesn't have a match for your query, you are authoritatively told 'not found'. There is no forwarding to other servers. It's own decision is final.
Additionally, if you ask an authoritative nameserver for an address that isn't in a domain it's configured to be authoritative for, then you get a null result (except in the case I mentioned above where some authoritative nameservers are also configured as recursive nameservers...)
----
How this applies to this case:
By taking over the domains, microsofts nameservers are now considered authoritative. The internet-wide nameservers are being told this.
Now, Microsoft needs to configure their nameserver to say 'I'm authoritative for no-ip.org - and the info for the hosts contained within that domain is held in file xxxxxxx.zzz'
The 'gotcha' in this case is that MS doesn't have the no-ip database! Even if they did, the host address updates from users wouldn't happen unless they also took over the whole update infrastructure (which is actually done under a domain no-ip still control)
Their solution? Even though 'the internet' considers their servers authoritative, they've specifically not set them to be - instead configuring them as recursive nameservers that lookup the results elsewhere.
Of course, following the normal path, they'd look up the nameserver responsible and forward the request there. Of course, the nameserver they would lookup is their own, so it wouldn't work - so they've set in their config files the original no-ip servers as an override..... A bit like how some of you edit your hosts file to override an IP address, they've editted their config to override the whole domains nameserver for these domains they've stolen.
So, their nameservers basically behave as recursive nameservers, just as your ISPs nameserver does for you. The only difference is they've been hardcoded with the original no-ip dns info instead of using what everyone else is supplied, so the requests go to the right place, and the results retrieved, and replied with... HOWEVER, ISPs nameservers expect an authoritative response. microsofts servers are configured to relay the request to no-ip and then return it as *non-authoritative* (i.e. 'here is the information you wanted... but i got it from elsewhere)
At this point, all sane resolvers reject the data. They expected authoritative data and they damnwell better get it!
So, if microsoft simply configure their nameservers to be authoritative as they should be, then they will no longer get the data from no-ip.
What they NEED to do is kludge it so that internally it looksup the data as a recursive nameserver, but when it presents this info, it needs to present it as authoritative.
I'm afraid this sort of hack is beyond simple nameserver configs, and as we see, beyond microsoft engineers, who seem not only to not understand the concept/reasons for authoritative/non-authoritative, but are willing to foist their ignorance onto millions, using a power received under dubious circumstances in the first place...
Now...... Where's my money? :-)
" So, how does that work then? How does my noip client update my IP? I'm pretty sure Microshit haven't implemented the "dynamic" part of the noip service."
They are forwarding the lookup back to the original no-ip servers, so they are sort of acting like a man-in-the-middle.
However they've screwed up the way they've done it.. See my more detailed post below
They are 'honouring' updates to the users dynamic addresses, but in a horrible and incorrect way:
The authoritative nameservers are configured as recursive for *ALL* domains (yuck)
They have configured an override to divert forwarding requests for these affected domains to the no-ip (original) authoritative nameservers. (i.e. they've statically added NS records for the affected domains pointing to the no-ip servers)
They therefore reply to the client with the correct IP address.
This would be fine for a recursive nameserver, but these servers are configured as *authoritative* nameservers for these domains - and are accessed as such, but they are returning the result as non-authoritative.
Basically, this creates the following process (Example uses the no-ip.org domain, but the same applies to the others. Some irrelevent steps skipped/simplified) :
1) User requests the IP for some-subdomain.no-ip.org
2) Users local nameserver (usually belonging to their ISP) checks the .org servers and is told that the 2 microsoft nameservers are responsible for this domain.
3) Users local nameserver ask the microsoft servers for the authoritative ip address of the subdomain, only to be given an unauthoritative result, along with the message 'if you want an authoritative result, go here' which points BACK to the same microsoft nameservers.
4) Users local nameserver replies with SERVFAIL because the nameserver that is meant to be authoritative is not returning an authoritative response.
Whichever bozo claimed everything is working presumably just did a 'raw' nslookup, saw the response, and didn't think (or know) about authoritative/non-authoritative results.
Or maybe MS nameservers don't handle authoritative/non-authoritative results correctly, so things 'work' if your ISP uses a microsoft nameserver product?? I don't know, just a guess...
Anyway, MS, I think this post is worth many thousands of your MS dollars!
By way of an example, here's a session capture using a jo-ip.org domain chosen at random:
4:37 [2] (1) "~" jamie@lapcat% nslookup
> server a.root-servers.net.
Default server: a.root-servers.net.
Address: 2001:503:ba3e::2:30#53
Default server: a.root-servers.net.
Address: 198.41.0.4#53
>
> home.no-ip.org.
Server: a.root-servers.net.
Address: 2001:503:ba3e::2:30#53
Non-authoritative answer:
*** Can't find home.no-ip.org.: No answer
> set q=ns
> home.no-ip.org.
Server: a.root-servers.net.
Address: 2001:503:ba3e::2:30#53
Non-authoritative answer:
*** Can't find home.no-ip.org.: No answer
Authoritative answers can be found from:
org nameserver = a0.org.afilias-nst.info.
org nameserver = a2.org.afilias-nst.info.
org nameserver = b0.org.afilias-nst.org.
org nameserver = b2.org.afilias-nst.org.
org nameserver = c0.org.afilias-nst.info.
org nameserver = d0.org.afilias-nst.org.
a0.org.afilias-nst.info internet address = 199.19.56.1
a2.org.afilias-nst.info internet address = 199.249.112.1
b0.org.afilias-nst.org internet address = 199.19.54.1
b2.org.afilias-nst.org internet address = 199.249.120.1
c0.org.afilias-nst.info internet address = 199.19.53.1
d0.org.afilias-nst.org internet address = 199.19.57.1
a0.org.afilias-nst.info has AAAA address 2001:500:e::1
a2.org.afilias-nst.info has AAAA address 2001:500:40::1
b0.org.afilias-nst.org has AAAA address 2001:500:c::1
b2.org.afilias-nst.org has AAAA address 2001:500:48::1
c0.org.afilias-nst.info has AAAA address 2001:500:b::1
d0.org.afilias-nst.org has AAAA address 2001:500:f::1
>
> server 199.19.56.1
Default server: 199.19.56.1
Address: 199.19.56.1#53
> home.no-ip.org.
Server: 199.19.56.1
Address: 199.19.56.1#53
Non-authoritative answer:
*** Can't find home.no-ip.org.: No answer
Authoritative answers can be found from:
no-ip.org nameserver = ns7.microsoftinternetsafety.net.
no-ip.org nameserver = ns8.microsoftinternetsafety.net.
> server ns7.microsoftinternetsafety.net
Default server: ns7.microsoftinternetsafety.net
Address: 157.56.78.73#53
> home.no-ip.org.
Server: ns7.microsoftinternetsafety.net
Address: 157.56.78.73#53
Non-authoritative answer:
home.no-ip.org nameserver = ns7.microsoftinternetsafety.net.
home.no-ip.org nameserver = ns8.microsoftinternetsafety.net.
Authoritative answers can be found from:
> set q=a
> home.no-ip.org.
Server: ns7.microsoftinternetsafety.net
Address: 157.56.78.73#53
Non-authoritative answer:
Name: home.no-ip.org
Address: 85.241.47.150
" The problem is that the American public gives more of a rat's ass about who is the next American Idol than whipping its miscreant government back in line.
This snow job is only possible because of the duplicity of so many different players."
Exactly the same here in Britain.
If it's not Britain's Got Big Brothers X Factor Strictly On Ice Get Me Out Of Here, people don't care
" No, I won't live with it. F.U., go back to your fly-by-night-fresh-from-uni-it-compiles-ship-it-no-money-for-software-assurance coding horror."
Ah..... Someone else who has the cheek to expect software in aircraft, missile guidance systems, traffic lights, power stations etc. not to fail.
How naive of us(!)
I know this is going to be a typical response here, but I have to say it anyway...
" During the day, Jim1001 wrote on the Office 365 community page:“Our entire corporation cannot send or receive emails from Outlook (Office 365 Exchange) or even the OWA web browser as of 8AM MST time this morning June 24, 2014! I have never seen a world-wide email go down like this."
Well Jim, you should sack the idiot who made this 'all eggs in one basket' decision to go to 'the cloud' (ugh) in the first place
" Get a PAYG SIM from Manx telecom. Isle of Man based network, roams all of the mainland UK networks. Same cost* as a mainland PAYG calls and texts."
Sounded interesting, so I checked the website.
Unfortunately, I don't quite see how their 25p per minute / 13p per text can be termed the 'same cost' as the 3p/2p I currently pay on PAYG with 'three'...
" Quite proud of the fact that I completely missed this outage, didn't even know it happened."
You mean that it's so unusual for you to not be 'connected' that it's rare for you to miss news of something like Facebook being down for just 30 minutes?
Well, I guess being proud of that is better than being ashamed, but still, sorry, mate, that's so sad.
"He might be Australian. We use "c*nt" colloquially, the same way Brits use "bastard" and Americans use "asshole", and it isn't intended to be misogynistic."
Indeed, but then, so do us Brits, and rest-of-world too!
It's not as if the poster was so annoyed with these people that he/she (Unlike Jan0, I'm not making a sexist assumption!) maliciously and nonsensically compared them to a feminine 'front-bottom'.
Rabid feminists do the legitimate cause more damage than sexist men
"When the victim types email and password, it’ll be sent over the network in an unencrypted form that can be easily read by any attacker – even the most amateur ones."
I assume they are talking about an open wi-fi - tapping a wired/fibre link is not automatically easy for 'any amateur attacker'
Most of the reviews on the play store read much like the piss-take reviews on Amazon items:
" Here's the thing, pretty much every company that has surpassed a single shop and an old fashioned till is dependent to some degree on tech (be it internal, outsourced or hosted) as such you can classify every company as a tech company if you want"
errr, yeah. Wasn't that what the article said?
Ah, so armed uprising means it's OK to close the internet, like that's going to make any difference.
Bloody hell, you've all been complaining about censorship, yet this is OK? NIMBY's?
The internet is used by paedophiles so should we close that down?
I feel you are all hypocrites who wouldn't stand for it here, but because it doesn't affect you, you've all turned into Matt Bryants.
Really? It was said that during their more active times, Al Queda used the internet to communicate, and recruitment and propaganda web sites exist. Should the government have therefore attempted to close the internet in the UK?
How about banning mobile phones too? Surely that's the next logical step.
You know, cars and roads make it easier for criminals to escape...... Ban them too!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
