* Posts by Creslin

15 posts • joined 5 Nov 2012

Someone slipped a vuln into crypto-wallets via an NPM package. Then someone else siphoned off $13m in coins to protect it from thieves


Taking from somebodies house as the window locks didn't look perfect. Not great.

The victim is supposed to know the name of everybody who could have took the missing belongings to check with them all, just-in-case, one of them did take the valuables and they're offering to give back.

Most munificent Apple killed itself with kindness. Oh. Really?


ReUse stuff, the bargains are abound with minor up-cycling

Nothing to do with apple but for tech in general Im loving well made kit that lasts an eon now out of support.

I've picked up two HP G7s, dual Xeon 6core/ 12thread and 76GB Ram for $250 each and an old 24port Gbit managed SMC switch for $30

The IO is shocking, $10 PCIe NVIe adaptor and 256GB M.2 $50 each and they're shockingly good hosts.

These are bargains but not uncommon, there's a huge market for old server kit, companies refreshing or moving to cloud feeding the market.

These tubs are bullet proof; giving me 48 x 3Ghz threads, remote iLO access, perfect for dev / learning, thrown them in your garage.

Ubuntu LTS, perfect fit.

... all for less than a today cost GFX card,, about the same power consumption too

Linux 4.19 lets you declare your trust in AMD, IBM and Intel


For a system that requires no encryption - why wait on boot

its akin to starting a service to disable it after.

yes encryption is good

no - not every system has a need for it - my media server as example.

EU wants one phone plug to rule them all. But we've got a better idea.


thunderbolt - not thunderbird

Though Brains and Lady Penelope are always a good bet in any international emergency

Bitcoin's blockchain: Potentially a hazardous waste dump of child abuse, malware, etc


That was quick! Crypto Prof @ john hopkins to release tools to publish into CT logs

Matthew Green cryptographer and professor at Johns Hopkins University has undertaken to have working code by end of this week to publish arbitrary data into the certificate log.

Once any illegal content is in the .com CT log the only means to remove it would be to also remove the ability for anybody to check they are connecting to a genuine .com site / the HTTPS certificate is real.


Same for the .com .net .co.uk certificate transparency log

By the exact same rational applied to blockchain this applies to the transparency log for all .com .net etc SSL domains we browse too.

If somebody, not I, put illegal content in any domain registered in certificate transparency log,,, does this mean we have to destroy the entire .com cetificate transparency and take out quite literally the majority of business SSL trusted sites? There is no way to remove one entry without invalidating the entire tree -- just like a block chain.

That would be quite chilling

Certificate logs over view:


UK reaches peak Bitcoin as bin firm accepts cryptocurrency


Stig of the dump asks

Will they accept tips too?

Parity's $280m Ethereum wallet freeze was no accident: It was a hack, claims angry upstart


Its the many investors money, not the companies

Investors place coins into multi-sig to then have a control over when funds are taken from the wallet by the project.

If the company had full control over the 1 million there would be nothing stopping the company just taking the money and disappearing.

The function of multi-sig --- when working -- is you can hold your investment money escrow and release on progress of a project. Typically this may be 80% of signatures are required to release funds to progress.

Assange will 'accept arrest' on Friday if found guilty


Its not "rape" as almost every other nation understands

Assange is accused with continuing consensual sex for less 1 than minute after the condom came off "mid-flow" and was asked to stop.

This is classed as rape in Sweden, but even there a very minor variant that would not normally warrant such after-the-fact attention, lest alone an international extradition request.

To think this case is criminal/justice focused and not political over-reach is short-sighted, in my humble opinion

Motorola’s X Force awakens a seemingly ‘shatterproof’ future


Re: too good to be true?

Specs say it has an SD card.


Debian upgrades Wheezy and Jessie with a combined 372 updates


Wheezy remains in production, as system-d still not fully stable compounds this

We've tried several times to jump to Jesse and at every turn found niggling but time consuming and therefore hacky bespoke work-around/fixes for deployments all related to SystemD

These are mostly on the edge use-cases, rsyslog, cacti, etc etc

But my point is we, and a lot of other shops, are sticking with wheezy for the time being till the system-d dust settles throughout the apt repositories. Somewhat compounding the whole Sec support issue for wheezy. An exception should be made, maintain wheezy for a couple years till the user-land catches up with SysD dependencies.

The whole rationale of Debian stable (as I viewed the OS landscape) was it was old, tested to death, not cutting edge -- but bullet proof on a server with apps a mere key stroke away. System-D ran roughshod over the whole unstable to stable process.

We need wheezy and we're lazy, but we're not the only ones..

Fibre Channel over Ethernet is dead. Woah, contain yourselves


Who says UCS are using FCoE, all our templates are iSCSI vNICs

Few mentions of UCS making use of FCoE from the fabric interconnects, the FCs also support iSCSI which opens buying disk 90% cheaper if you want it.

We now buy multiple cheaper NAS/(iSCSI SAN) units with NAS grade disk, the prosumer/consumer small NAS market has done a great job proliferating these disks across the market with features historically reserved for huge spindle arrays.

UCS FIs have 24/32 10Gbit ports, sure you can use them for FC - but why would you? UCS hosted visors can multi-path back-to-back to many 10Gbit Eth ports on a storage unit, no switch even required, bought at typically 10% of the cost of sage brands as EMC/Hitachi/NetApp (by the time you've not bought vendor lock-in disks)

I recently bought two QNAP 2480u-rp units, used any SSDs for cache, pay couple hundred dollars a disk, 4x10Gbit ports from intel, have 100TB in each for £16K (all approved, tested, does not break your warranty)--- or buy two vNXE's get slower throughput, less extensibility and pay 160K, 10x the cost. Plus none of those niggles SFF or LFF for SSD support/large disks, transceiver compatibility, expensive support, parts lockin, feature licensing

Little argument to be had, with virtualisation its simple to move the storage design to the visor, get resilience and MTTF by literally having spare kit in the DC itself -- who needs EMC any more for less than PT storage. 40Gbit a head over iSCSI - fast enough for most, entire spare unit -- staff close to the kit again.

Google's Nexus 5: Best smartphone bang for your buck. There, we said it


Sold out for weeks, ships in two days?

Little bit of a mixed message here,

,, as a test I ordered on this morning from Play - estimated delivery date - 11th Nov.

Naughty-step Apple buries court-ordered apology with JavaScript


They've also removed automatic redirect from apple.com to apple.com/uk from UK IPs

Its worse than only having to scroll...

Apple have also removed the automatic redirect from apple.com to apple.com/uk/; when accessing the site from a british IP address. Up until the new apology the redirect was always in situ - why remove now, if not to show clear disrespect for our courts order?

This is clearly a tactic to reduce the audience who will see the apology, the audience the court will have correctly assumed would normally view the apology without apples interference.


Biting the hand that feeds IT © 1998–2022