* Posts by MarkSitkowski

139 posts • joined 14 Sep 2012

Page:

Biden warns 'real shooting war' will be sparked by severe cyber attack

MarkSitkowski

Here's a Thought...

Rather than discuss going to war over software security, why don't we just make it illegal to connect any public utility/critical facility etc to the Internet?

Until recently, New Zealand ran its electricity infrastructure on RS232, which is beginning to sound like a good idea, again.

Also, instead of blindly going to war, why not re-employ the guys who found Osama Bin Laden, to find the hackers? Give them the same instructions, and sit back and wait.

CentOS Stream: 'I was slow on the uptake, but I get what they are doing now,' says Rocky Linux founder

MarkSitkowski

Stability? Bah, Humbug

This word 'stability' that's being bandied around is a little overworked. The fact that an operating system is the vehicle fin which applications run should be a clue to the fact that it should not have a drastic change with each new release.

Stability is what we had with SunOS 4, when each new release only contained minor improvements, which needed no changes to administrative procedures, and no need to recompile applications.

Now, it seems that Linux has gone the way of Windows, where every version contains incompatibilities with other versions, and each new release contains crap that nobody needed, but that some developer decided was good for you.

Now that there are dozens of things claiming to be 'Linux', which one do you choose, in the fond hope that it'll still be around in a few years? If you compile your product on one incarnation, are you sure it'll run on all the others?

I stopped updating CentOS after 6.9, since it had all the features I needed, but it was becoming apparent that somebody had started to pretend it was an application, which needed more 'features'.

Take a lesson from Boeing: If it ain't broke, don't fix it.

Report shines light on REvil's depressingly simple tactics: Phishing, credential-stuffing RDP servers... the usual

MarkSitkowski

Think positive, guys. Everyone is missing a golden opportunity at retribution.

It's a well-known fact that the Russian government only turns a blind eye to their hackers if they attack foreign targets.

How difficult can it be to use REvil's malware and delivery mechanism to execute a ransomware attack on Russia's state bank/power grid/hospital system etc?

Put the ransom money into REvil's bitcoin account, and let them enjoy it. Briefly.

Just for fun, it should be quite easy to spoof the originating address to be that of some random Russian server - perhaps in KGB headquarters.

Once they've traced it all back to REvil, there will be a few free Siberian holidays handed out.

Go to L: A man of the cloth faces keyboard conundrum

MarkSitkowski

I've been writing my dates like that since working in the U.S, where 2/7/1984 doesn't mean the same as 2/7/1984 means in the U.K.

This always-on culture we're in is awful. How do we stop it? Oh, sorry, hold on – just had another notification

MarkSitkowski

Re: "measure what they deliver"

"...486DX2 was the pinnacle of technology..."

I'd say the Sun Sparc20 might be closer to that pinnacle?

Hungover Brits declare full English breakfast the solution to all their ills

MarkSitkowski

Re: Monopoly

Yeah, but where's the fun in that...?

Deluded medics fail to show Ohio lawmakers that COVID vaccines magnetise patients

MarkSitkowski

Re: Strike out!

Don't know if this helps, but a recent survey of the average IQ of professional people placed doctors at the very bottom.

An anti-drone system that sneezes targets to death? Would that be a DARPA project? You betcha

MarkSitkowski

Re: Loitering/multiple targets?

As far as I remember, the cruise missile has a map in its head, which is refreshed every morning, to cater for snowfall and other terrain-altering events. When in-flight, on a mission, if it gets lost, the default is to attack whatever is below.

Tiananmen Square Tank Man vanishes from Microsoft Bing, DuckDuckGo, other search engines – even in America

MarkSitkowski

The picture was missing for the anniversary, so the CCP succeeded

MarkSitkowski

I remember the news reports of that time. Wasn't Kate Adie's cameraman hit by a stray bullet while the 'Liberation Army' was shooting students?

Congestion or a Christmas cock-up? A Register reader throws himself under the bus

MarkSitkowski

Re: I found it best to...

A company for which I worked needed some ball bearings to fix a ballrace in a specialist camera. The purchasing department was given a requisition for "12 .3 inch ball bearings, surface accuracy 1/10th of a thou". The failure to write the decimal as '0.3' resulted in loss of the decimal point, which led to the delivery of a dozen 3 inch steel balls, with an amazing surface accuracy, and an astronomical cost.

The supplier wouldn't take them back, so they were raffled off as 'decorator items' to the staff.

China all but bans cryptocurrencies

MarkSitkowski

Hu's on first...

Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine

MarkSitkowski

Re: Turing -> von Neumann -> Intel et al

We use self-modifying code to create 'virtual' encryption keys. These are scattered throughout the executable, and are inaccessible to anyone except the executable itself, once they're set.

'A massive middle finger': Open-source audio fans up in arms after Audacity opts to add telemetry capture

MarkSitkowski

Re: Audacity was already on the replacement list

I run version 3.0.2 on Win 7, and it works fine. Having read the article, though, this will probably be the latest version I'll use.

Cloudflare offers $100,000 for prior art to nuke networking patents a troll has accused it of ripping off

MarkSitkowski

I thought I read a few years ago, that a new anti-troll law in the US said that if you bought a patent, you had to implement it before you could sue anyone over using it?

OK, so we don't have a flying car yet, but this is possibly even better: The Internet of Beer

MarkSitkowski

Re: That’s one big battery

Unless the body of the keg was the antenna?

Listen, son... Monster trucks just aren't cool anymore. Real winners drive Tesla Roadsters

MarkSitkowski

Re: Honestly

I think the problem is, that nobody tells you where the electricity comes from. Usually, it's from a coal-burning power station or, worse, from a nuclear power station. How green is coal slag or radioactive waste? On a side thought: The world's supply of lithium is even lower than that of crude oil, so what happens when the lithium runs out?

Nestled between donuts and gingerbread creations lurks the Windows 7 EOS fairy

MarkSitkowski

Re: Appears to be a constant chase

If you buy a car, and the manufacturer decides it'll no longer supply spares for it, if you're happy with the performance of the drum brakes, then how would you feel if they decided to frig the radio, so it constantly poured out propaganda about how bad your car was?

When you've paid for your OS, it's your property, not Microsoft's, and any attempt to disable features (like the DVD drive, which was their parting shot) should be an offence.

A floppy filled with software worth thousands of francs: Techie can't take it, customs won't keep it. What to do?

MarkSitkowski

At one point in my career, I was responsible for supporting the company's application development office in France. On arrival at Roissy, my luggage went into the X-ray scanner and, on its arrival at the other end, several gendarmes surrounded me, with exhortations to "Put up your 'ands", while pointing their mitraillettes at me. The customs guy rummaged through the case, and triumphantly produced several reels of half-inch computer tape, at which point the gendarmes lowered their weapons, and explained "Sorry, they looked like magazines for a Kalashnikov"....

MarkSitkowski

I believe Johnny Cash reported a similar incident in "One Piece at a Time"

City of London Police warn against using ‘open science’ site Sci-Hub

MarkSitkowski

Re: "data and research ... is ... more strategically valuable ... than copyright-busting"

I (together with thousands of others) publish my stuff on Researchgate. Access to all work is free to all - even to non-members.

Microsoft customers locked out of Teams, Office, Xbox, Dynamics – and Azure Active Directory breakdown blamed

MarkSitkowski

Re: Sounds like this key management was quite complicated.

Do you really need an answer to that last question...?

OVH data centre destroyed by fire in Strasbourg – all services unavailable

MarkSitkowski

Re: English clause ordering

Talking of headlines, David Frost had a competition many years ago for the world's most eye-catching.

Number 1: "Archduke Ferdinand found alive. First World War a Mistake"

Number 2: "Pope Elopes"

SolarWinds just keeps getting worse: New strain of backdoor malware found in probe

MarkSitkowski

Re: Unable to boot up?

Actually, Unix doesn't allow you to totally fill up the disk, for that very reason. When df tells you it's 100% used up, you can still access it as root, as it leaves a few percent spare.

MarkSitkowski

And another thing...

"Law enforcement is not thought to be involved in the hacking..."

Why not? Isn't this what they're supposed to be doing? If the cybertrash can do it, why not the so-called cybersecurity professionals?

A word to the Wyse: Smoking cigars in the office is very bad for you... and your monitor

MarkSitkowski

Re: Don't think there's anything worse than the motherboard of a smoker's laptop...yuk

That merely demonstrates the poor quality of modern electronics.

Many years ago, when I worked for Tektronix, I went into the service department for some reason, and saw a guy with a hose, with which he was enthusiastically hosing one of our 475 series oscilloscopes.

On inquiring what was going on, I was informed that the scope had been on a geophysical survey vessel, from which it had fallen into the sea and, if it hadn't been for the mains lead, it would have been lost forever.

Wishing him luck, I went back to my office, but curiosity forced me to return, just as he was putting away the insulation shrinker (it's like a hair dryer). He plugged in the scope, turned it on, then flicked a few switches to prove it still worked perfectly, and tied a "Repair Complete" tag to it..

Laptop makers could learn something here.

Half a million stolen French medical records, drowned in feeble excuses

MarkSitkowski

Re: But they still don't know

It was Edward Fox...

Scottish rocketeers Orbex commission Europe's largest industrial 3D printer to crank out 35 engines a year

MarkSitkowski

Re: All these exciting new technologies!

Not so new.

There's a company in China that's been 3D printing houses and apartment buildings out of concrete for about a year or so. Surprisingly, the quality of the finish is about as good as that of traditional (concrete) buildings.

SpaceX small print on Starlink insists no Earth government has authority or sovereignty over Martian activities

MarkSitkowski

I believe the laws of physics say that can't be done. It would need to be a powered flight.

Soviet 'Enigma' cipher machine sells for $22k at collapsed museum's exhibits auction

MarkSitkowski

Re: The Thing

Pity they couldn't include the American eagle from the US embassy in Grosvenor Square. That had a listening device installed in the 1960's by a 'cleaner' - or whatever he called himself.

Forget about an AI stealing your job, even pigs can be trained to use computers

MarkSitkowski

Re: Done before?

It's been done more than once. After they got bored with the games, they worked on a project with me...

'It's where the industry is heading': LibreOffice team working on WebAssembly port

MarkSitkowski

Re: They can rewrite it is WASM..

"Charting on Calc is a maze of twisty passages, all alike."

I believe you need to make your way to the Bird Chamber, having thrown the axe at the Dwarf.

MarkSitkowski

Re: Deja Vu...

"So, we're returning to the old and not-so-good days of the X terminal then... Oh my..."

What's wrong with that? I only use my PC as an X-terminal, so I can connect to OpenOffice-2.2 (among other things), which does everything I need.

This scumbag stole and traded victims' nude pics and vids after guessing their passwords, security answers

MarkSitkowski

Re: "Security" questions....

Me too...

Drag Autonomy founder's 'fraudulent guns' and 'grasping claws' to the US for a criminal trial, thunders barrister

MarkSitkowski

Re: Due diligence

That's like blaming the victim in a rape case for not checking that it wasn't actually a real medical examination.

C'mon...

The curse of knowing a bit about IT: 'Could you just...?' and 'No I haven't changed anything'

MarkSitkowski

Re: Sorting other people's stuff

If you manage to find that new place that wants them, let me know the contact details. I have a Sun 3/60, three SPARC-2's and two Ultra-5/10's that I need to recycle... (recipient collects)

It's always DNS, especially when a sysadmin makes a hash of their semicolons

MarkSitkowski

Re: Anyone who ever dabbles in vi

Best damn editor ever invented. I've used it to convert a 5000 line Fortran program (something about using maximum entropy for spectral estimation) into 'C'.

Try that in notepad...

What the hell is going on with .uk? Dozens of domain names sold in error, then reversed, but we'll say no more about it, says oversight org

MarkSitkowski

Re: Tobacco Road

'Crane', not 'shovel' (I still have the record...)

Ireland unfriends Facebook: Oh Zucky Boy, the pipes, the pipes are closing…from glen to US, and through the EU-side

MarkSitkowski

Why is this different...?

"Like many other businesses, Facebook relies on SCCs to transfer data to countries outside the EU, including to the United States..."

For 'EU' read 'United States' and for 'United States', read 'China'.

Am I missing something, or shouldn't Trump be calling this 'spying'?

Raytheon techie who took home radar secrets gets 18 months in the clink in surprise time fraud probe twist

MarkSitkowski

Re: Nope

It was both Al and Mg. The principal components of thermite.

Linus Torvalds banishes masters, slaves and blacklists from the Linux kernel, starting now

MarkSitkowski

Re: Argh

Umm... a spade is used for digging, while a shovel is used for.. well.. shovelling - like a rather large scoop.

The two are not synonymous

'It's really hard to find maintainers...' Linus Torvalds ponders the future of Linux

MarkSitkowski

Re: "COBOL programmers of the 2030s?

I don't do Windows (except as Cygwin) but here's the above on Sun Solaris:

csh%[85] echo "int main(){return 0;}" >/tmp/crp.c

csh%[86] cc -o crp /tmp/crp.c

csh%[87] crp

csh%[88]

I think I'm missing the point...

MarkSitkowski

Re: I wonder why?

We stopped updating after CentOS 6.9 out of fear of systemd. Can't see any improvements worth having in any of the subsequent releases, so I guess we'll stick with it, or try BSD, sometime.

MarkSitkowski

Re: "COBOL programmers of the 2030s?

I have some 'C' code, written in 1985, on Unix BSD 4.1c, which has been compiled, over the ages, on Sun3.x, Sun 4.x, Solaris 5, 6, 7, 8, 9 and 10, Cygwin, various flavours of HPUX, IRIX, Ultrix, SCO and AIX, not to mention every version of Linux from the year 2001 to the present.

Not a single line of code needed to be changed, and there was only one #ifdef, to cater for the fact that Linux has no tell() system call.

I don't know about COBOL. but I challenge anyone to name another language that's as portable as 'C', and an operating system that's as consistent as standard Unix. The idea of someone writing Unix code in 'Rust' (whatever that may be) simply appalls.

There are DDoS attacks, then there's this 809 million packet-per-second tsunami Akamai says it just caught

MarkSitkowski

Re: And the next step...

Blacklisting is less than useful.

Blacklists contain thousands of entries, so you can't just enter each one as a firewall rule.

Also, these lists change from one day to the next, which would entail a lot of maintenance to stay up to date.

It makes much more sense to check the content of each query against a list of known hack queries, then add a firewall rule and report it if it turns out to be malicious.

MarkSitkowski

Re: And the next step...

Despite the naysayers' naysayings, we've been reporting abuse IP addresses to ISP's for the last 10 years (well, our IDS/IPS has) with excellent cooperation from almost all.

Best assistance comes from Russia ("The user has been terminated"...) and Brazil, whose CERT actively pursues each report, and worst assistance is from Turkey, whose CERT will block your emails if you report anything, and TurkTelekom will do likewise.

You need to remember that ISP's hate these cyber-vermin almost as much as we do since, apart from the nuisance value, they eat up bandwidth.

To-date, we've successfully reported 126,795 such parasites, who hit us about 1200 times a month. Additionally, there's an amplification botnet that sprays us from all the addresses from between 10 and 30 class-B domains (all spoofed) per day, which keeps our SYN/ACK detector busy.

Don't be negative, monitor your logs, and do report every single infraction. If nothing else, it means the cyber-filth has to work harder, to keep botnet numbers topped up.

Fortran greybeards: Get your walking frames and shuffle over to NASA

MarkSitkowski

Re: Old stuff sticks around

Just don't try to use that compiler on legacy code, like SPICE. Through the misguided idea that people use Fortran to write new code, they 'updated' it, to the point where it fails miserably on memory management, misinterprets the common block and bitches about Hollerith formatting. I believe it isn't actually a compiler, but a preprocessor, which converts your Fortran to 'C', then runs that through gcc. I've seen the same approach used by other Fortran so-called 'compilers'.

So you've set up MFA and solved the Elvish riddle, but some still think passwords alone are secure enough

MarkSitkowski

Re: "... believe the humble password is a good enough security measure"

It all depends on how you enter your password - or not.

https://www.linkedin.com/pulse/defence-humble-password-mark-sitkowski/

OK brainiacs, we've got an IT cold case for you: Fatal disk errors on an Amiga 4000 with 600MB external SCSI unless the clock app is... just so

MarkSitkowski

Re: The SCSI implementation on the Amiga was badly broken.

Oh, you modern people!

I have a Sun 3/60 with two external SCSI drives that are stll performing flawlessly.

Sun, obviously, got it right.

MarkSitkowski

Re: the real answer is probably some shared memory corruption

IBM's AIX also did the DEADBEEF trick all through the 90's

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021