* Posts by Glen Turner

109 publicly visible posts • joined 6 Jul 2007

Petrol stations deploy anti-theft stingers

Glen Turner
Unhappy

@Kanhef - pre-authorized gas pumping

> That's the near-universal system in the US as well. It

> pre-authorizes the card for $75....

There's one bug. If you try to use a foreign debit card the pre-authorization doesn't disappear for a week or so. So you end up losing $75 + the gas price for the week. If you fill up often, because you're travelling, it doesn't take too long before your holiday savings are tied up in pre-authorizations. Same issue with hotels. When travelling in the USA you really need a *credit* card.

SANS sounds alarm on Debian OpenSSL flaw

Glen Turner
Flame

@AC -- misses the point, it's worse than a patch can fix

"Any OS that isn't up to date on patching is a risk."

You miss the beauty of this particular vulnerability.

You can patch your software and *still* continue to use the vulnerable keys. One you've patched, every ssh user on a Debian/Ubuntu has run regenerate their keys. Ever tried to get *every* user on a multiuser machine to do anything?

Even better, patching your system and regenerating users keys still leaves the machines you've ssh-ed to using a public key vulnerable. All machines running sshd and accepting public keys have to identify and delete the keys from Debian/Ubuntu systems in /home/*/.ssh/authorized_keys. This is why we're starting to see security advisories from operating systems which lack the fault, such as CentOS.

To summarise: Debian/Ubuntu systems: delete all keys, including user keys, and start over. If I were system administrator of a multi-user Debian/Ubuntu machine in addition to patching and regenerating all system keys I'd blatantly delete all /home/*/.ssh, let the chips fall where they may, deal with irate users, but sleep knowing my machine was secure.

Other systems: to be safe delete all imported keys, particularly /home/*/.ssh/authorized_keys. Be careful not to lock yourself out whilst taking these steps. You will get some annoyed users. Live with it: if they were going to fix it themselves they'd have done it by now. You can always restore the .ssh directory of the One Decent User from backup.

Flame: because I'd like to toast people at both Debian and OpenSSL. Despite their "better than you" unapologetic attitude they've unleashed the biggest threat to Linux systems in years.

HP leaves Dell with an EDS-shaped hole

Glen Turner

@James Anderson

Look at it another way. Which builder makes more money, the subcontractor that builds the house or the developer who sells the house-and-land package?

Standalone security industry dying, says guru

Glen Turner
Paris Hilton

@Jason

"My past experience with auditors who manage the reports from security assessments is that you fix the big things first, then move on to the smaller things."

ROFL. My experience with auditors and security assessments is that we end up teaching them their business, and then being billed for that learning. One year you'll be given a hard time by the auditor about a method, the next year they'll give us a hard time for not using that method fully enough. Obviously they've been to a conference in the intervening year and had a long deep drink of the KoolAid.

Your typical auditor will read a rule from a audit manual -- such as "all system accounts must be owned by a person and must not be shared". You'll then spend weeks explaining why the "root" account must exist (even if it need not be able to be logged into) and what all those system accounts the various daemons use are. We had to write a report listing every daemon account and the processes which use them.

This year we're teaching our auditor about ssh public keys, about using cfengine in preference to backups of non-data, and about application-specific firewalls. We'll be billed more than $10K for giving this education.

Paris, because auditors get around but still don't learn.

UK Reaper drone wrecked in Afghanistan

Glen Turner

Insurance

Folks, insurance companies don't pay for items destroyed by an act of war (check your policy). Flying military aircraft in a warzone is an act of war, so taking out insurance on military aircraft is, well, useless. Assuming you can find an insurance company insane enough to offer such a policy in the first place.

Military equipment is usually shipped "free on board" -- once it has been consigned to the shipper responsibility for making good any loss or damage passes to the purchaser. Since most purchasers are governments, they self-insure from that point.

Sending the SBS in to grab the secret bits was a fine idea. US forces got the shock of their lives at the amount of "destroyed" US high tech equipment which had made its way to the Tora Bora caves.

Ballmer bitch slaps Vista

Glen Turner

@Jeff and UAC

What is wrong with Vista UAC is its user interface. We know that because we can test two UAC implementations.

Vista says in advance: "Allow this perhaps-hostile action: yes/no". SELinux says after the fact: "I've denied this perhaps-hostile action. Do you want to know more: yes/no".

The Vista approach is necessarily in the user's face. And not surprisingly, that annoys them. So although SELinux's approach seems more complex, it has the better user experience: it can simply blink an icon on a ribbon bar.

The SELinux approach requires a sophisticated set of rules, which Red Hat has been building for about two years now. But these are under the hood. And it's not like Vista wasn't in the pipeline for long enough to develop a good ruleset.

No UAC at all gives the best user experience. But so does running as Administrator or root. UAC is needed on machines using the modern Internet, as its the only method we have of dealing with zero-day exploits, even regular updates of software doesn't cut it anymore.

Women love chocolate more than password security

Glen Turner

Bogus competitions and the law

Hang on. These folks ran a bogus competition. There are specific laws against that. The headline should be "Security professionals scofflaws in annual PR stunt".

DNS lords expose netizens to 'poisoning'

Glen Turner

@zcat

@zcat: One of our local banks has an interesting approach to the problem.. they set the DNS expiry time to zero so that it's never cached and every lookup has to go back to their server (in Australia)

Which is exactly why the DNS caches in Australian ISPs set a minimum cache time. We got sick and tired of that bank's DNS server being temporarily unavailable and the blame for the apparent lack of connectivity falling on us ISPs.

This problem is easily fixed by deploying DNSSEC. It's well time the DNS registries got that happening. DNSSEC isn't suitable for use on all names in a firm, but it's deployment against the DNS names supporting public services would address most of the real-life spoofing problem.

(New) dirt-cheap bots attack Hotmail Captchas

Glen Turner

It's the govmint's fault

The real problem here is the Wassenaar signatory governments' suppression of cryptographic technologies during the development of e-mail. Otherwise you'd simply regard as spam those e-mails which are beyond some distance in your web of trust.

Now it's too late to get that sort of sophisticated crypto user interface into e-mail clients.

World Bank chief: Ethanol cars run on human misery

Glen Turner

Smugness born from never a day's hunger.

I'm a real, trained economist. I used to do it for a living. I now program computers because they pays more (a nice demonstration of real-life economics there). The classical economic arguments I'm reading here are pure self-justification.

The first world has rigged international trade with the third world, so economic arguments which assume a free market are laughably naive. One of the major reasons crops are being sold to the first world for ethanol production is simply that they can't be sold to the first world for eating. In your world of pure economic dreaming both of these uses would fetch the same price. In the real world, the market for the higher-value use is forbidden to the seller.

This was a deliberate betrayal, including by the UK. The Uruguay Round removed the barriers to trade of most manufactured goods and services, a great benefit to manufacturing and financial services nations at the cost of (usually poorer) agricultural nations. The subsequent Doha Round was to liberalise agricultural trade. But guess what, the manufacturing nations are happy with the situation as it is and the US and EU are doing their best to torpedo the Round.

Coffee production is being held up by some postings as a high value crop? In Ethopia? WTF, the situation there is so bad there was a Sundance-screened feature documentary "Black Gold". The PR stink was so bad that Starbucks whacked a "fair trade" coffee on their menu.

Coffee growers get 1% of the retail price, because Western consumers love their brands, resulting in a monopsony of buyers (coffee is a commodity, but US consumers pretty much all purchase via Starbucks, Nestle, Sara Lee, Kraft, Proctor and Gamble giving them the power to pay bugger all of nothing). Like a monopoly of sellers, classical economics' theories of free markets fail in a monopsony. So most of the comments which focus on simple production substitutions between coffee and grain are the sheerest bunk.

There was a recent study into the CO2 emissions of crop-produced ethanol. A hunt in New Scientist should find it. It's well worth a read as the references include most of the solid studies into the economics of ethanol.

The argument that increased crop-derived biofuel use in the first world will lead to deaths from starvation in the third world seems solid. This is hardly the first study to say so and instances have already been documented.

If that sits uneasily with your morals, then living in a rich country you are not short of alternatives. I ride a bicycle myself.

Google data centers snub Africa, Oz, and anything near Wyoming

Glen Turner

No data center in Australia due to legal risk

Google Australia have stated that a data centre in Australia is not possible due to the risk to Google of Australia's DCMA++ copyright laws.

Al Gore's green job bonanza - can we afford it?

Glen Turner

Productivity of labour is the key point

Tim: "For, as I say, all those jobs, all those revenues, are properly counted as a cost of such schemes, not a benefit."

You are making the same error as the pollies by looking at the wrong statistic. The key classical economic concept at work here is the productivity of labour.

Via international treaty the cost of the carbon pollution externality is going to be added into the cost of production. That will cause the productivity of carbon-emitting industries to fall. In turn the wages they offer will fall relative to the remainder of the economy.

Or, taking the positive spin that pollies like, non-carbon-emitting industries will have increased productivity, causing he wages that offer to labour to increase.

Anyway, the result is an incentive for labour to move from one industry to another. Labeling these as "new" jobs is a tad rich, almost as rich as infrastructure developments claiming "new" job creation for the builders of those projects.

Note that this isn't zero-sum basket-weaving: the increased productivity in the new sector increases the national wealth (as long as you're comfortable with the idea that atmospheric carbon decreases the national wealth).

The problem with this classical economics approach is two-fold.

Firstly, the time lag between price signal and action are long in capital-intensive industries, usually around a decade but that may be much longer at this moment (approach a bank and want to borrow $2B, you've no hope at all during the current banking sector crisis). The cost of that lagged signal is large, as the externality is increasingly increasing in cost. This market failure obviously requires some government intervention for the solution with least cost to the nation to be found -- government doesn't require a functioning capital market to make an investment.

The second problem is that the cost of the externality is artificial. No one knows what the proper cost is until the effects of the cost can be measured. That is, until it is to late for any reasonable market-based corrective action. This leads to a lot more problems than usual with pollution pricing schemes: carbon pricing is very vulnerable to a simple denial that a problem exists (no effected people can yet be shown). Then there are all the usual problems with pollution pricing: such as how to distribute the pollution price (using it as government revenue isn't wise) and the incentive for avoidance of this artificial cost -- either by moving operations to another regulatory place or by extra-legal avoidance.

Getting back to Tim's quote. What the pollies should be touting is the increased wealth of the nation from the transfer of jobs from the less productive to the more productive industries. You could even state that number in job-equivalent units. The problem with economics is that we can't tell them what this number will be -- the situation is too complex to do anything other than give numbers at the boundaries (and they are frighteningly enough, to be honest).

British youths think Churchill went to moon

Glen Turner
Boffin

Survey is a push-polling ad

What do you need to get The Register to push Disney's new Power Rangers' DVD? Publish a survey showing that young children don't know stuff that happened before their most of their parents were born.

Surveys are marvellous: they're peanuts to run, you manipulate them to get seemingly outrageous results, and then the media gives you more coverage then you would otherwise be able to afford. The media are now cynical about surveys, which is why you slip a donation to some august but short of cash body to be associated with the survey (sometimes you don't even need to give them money, they'll happily lend their name to efforts to educate the little 'uns if you make the sob story good enough).

Original MR here in full Disney Home Entertainment technicolor:

<http://www.responsesource.com/releases/rel_display.php?relid=37671>

You'll note that there's nothing similar on the RAS site, which suggests that they've just lent their name.

Using the same test adjusted for the older age of El Reg's readership, name the opposing military leaders of the Boer War (no Googling, you in the back row).

So what's the easiest box to hack - Vista, Ubuntu or OS X?

Glen Turner
Coat

Soft Linux target

I would have thought that Fedora running SELinux would have been the harder Linux target. Zero remotely exploitable flaws to date.

My coat is the one with Mandatory Access Control.

How big an eco-hazard is IT equipment?

Glen Turner

Networking missing that green tinge

The other always on but doing nothing device is the computer network. Ethernet switches run 24x7 at full power, even for the 50% of the time the office is unoccupied.

Nortel widens telecom tubes with 40Gb/s optical cards

Glen Turner
Paris Hilton

@mvrx

mvrx scribbled: What's interesting here is in relatively short order, desktop motherboards will include 10GbE interfaces and server motherboards will probably have 40GbE.

Host interfaces have always been easier to design than long-haul interfaces. It's the difference between 100m and 50,000m.

(Paris, because she's easy from any distance)

'Fuzzy' royalties policies challenge Microsoft's open API pledge

Glen Turner
Unhappy

Worth $1m?

"Media Pack, a bundle of media codecs worth $1m that Microsoft has licensed from major codec patent holders."

You're saying it would cost me as an individual $1m to license those codecs? I call BS.

DAB: A very British failure

Glen Turner
Coat

Subsidies for DAB when the masses want iPods. Why?

"Price is a consideration. So all new radios should support DAB, or both, so that the price differnential is reduced."

Oh come on, the price differential is near infinite. Analogue FM receivers are so cheap they are given away. I got one for going to a Microsoft sales event, and then another from Coca-Cola for taking my kids to little athletics. The little community radio station around the corner gives them away with their frequency printed on the radios, and it has got only 200 members.

The only subsidy that's going to have any effect is to send a "free" DAB receiver to every house. But of course there's nobody that gets sufficient benefit from DAB to pay for that. There's a hint there, huh?

Compare DAB with the iPod. People there see enough benefit to buy one with no government subsidy. In fact, they'll even put up with risk of the government's inept copyright legislation biting them on the behind.

The iPod shows that people want to listen to *their* music. When they listen to DAB they either want something remarkably like what's on their iPod (and thus totally unattractive to mass market advertisers) or near-live information (such as news and current affairs). DAB falls between the stools here, with less than iPod quality, insufficient reach to build an audience attractive to advertisers (Sirius in the US is nationwide), and can't compete with major stations for talk/news radio (which has big fixed costs).

Anyway, that's what the DAB implosion looks like writing beyond the blast zone from the safety of Australia. Noting that our Department of Communications and Other Technical Whatsits is all too keen on introducing digital radio here, using the UK as a "best-practice model". Duh!

EC jacks up Microsoft fine by €899m

Glen Turner

@Michael

They don't need to seize assets, the WTO treaties allow the regulator to authorise its citizens to copy Microsoft products without prosecution. That is, Microsoft sees no future revenue from EU members. Microsoft is obviously betting that the EU won't try this on. But the EU is getting more and more annoyed and the new US President Hillbama might not want to get in a trade fight with the EU if they still want NATO in Afghanistan.

As far as the bailiffs go, I'll bet Microsoft's European staff are being reminded as we write to keep all their e-mail and documents on US servers, not on their local PCs. Just in case, after all they wouldn't want the EU finding Greg Blepp's suitcase of code Linux stole from SCO :-) There isn't much other attraction for the EU in Microsoft's assets -- multinational branch offices usually lease physical assets.

Google takes a swipe at OOXML

Glen Turner

@Graham's simple test

DIS29500 as it stands today incompletely and ambiguously specifies OOXML. Worst still, you can write conforming OOXML which will not be read by Office.

The first may be solved by ISO's current Ballot Resolution Meeting, although with a massive 1,000+ comments on a two-day work programme I have my doubts.

The second will only be solved if Microsoft gives a rat's about interoperability. Since we got to this point because Microsoft doesn't want to use OpenDocument because it would be too interoperable, I wouldn't be counting on prompt resolution of those bugs.

Airline pilot sacked for 777 Top Gun stunt

Glen Turner

Tower permission makes no comment on wisdom of pilot's intent

Posters misunderstand the role of the tower. The tower's permission is only for factors they control -- so they could be fit into traffic, the runway was clear and fire staff were on duty. Also, being home of Boeing flight test, this tower would have heard stranger requests than this.

The pilot was a complete burke. This isn't a maneuver done with 50 people on board. The co-pilot got off lightly, he's in the chair precisely to thwart lead pilot stupidity or infirmity. The light penalties do make me wonder if some manager suggested the idea, but a pilot has the power of Captain for the purpose of telling that manager "no".

Time to rewrite DBMS, says Ingres founder

Glen Turner

Give them a break

These comments are at tad tough. Stonebraker has written three of the popular DBMS engines, so he does have more clue than posters are crediting him with.

Stonebraker's point is that the current DBMSs are designed to have not-bad performance in all applications. If DBMSs are designed for particular types of application they can be up to 100x faster since they can make design decisions which fit the application better.

The paper also points out that DBMSs were designed in an era of differing resource constraints and designing for the current resource constraints can improve performance.

For example, ACID doesn't fit web-generated transactions well and optimising the special case of database consistency of web transactions allows the DB to be much faster in that application (if much slower in a banking application). Obviously, SQL's language sucks for web transactions (injection attacks, XSS).

The authors make the very good point that if SQL is so fantastic, then why do stored procedures exist? They view the heavy use of stored procedures in real DBMS applications a tool for developing a pseudo-application-specific language. They want to have an explicit tiny language, rather than reinvent the wheel each time.

Those claiming that current DBMSs are the one true way are too young to remember the huge performance boost in web searching that accompanied AltaVista's relaxation of just one aspect of the historical design of DBMSs (that RAM is small and expensive).

It's not as if all current DBMSs are created equal anyway. MySQL seems happy to relax some traditional requirements, and Sleepycat, c-tree and TinySQL all offer alternatives which suit some applications better.

'Crash tested' e-voting machines spread doubt on Super Tuesday

Glen Turner

Paper rules

In Australia we vote the old fashioned way. Then we go home to watch the count on TV from 6pm onwards. Somewhere between 7pm and 10pm we know who won.

You can go and watch the count, and lots of people do. If you are civic-minded you can go and help collect the ballots or count the vote.

What really makes it work is that there is one government agency dedicated to running ballots, and that government agency is used by the federal, state and local governments. There are different requirements for voting between these ballots --- but really the issues which cause mis-voting problems are the same whether the voting system is first-past-the-post, proportional, Hare-Clark, or whatever. Although a large amount of volunteer labour is used, that labour is well trained, very experienced and the oversight of the agency's professionals is very good.

I've never seen a US vote, but there's a great community atmosphere on a voting day in Australia. The voting place is typically a school hall and outside will be representatives of the candidates handing out How To Vote cards, the school will be selling BBQed sausages and people will catch up with friends.

US Army struggles with Windows to Linux overhaul

Glen Turner

@Ken's two points

OpenBSD does have a better reputation than Linux in computer "security circles" but there are factors other than security when choosing a platform. One is continuity of supply, and if you read a few e-mails from Theo de Raadt you'll see that it is a miracle that the OpenBSD project hasn't imploded. It's reasonable for a large project to trade off some small security risk to avoid supply risk.

"IIRC, the NSA similarly announced that they would develop a secure linux kernel". I doubt the NSA said any such thing. A proof of correctness of something as large as the Linux kernel isn't possible, but that is required for the strictest level of Common Criteria security (ie, a device which may contain Top Secret data but connect to an Unclassified network). See the seL4 kernel for an idea of what is required.

What the NSA did do is to initiate and sponsor the development of a "mandatory access control" (MAC) feature for the Linux kernel. This lowers the amount of revealed by application security failure and can be configured to allow multiple levels of classified data, following Bell-La Padula or other classification models.

MAC is a required but not sufficient item for using Linux to store data of varying classifications. This is very operationally desirable: it allows one computer to store all the documents related to a task or project; and prevents data at a low classification level being upwardly classified simply because it is being stored on a computer of higher classification.

OpenBSD lacks a MAC feature and thus isn't as useful for some defence applications as you might initially suppose from its reputation with non-defence security people.

Transport Dept. IT: 23 years late, £100m over-budget

Glen Turner

@Matt

"In the private sector, if you are given a project and run over budget, tough luck. You can't just get bailed out by the tax payer, and everyone involved knows it."

When I read the paper this morning it said that governments have already bailed out US non-government banks to the tune of US$90bn.

Sun nails four buyers in 15 months with White Trash Data Center

Glen Turner

Computer centre already moving into parking lots

At a nearby university the data centre is moving into the parking lot a service at a time. First it was a backup generator in a shipping container, then a heat exchanger for the chillers, and most recently a demountable building appeared to replace the unpacking/assembly room which was previously in the computer centre.

With the servers being the only things left in the computer centre it's only a matter of time before they move into the parking lot too.

Juniper jumps into Ethernet switch game

Glen Turner
Coat

@sam

"We'll now have to learn a whole new language other than Cisco's IOS standard when our directors decide Juniper might be a good idea to implement......"

Cisco IOS a standard? I must have missed the news from ISO. Ahh, you mean in the sense that IBM's JCL was once the typical way of running a program, although I notice I don't use JCL much anymore :-)

Seriously, I use both Cisco and Juniper and the commit/rollback and "move" features of the JUNOS configuration language just rock. Those features are also in Cisco's next-generation IOS XR, but you won't be seeing that on switches.

There is a learning curve with the JUNOS language, mainly with the odd way used to edit the configuration (more like SNMP than programming). Juniper's stateless "set" commands work nicely with Expect scripts.

Of course, you don't edit the configuration on switches these days anyway -- who wants to log into a few hundred switches, even using Expect. So you might want to look at if/how much Juniper charge for their element manager. Not sure is they give it away for free like Cisco Works or charge like a wounded bull like the SDH/DWDM manufacturers.

An interesting question to ask is why are Juniper so late to this market, and to enterprise networking in general? It's a much larger market than backbone ISPs and even at the launch of the first Juniper router at NANOG potential customers were asking when enterprise use would be supported.

Join the army, get your ID pinched - MoD laptop goes AWOL

Glen Turner

Happy timing

The government has been very lucky. Ten years ago the IRA would have paid a small fortune for the home addresses of certain serving army personnel.

Dismantling a Religion: The EFF's Faith-Based Internet

Glen Turner

Protocol fairness has nothing to do with the Comcast dispute

I didn't see Bob's presentation at IETF, I assume it matches his SIGCOMM paper and his presentation at PFLDNet. His PFLDNet presentation was politely received, but I felt it to be lacking substance, nor was this substance forthcoming in his SIGCOMM paper.

To take one example, inter-flow fairness is the only mechanism which can prevent unfair treatment of a later-started flow. I doubt people want their second connection across their access link to run 1000x slower than their first connection.

Bob's paper also ignores the effect of fairness in avoiding process starvation -- an Internet based on Bob's paper would see a lot more connection timeouts during high load. Before rejecting fairness as a design objective another mechanism to avoid starvation needs to be proposed, which Bob's paper did not do. It is this sort of substance which Bob's comments on fairness currently lack.

The protocol design community does currently tie itself in knots as to how much and what types of fairness a TCP next generation algorithm needs to achieve. Bob's paper is useful in suggesting that in practice the last 10% of fairness probably doesn't matter. But there's no mathematical exploration or practical measurement of this in Bob's current writing, rather the argument is pursued through forceful statement. Given the high number of "non obvious" discoveries about the behaviour of TCP, argument alone is not convincing.

You say: "BitTorrent's basic approach to bandwidth consumption actually conflicts quite strongly with a key assumption of the internet's architects, that the relationship between users and traffic flows is essentially a constant." This cannot be right, the literature has references to "long tail distribution" (where a few users consume most of the network resource) going back to the late 1980s. File servers are not new, I've used FTP for a very long time and the "mget" command makes even FTP produce a flow count not constant with the number of users. Nor is archive mirroring new. USENET traffic has no relationship to the number of readers.

What we have here is a trade description and pricing issue. If you advertise a 10Mbps Internet connection then people expect to be able to transfer 10Mbps of data. If the truth is otherwise then the product should be described differently. And of course there's nothing to prevent a pricing model where heavy users are charged more than light users. Except perhaps that this would bring attention to the industry's chronic overcharging of light users :-)

Comcast has a large demand from some users for their product. Comcast should be laughing all the way to the bank, this is the scenario every business dreams of, these are the customers which businesses send Christmas cards to. It's obvious that Comcast have chosen an incorrect pricing model: that is not their customer's fault, high use is not misuse. Misuse is more like Comcast's behaviour in inserting TCP RSTs to disrupt traffic.

Rogue servers point users to impostor sites

Glen Turner

Oh dear

Dan,

Whilst it is a client vulnerability, enterprise networks can easily protect their machines. Simply block DNS traffic which does come through the expected forwarder. Then the malware leads to failure rather than to further subversion. The firewall records the addresses of the infected PCs.

ISPs could do the same, and will need to in the long run when DNS-based DoS attacks become more popular. This won't make some users happy.

The other journalistic question to ask is why DNSSEC has taken so long to be deployed by the major registries. This is exactly the sort of behaviour that DNSSEC guards against.

Gordon,

An open recursive DNS forwarder isn't a "victimless crime". As I documented for AusCERT such a server can be used as a bandwidth multiplier for a denial of service on a third party -- recall that DNS responses are much longer than DNS queries. DNS DoS attacks are difficult for that third party to defend, since traffic shaping incoming DNS throws away good DNS traffic too and DNS retry timeouts are so large that users see very poor performance.

DNS sysadmin practices are very poor. You will see more DNS-based attacks as DNS is currently the soft target of the Internet infrastructure.

Best wishes, Glen

Glen Turner

Recursion and security

Hi Gordon,

To answer your question about recursion.

There are two types of DNS servers: authoritative and forwarding. You use an authoritative server to define records, such as all of the DNS records for example.edu.au. You use a forwarder to send host queries forward into the Internet's authoritative servers.

Forwarders need to implement recursion. That is, given the name www.example.com.au they should return an IP address even if this means first looking up "au" at a root server, then "com.au", then "example.com.au", then "www.example.com.au". The design choice to place recursion on the forwarder rather than on the hosts was to avoid the implementation overhead of programming recursive lookup on all hosts -- they do a simple DNS query of the forwarder and the forwarder does all of the complex stuff.

Forwarders should restrict the IP addresses for which they offer forwarding. This protects the Internet and the forwarder against DNS-based DoS attacks and protects the DNS forwarder from cache poisoning by persons unknown.

Authoritative servers should not implement recursion -- a DNS server for "example.edu.au" should not be asked questions about "example.com", and if asked such questions it should deny the query. There is one edge case, the server should recurse for www.faculty.example.edu.au if it is also the server for example.edu.au.

You'd think this would be easy to configure, and given enough machines it is. But many small networks run just one computer for all services: they certainly don't want to go and buy another server just to have distinct forwarders and authoritative servers. So complex DNS servers offer a feature that allows queries from inside the organisation to use a view which implements forwarding and recursion, and queries from outside the organisation to use a view which implements a non-recursive authoritative server.

Let's review that. Large sites with many experienced IT staff prefer simple configurations. Small sites with inexperienced IT staff prefer complex configurations. The result, an Internet full of misconfigured DNS servers.

What this paper implies is that enterprise networks should block DNS traffic which uses forwarders outside of their network. This is easily done. The firewall policy I wrote in AusCERT AL-1999.004 will do the job and contains secure BIND configurations too.

Merry Christmas, Glen

New BAE destroyer launches today on the Clyde

Glen Turner

Your Arleigh Burke price is at least half what Australia determined

The Australian Navy has just embarked on a similar project -- the Hobart-class Air Warfare Destroyer. The US Arleigh Burke went up against the Spanish F100. The F100 won (because of price, risk and schedule) although the Navy claimed the Arleigh Burke would be more capable (which was actually one of the issues, since increasing capability increases staffing requirements in an age where few youth sign up for the Navy and its long periods away from home). Despite the Spanish hull, the weapons systems are all US, a typical Aegis system. The hull includes standoff weapons and space for storage or future systems, a criticism of the RN Type 45.

Projected price for the RAN Hobart-class is UKP 850m each. This makes the article's claims about the Arleigh Burke (which was rejected partly on cost grounds, remember) being UKP 450m very doubtful and makes the RN Type 45 look about right for the price.

Choice breeds complexity for Linux desktop

Glen Turner

Linux and new applications

Someone wrote:

If a professional programmer has an idea for a new application, they are going to develop it for the largest market, which is windows. They might take the extra time and effort to port it to the Apple platform, for an extra 5 or 10 percent

That's an odd view. I can think of only two non-game applications of recent times which have required binary programs on the user's PC -- Skype and Google Earth. Both have Linux ports. All of the other recent massively successful applications have been web-based (Facebook, MySpace, Google Maps, etc) or have simply released specs and let the Linux community write their own clients. Web-based makes sense from the programmer's financial point of view, since the programmer can capture the full value of the program and the initial distribution price of the product is low.

Of course, the operative lie is "non-game". Buying a Linux box means no computer games. Perhaps not a problem for a household that also owns a console, and certainly not a consideration when buying a machine that barely has enough grunt to display a pixel, let alone move it.

Win XP also prone to random number bug

Glen Turner

Please read the paper

A lot of comments above are misguided.

"The critical hole is not the one which allows an administator to see how their random number generator works" assumes that only administrators can determine the values on the top of the stack (the data used to initialise the PRNG!). That's obviously not so.

"IIRC from my crypto classes, you can always determine the output of a pseudo-random number generator if you know the internal state" is true but pointless. System functions that return pseudo-random data are presumed to perturb the internal state periodically to make it difficult to determine the likelyhood of a result given preceeding values of the PRNG (see where the paper discusses forward- and backward-security).

Note that the system PRNG's lack of predictability is important, since it is used to determine nonces for data communications. If those values are predictable to any extent then hijaaking network connections becomes simple.

I'd really encourage people to read the paper before commenting. What becomes very clear is that the requirements for a system PRNG were not well understood by Microsoft staff, despite system pseudo-random number generation being a widely-studied field in cryptology and a widely-discussed design issue in publicly-developed operating systems such as Linux and FreeBSD.

Save the BBC - by setting it free

Glen Turner

Article doesn't follow through on consequences

The article is tosh written by someone who doesn't work in the media business. The BBC is a powerhouse: so much so that privatising it would be a disaster for its competitors if the privatisation were done on a free enterprise basis. Competitors would quickly find themselves either bought out by the BBC or tied out as the BBC does exclusive production and exclusive retailing deals. The BBC could easily drive a first-right-of-refusal deal with the three USA FTA networks, Discovery and HBO. A deal with Disney would be more difficult, but achievable since Disney would be very interested in BBC coproduction in kids TV, since that would form a near-monopoly and Disney have lost traction in that market.

This would leave the UK's non-Murdoch TV starved of content, and inevitably lead to their acquisition by BBC Inc or News Corp.

The BBC currently has no print assets. That would quickly change, with BBC Inc and News Corp dividing 80% of the market. The BBC has a huge potential in magazines which it has not been able to fully exploit to date. The experience in Australia is that a TV tie-in is good for a 30% increase in mag circulation. Existing titles will be under pressure to tie-in, and they would need to offer equity to get to the negotiating table.

The only way this wouldn't happen is if the sale were managed for it not to happen; such as the BBC's hands being tied by non-compete and limited-market clauses. But this article argues that the sale should maximise the price, and thus not contain any such clauses.

I'll notice that the article doesn't discuss any of these obvious consequences of a BBC Inc on the media markets. Which is why it's no more than free market rah-rah tosh.

Glen (ex News Corp)

Mind the Gap Saturday: Forums East and West

Glen Turner

fora

It was common in Victorian-era English for a Latin word and its Latinate plural to be imported into English.

Victorians understood "forum" to refer to a place at the centre of Imperial Rome, not to an activity, so they imported the word but not the plural.

The Victorian practice of plural formation in English was abandoned. With the explosion of knowledge it proved too difficult to know the origin of a word in order to form its plural. Whereas Victorians would need to determine if "platypus" had a Latin or Greek or other heritage (is it "platypii' or "platypodes"), we say "platypuses".

Widespread use of "forum" in the modern sense of a "meeting" rather than a "meeting place" dates from the 20th century civil service. This use requires a plural, and this later use obeys the later English rules.

Use of "fora" is generally read as indicating the writings of a poseur: its use is not required for any grammatical reason, so its use must be to give an impression of High Culture. The Register delights in puncturing puffery, so use of "fora" is never going to be part of its robustly and defiantly Saxon house style.

"Forums" isn't an exception: it's "viruses" not "virii" for the same reasons. The Register is sometimes plagued by use of "virii" but the infection is quickly suppressed :-)

Raytheon to deliver 'paging system' for submarines

Glen Turner

One-way

> My question is why they wouldn't implement a bidirectional link, or they are but aren't talking about it.

Um, because an acoustic homing torpedo wouldn't need too much reprogramming to follow the sub's comms rather than a ship's prop wash?

Multics source code released into the wild

Glen Turner

Typical MIT overclaiming :-)

"It was also the first to use the modern standard of per-process stacks in the kernal, with a separate stack for each security ring."

The Burroughs B5000, which shipped in 1961, predated Multics.

Rackspace flattened by Texas trucker

Glen Turner

Too much power, not a lack of it

The problem wasn't lack of power generation capacity. It was that the power had to be removed to allow for recovery and repair work to be done safely. You might like uptime but electrical workers like their lives.

All of this reinforces what ISPs have known for years: site redundancy is the best redundancy of all.

Man wrongly detained for 50 days has ISP to thank

Glen Turner

Grass not greener on other side of world

>>Aside, my vote goes to Oz thats pretty free.. (now do I mean down under or down the yellow brick road?)

Then you obviously haven't heard of Mohamed Haneef, an Indian doctor working in Australia. Unfortunately for him, he gave an old phone to a second cousin. That far relative was one of the Glasgow airport bombers. Haneef was arrested, and held without charge. For the first 11 days he was not permitted to communicate with the outside world. In legislation worthy of Stalin, his wife could have been arrested if she stated that she feared Haneef was held by the police. After 25 days Haneef finally made it to a magistrate, who laughed at the "evidence" and released him. Astonishingly all of the evidence, which the police described in the darkest terms in media releases whilst holding Haneef, turned out to be paper-thin or old-fashioned blatantly-untrue "verballing".

Our lad didn't get to leave the courtroom to enjoy his freedom. As pre-arranged between Immigration and the police, Haneef was re-arrested as the Immigration Minister had seconds-previously determined he was unfit to hold a visa and Haneef had not yet left the country. Given the choice of being deported to India or solitary confinement for the months of legal proceedings whilst the visa removal was argued in court, Haneef chose deportation and freedom in India.

Classic Orwellian quote from the Immigration Minister: "...that he wanted to get out of Australia as soon as possible. If anything that rather heightens, rather than lessens, my suspicions."

Australia now has a lot of difficulty recruiting professionals from overseas on working visas. I wonder why?

Bad security products thrive on confusion

Glen Turner

Easy to spot

I call this trash "fear-ware". It's easy to spot: its hawkers try to ramp up manager's fears and then present their product as a solution. So all you need to do is listen for the fear-inducing keywords. This used to be "hackers" but in the past year "Sarbanes-Oxley" has been heard a lot. In the Real World, the accountants that understand SOX have seen to compliance and there's precious little spillage into IT. But in the Fearful Managers Mind.... In the past month I also heard the US interception law "CALEA" used. Of course, I'm in Australia where neither SOX nor CALEA are law. But for some odd reason the marketdroids still like to roll them out, usually with the cover story that "similar legislation is planned for Australia".

Even the "responsible" anti-virus companies try it on occasionally. One of them was trying to flog it's anti-spam product to Australian universities by claiming that they had a "duty of care" (<-- fear-inducing hot word) not to allow students to see spam. Of course, if such a duty really existed then unis wouldn't offer e-mail accounts to students at all -- they'd outsource the risk by telling students to get their own e-mail accounts from Hotmail, Gmail, etc.

Safe drinking guidelines 'plucked out of the air'

Glen Turner

Australian review of drinking seems more scientifically based

Interesting article. In Australia the National Medical and Health Research Council's draft revision of its 2000 "Drinking Guidelines, Drug and Alchohol Review". The draft revision looked into the past decade of research and made the following recommendations. (1) People face medical harm with more than 2 drinks per day, from age 15. (2) People under 15 should not use alcohol. (3) No alcohol for pregnant or breastfeeding women. For the details see http://www.nhmrc.gov.au/consult/

North American cities go green under LED street lights

Glen Turner

Optimistic?

I'm not so sure that the reduction in maintenance will be as dramatic as expected. They really can't be thinking of not cleaning the light cover for ten years? LEDs are not that bright anyway, without needing to shine through a decade of grime.

One thing which did astonish me when traveling in the USA was the huge amount of illumination of traffic signs, rather than using signs made from reflective materials.

3Com - a company built on ether

Glen Turner

Two points

1)

You are wrong about ethernet. It's simplicity was a virtue, since it allowed cards to be designed and delivered years before competing protocols. The simplicity also allowed for the gradual deployment of a fundamental redesign of the basis of ethernet -- most ethernet today is switched, the world of collisions is a era ago.

2)

I'm surprised your history of 3Com neglected its "jump the shark" moment. 3Com totally abandoned the enterprise routing market. Abandon meaning no support whatsoever from the moment of the annoucement, in a market that prefers "end of shipping" notification several quarters beforehand and "end of life" several years hence. This abandonment killed 3Com sales of any other kit to enterprises: who'd buy an ethernet switch from a company that had demonstrated it would just walk away.

There is still money to be made from ethernet. But 3Com missed the core routing market and was hasn't been competitive in high-end switches for a decade. This leaves it dependent upon the same ethernet controllers every other supplier has access to, and thus only the ability to sell what the Cheap and Cheerfuls are selling.

Premature exit for GPL test case?

Glen Turner

Whole ROM image?

The GPL does not require the release of source code for where other binary code on the tape/disk/ROM is a "mere aggregation".

If it is a derived work of a GPL work then you do need to meet the conditions of the GPL. Linking is often used as a proxy for a work being a derived work, but this is not always so (eg, where the API being linked is controlled by a non-GPL-code standard).

Note that there may be GPL code in the device other than Busybox. But the copyright owners of Busybox only have standing to argue violations to their product's licensing.

New GPS sats to lack Selective Availability

Glen Turner

@Joe K

The US and EU are competing. Most of the manufacturers of GPS equipment are based in the US. The US government sees Galileo as presenting a threat to US dominance in that industry, much the same as occurred with Airbus and Ariane.

The US DoD gains strategic advantage from operating the only satellite positioning system.

1) With one one signal specification, the US DoD can jam the civilian GPS signal. Once there are multiple systems in the same spectrum then jamming all of the civilian signals and opposing military signals whilst not jamming your own military signal is complex.

2) DoD's ownership of GPS give US forces the unique ability to deploy GPS-guided munitions with certainty. All other forces accept that their GPS guided munitions may fail should the US choose to jam its civilian GPS signal. That's not an acceptable situation to a number of military forces in EU members.

Sun looks to huddled masses for growth

Glen Turner

Sun and open source software

"The open source software ... comes from Red Hat, MySQL and Ubuntu... The thing they have in common: they come from outside Sun."

Strange that you missed OpenOffice. And Java.

Could Linux become the dominant OS?

Glen Turner

@Steven Hewittt:

Steven,

I suggest you need to use Linux a bit more.

Unix and its little sister Linux were hardened in university computing labs. These are environments with more than 100,000 accounts (more than 5,000 of those accounts being extremely hostile computer engineering students); more than 20,000 machines. Naturally these machines come with the "enterprise management tools" you claim are missing -- you just don't know their names.

The services provided by SMS, etc are provided by installer scripts, package managers (apt, yum), and configuration daemons (cfengine). The services provided by Active Directory are provided by LDAP and PAM. Group policies are provided by groups :-)

I've used the Window's collaboration tools. And I really suggest you need to go and look at the web-based forums and wikis to see collaboration done right.

As for naming, you are joking. Excel? It sounds like a gym training programme.

As for the terminal v GUI, I don't see that it matters. MacOS is a pretty good demonstration of a fine shell over the top of a command line.

Your reference to "gran" misses the point. My gran runs Linux because of Windows' behavior under stress. I'd get these calls at work saying "what does Safe Mode mean" and have to get her to run up regedit and read values to me. With Linux I just ssh in and fix the thing.

Windows isn't ready for the enterprise. This was bought home to me the other day when I asked for a small utility to be added to both Linux and Windows. The Linux people added the name of the package to a dependency list kept in a package named "standard-operating-environment" and the package would be pulled onto every Linux machine that night. The Windows people queued my change to the next "SOE rebuild", a nine day event were a poor sod runs almost 100 installers and re-creates the corporate disk image.

As for Exchange, don't make me laugh. Google uses Linux-based technology to deliver e-mail accounts with 2GB of storage for $0. How much are you paying for an Exchange CAL?

Microsoft has its strengths. Systems administration and maintenance isn't one of them.

Cheers, Glen

NASA: no fix needed for shuttle

Glen Turner

Still not safe to fly?

WTF? A huge bit of foam hitting an accelerating wing causes a crash. Then the next flight up, after a huge government inquiry, huge bits of foam still fall off, but fortunately don't make contact (the astronaut, and Doctor of Engineering, Andy Thomas was on that flight and complained bitterly about this engineering failure. He has been on the outer at PR-obsessed NASA ever since). This flight a small bit of foam falls off and makes contact. This simply doesn't read like a risk that has been dealt with, so why is this craft still flying?

The criticism of NASA not choosing to repair the gash is a bit rough. A temporary repair spacewalk has never been attempted. It could have unforseen risks, perhaps making the craft unsafe whilst draining repair supplies.

The criticism I have is more basic -- why hasn't a in-flight repair been tested on some non-essential surface such as a test surface inside the cargo bay? Why was in-flight repair accepted as a procedure and then never adequately exercised? That's where the Bean Counters have really short-changed safety.

Google denies Oz-blurring black op

Glen Turner

Of course, you could always just use the government's photos

We don't need no stinking Google Earth when the state is printing its own satellite photos of the APEC meeting site.

http://www.smh.com.au/images/apecclosemap.jpg