* Posts by mourner

33 publicly visible posts • joined 24 Jan 2014

A webcam is not so much a leering eye as the barrel of a gun


All hail the Padawan. Forgive him his arrogance for he is only at the beginning of his journey on the path to complete knowledge. Much to learn he still does.

So.... that bit of malware that secreted itself away running in the background, capturing your webcam images for later use.... that couldn't possibly manipulate what device status is displaying for a given device in your holy grail Device Manager?

No sirreeee... no possibility at all, whatsoever. /sarc

Now, I would suggest your time would be better spent getting a "basic understanding of device management" and associated security matters rather than posting smug better than thou posts to ElReg.

Or perhaps go and read Wired then find another profession that better suits your wanton incompetence.

'Completely offended' Sheila calls cops over price-gouging ganja dealer


Agreed. Legalise, regulate and tax it as per tobacco and alcohol.

Then focus policing on the black market sellers - who when caught can be slammed with double whammy charges of unlicensed distribution and avoiding HMRC & Import / Excise duties, the latter of which should see them in chokey until the next millennia.

With tobacco tax take nose-diving the cannabis taxes would surely be most welcome by HM Treasury. The police would also appreciate it I'm sure - they have better things to do than wasting time cautioning or prosecuting endless piles of people who have a tiny amount found in their possession.

I can't see any of the above coming to pass unless we somehow get a Liberal or Independent dominated Parliament. The rest all seem far too concerned that someone somewhere might be enjoying themselves and that really ought to be stamped out in order to best chase the wet dream of eternal and exponential "growth".

Not a partaker of the stuff myself but the above would really seem the most sane approach at this point.

You call it 'hacking.' I call it 'investigation'


The few times I've come across it, I've rather liked the set up whereby you as the user specify both the 'security' question and the answer as opposed to being forced to choose from the exact same list of questions you see on every website.

Seems far more sensible to me.

Viscous liquid oozing down the walls? You must have hives


After a long day at work it's actually heart warming to read about people buzzing about the place rescuing bee colonies. Restores my faith a little in humankind.


That's for the bee movers or even the bees if they so wish. :)

Opera sells open-source Chromium browser for $600m to Chinese bods


Or use several browsers for different purposes and sandbox / segregate them to their own little playgrounds where they can't do any damage.

The Edward Snowden guide to practical privacy



In full tinfoil mode one has to wonder.... is this a list of things one should use and do, or is this just another character in the play, a harpie calling us to the rocks to wreck our own boats on the shore of already broken "solutions".

Who to trust... and how to trust..... hard times ahead,

Drones are dropping drugs into prisons and the US govt just doesn't know what to do


Or perhaps not criminalise everyone?

^ As subject, but that would be an insane suggestion in a land with the highest %ge of useful adults banged up and written off.

~Sigh~ not going to be.

Carry on... I guess..... go you. Setting a fine example to lead the world..... oh wait that didn't work, no matter we'll just drop munitions on everyone.... what that doesn't work either?

/me deals the Yanks a diplomacy card.... you may need this. You'll grow into it..... eventually.

Ashley Madison keeps calm, carries on after hackers expose lives of millions of its users


"Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public...."

Yeah - not sure they've grasped the enormity of this breach even now, nor ever understood any phrase they heard that involved genies and bottles.

I trust El Reg will keep us abreast of their attempts to remove the "information unlawfully released to the public". Unless they mean from their own systems of course.

This would be funny if it didn't have the potential to mess up so many people's lives. The breach was a disaster, but this recovery / face saving attempt is akin to watching someone trying to rescue people from a burning building by dumping a tanker of kerosene on it.

'Arkansas cops tried to hack me with malware-ridden hard drive'


Re: Possible, but shouldn't cops know better?

Hi skeptical i

Of course we would like to think the plod are more vigilant about these things. And according to other sources the PD in question has stated they have real-time AV running as a response to this filing.

On the other hand we are talking about under-funded, over-worked small town PDs. They're doing police work not spending every minute checking the PC they have to file reports on is free of contagion.

Then on the gripping hand, we have the bizarre nature by which rural US police forces are funded - small town by small town. I doubt there is much in that kind of setup leftover to employ an IT wizard.

I'm not setting down either side on this one, I just wanted to say I think there are far too many unknowns at this point to be blazing articles around that rigorously suggest the PD put the trojanistas on that drive.

I have no dog in the fight, I'm not in or of the US, I'm just observing. :)


What I have not seen stated in any of the various reports I have read on this matter, is what files (name / types) these nasties were found.

Typically these things slink around, hidden in .doc .pdf .xls etc. type files. It seems unlikely they would be in that particular folder named as trojan1.exe / trojan2.dll / trojan3.reg for example.

Could it not be that the plod in question created this "D:\Bales Court Order" directory on the external drive (which was supplied by the lawyer filing the suit if I recall correctly from other reports) and copied over the relevant documents they had in good faith without knowing they were already infected with nasties?

The plaintiff's case seems to be very much concentrated on the fact that they were found in the specific "Bales Court Order" directory, which they seem to claim means they must have been deliberately poisoned and put there.

The simpler explanation to me seems to be that the PC the files came from, or one the files had previously passed through had the clap which infected the files in question on the fly.

The devil is in the detail with this story and the detail is so far sadly lacking in both the filing and the reporting of this matter.

p.s. I do hope this lawyer's "software guy" followed correct chain of evidence procedure (no write lines active) when carrying out his examination.

Forget 1,000 lashes for Facebook posts, Saudis now want to behead blogger Raif Badawi


This is why and where the "nothing to hide, nothing to fear" doctrine falls down. Today it is "you just got added to the $person_of_uninteresting_array". Tomorrow - $uninteresting = $interesting and you lose your head - hopefully in one clean chop.

Lists are bad m'kay, just don't do it. It always ends badly.

Australia's (current) PM Tony Abbott again calls for metadata trove laws to pass, ASAP



And so, it becomes a game of "who do you trust?"

El Reg who seem impervious to calls for https?

I'll happily do a VPN revue.. for a kickstart consideration of £500K.

But who am I?

You're probably better off going your own way. Source a vps in moldovia, russia or wherever and break out from there.

Just saying - going the same way everyone else is may not be the best idea :D


Re: Critical?


Let's just call it what it is.... DATA.

There's nothing "meta" about it. It's data that clearly identifies who contacted whom for how long (telephone records) and in the case of email the Subject of the discussion (email) - heh that's not the content of the message it's in the headers.

There's some lockstep going on here between nations. In the last week we've had Cameron (UK) decrying encryption. Reporting of this nebulous "dark net" has been going for months (don't be silly boys - it's TOR, nothing dark about it as the Silk Road trial Ulbrecht clearly shows, it's not an invisible net even the BTC is traceable).

We've had the frankly odd last minute UK Lords attempt to attach unpassable amendments to bills. Maybe they hope the more palatable alterntive will not get laughed out as an alternative.. lesser of two evils, when the choice is not actually one or the other, sleight of hand anyone?

There's an agenda afoot to get these laws passed in the 5 eyes. It puts me on high alert, I hope it does you too.

Man trousers $15,000 domain name for $10.99 amid registry cockup


So to summate.

Man (who specialises in "rapid website development") on the return trip from a domain name convention (not out of the airport even) manages to snag a bargain domain and turn $11 into $15K (speculative).

While the open for all contact CEO of the company selling said domain generously decides to eat the cost of the mistake of mis-pricing said domain.

Nothing like the smell of fish, loss leaders and PR in the morning eh!

Doubles all round what!

El Reg Redesign - leave your comment here.


Too many images, SNR is poor

I don't comment often, but I feel I have to on this.

El Reg has made a mistake with this redesign.

Main page - enhance the style contrast between read and unread (visited) stories please.

Article pages - the inclusion of some stock image at the top of every article is appalling. They add nothing to the article, just frustration to scroll past to get to the content. Unless you are intending to serve ads there I can't think of any reason to use space like that in a wide screen centric world. It's just annoying and results in just two or three lines of the article being readable before scrollfest occurs.

Fixed width columns... just no.

Smart meters in UK homes will only save folks a lousy £26 a year


Re: not smart

The ability to cut the mains within the meter itself is an already solved issue. Credit meters have been doing this reliably for many many years very reliably.

Credit hits zero ~THUNK~ power disconnected. Add credit to meter ~THUNK~ power reconnected. Fairly trivial contactor setup.

Longer flights burning more fuel can cut planes' climate impact


Re: stupid question...

No, no misunderstanding. The carbon cycle is complex when studied in micro-detail, so complex in fact that it would be fair to say we have but a basic grip on it and it's interaction with the climate of this planet.

But on the macro level planting lots and lots of carbon capturing devices (lets call them trees) - which seems somewhat easier than trying to capture the carbon as it exits smoke stacks on fossil fuelled electricity stations, then sequestering somehow - makes a great deal of sense.

Unfortunately - the areas of the globe that are good for growing trees very quickly and in a high density are not in the areas of the globe that are burning stuff to produce electricity.

So... yeh, good idea, sadly politics, tax, arbitrary lines drawn on a map, human tribalism (be that religion or regional or pantone shade) and stubborn fuckwittery will doom us all.

My, my - I now understand why Nero fiddled while his empire went up in smoke. That thought does not calm me.

EFF wants you to open your Wi-Fi to IMPROVE privacy



What EFF want you to do is open your home WLAN for all and sundry to use.

FON uses a separate VLAN, the users thereof have to authenticate, their traffic presents a separate IP address as the source to your current PPP / Bridged connection. i.e. there is no confusion between what originated from your internal LAN/WLAN and what any FON user may do via your connection.

What EFF is asking for is dangerous for early adopters.


Just - no

While I applaud the EFF for the effort, this just is not going to happen.

Sure, it's pretty much established in both the US and the UK that a specific action (grabbing a copyrighted work, posting a bomb / TERRIST! threat, kiddy fiddling etc.) cannot legally be tied to an individual by way of identifying an ISP subscriber by IP address. That doesn't mean that your front door is not going to me smashed in at dawn, all your computer gizmos taken away for months to be pored over, you hauled off in handcuffs in front of the now sleep disturbed neighbourhood and your name merrily publicised by the local rag as having been arrested on suspicion of said offence.

That's game over - you're now bankrupt thanks to the legal costs of clearing your name, your reputation is dirt both locally and nationally, can't get a decent job because the HR drones that google you are too vapid to click beyond the initial publicity BS that is hanging around like faded Christmas decorations in June. That's it. You're done and you're probably going to die under a railway arch somewhere.

For what? Freedom.

I do get the sentiment and motivation, I really do - but the EFF need to do better - integrate that roaming wireless freebie wifi offering with a TOR stack or some other means to get it the hell off being traced back to my IP. Perhaps if the EFF came forward and posted a commitment to fund good legal defence and reputation repair for those running their firmware - where ever they may be - then it would be viable. As it stands, it's a dead duck. Well if a dead duck could stand that is :D

Salesforce slings software for … sigh … wearables


Salesforce chief Marc Benioff runs his business from his phone and is annoyed that his favorite hotels don't recognize him when he walks in the door.

So basically he expects the kind of reception the Sultan of Brunei gets when checking into a hotel. Pfft, needs to get over himself a little.

TrueCrypt considered HARMFUL – downloads, website meddled to warn: 'It's not secure'


Re: With regard to platform-provided security...

As far as I remember it uses AES encryption with a 128 bit key by default. So presuming the implementation has been done correctly it's relatively robust i.e. an opponent would need to brute force the encryption which would take a very long time provided you choose to use a sensible / strong password.


Re: Intriguing

Care to explain the thumb down thumbdowner?

I was just trying to bring some rational dicussion to the fore, rather than the OMGZ111!!!2! Truecrypt PAN1C headlines that seem to be littering the tech media.


Re: Am I safe?

Just checked my rarely used Win7 partition for Truecrypt install files but all I have is a v7.1 (NOT v7.1a) installer file dated Tue 03 Jan 2012 14:40:01 GMT - which would coincide with when I purchased this particular machine.

So whilst I cannot answer your question I am going to post the sha1 for that installer file.

mourner@mint13-laptop ~/Desktop $ sha1sum ./TrueCrypt\ Setup.exe

5910a05bf671a385c2c5967171aa1c5509a3d3ee ./TrueCrypt Setup.exe

As far as I know that is the sha1 hash of the unadulterated v7.1 (NOT v7.1a) Windows installer.


Re: The synchronicity is the most intriguing part

Are the developers really that anon though?

I've been vaguely following the audit process and it seems the audit team have direct contact with the developers. Of course that may be via tortuous anonymising routes.

To be fair if I was a developer of Truecrypt, I'd do the exact same thing. I would think creating a tool with the express intention of creating plausibly deniable encrypted filesystems beyond the reach of even national level intelligence agencies is going to end badly one way or another if one were to be associated with it. Be that from vigorous "arm twisting" from both governmental and criminal goons or from some odious smear campaign (by anyone so motivated) that you are developing tools for peado-terrorists to use to hide their activities etc. Roll on the aiding and abetting charges (and coercion opportunities that brings in itself).

In this sphere I'd trust unknown anonymisters over some sprightly startup LLC based in the US to provide this complexity of encryption software.

It will be interesting to see how this plays out over the next few weeks. Whatever happens Truecrypt has passed a point of no return with this move.

One small (and I think interesting) point that I picked up on while reviewing the diffs of the 7.1a and 7.2 source (see https://github.com/warewolf/truecrypt/compare/master...7.2 ) and only seen commented on once on another forum is that as well as all the code changes to remove the encryption routines all the references to localisation that previously referred to "U.S." have been changed to "United States". Now that may just be down to some previously coded changes in underlying libraries requiring the change - but it could also be considered as a not so subtle noisy canary tweeting its last song before turning its toes up.


Re: Intriguing

Sure, most people using Truecrypt volumes today have a version of Truecrypt installed - most likely v7.1a

However, what about someone who rediscovers a Truecrypt volume in 5 years time?

If this episode actually boils down to the Truecrypt developers deciding they have had enough of developing Truecrypt, then the sensible thing to do would be to leave available the source and binary that can decrypt all previous versions' volumes so such people can rescue their files. Stripping out the encryption routines is a sensible precautionary measure as the software will be unmaintained going forward, so any subsequently discovered holes or bugs are not going to be fixed - hence removing the possibility that people in the future will rely on a possibly obsolete encryption application. This is very good practise when it comes to security related software.

Encryption methodology and complexity is a moving goal as even with mathematically sound and correctly implemented algorithms it is only a matter of time before the incessant scaling up of computing power renders today's best encryption useless in the face of full on brute forcing. Hence why over the years advice on what length of key to use in any given ecryption scheme has increased time and again. The point being that encryption should only be relied on to keep something "secret" beyond the point it is of any use, not forever.

Windows XP fixes flaws for free if you turn PCs into CASH REGISTERS

Thumb Down

Did it?

Or did you just enable some patches for the subset of full blown XP components that comprise the POS version. Meaning that vulnerabilities present in some desktop XP OS components go unpatched.

This is irresponsible journalism without digging into the nuts n guts of the differences between POS and desktop XP - it could very well leave a lot of people with an invalid sense of security as they see ~some~ updates come through.

Shame El Reg. Shame.

Hackers force innocent mobes to join crypto mining gangs


Re: GPUs for BTC mining? Think again...

That was my point, maybe I didn't express it well.

GPU -> mine altcoin (scrypt or scrypt-jane), trade for BTC

ASIC -> mine BTC

I didn't mention CPU mining.

Either way, to make any decent return requires a major investment - go big or go home so to speak. As an example of just how big "big" is in this regard, consider 1.4 million ASICs controlled by 5K Rasp Pi's:

Mining on steroids!


GPUs for BTC mining? Think again...

1 Bitcoin mining these days requires a specialist GPU-based rig to get anywhere and is way beyond the productive capacity of ordinary computers, much less smartphones. CoinKrypt is the digital equivalent of a gold rush claim jumper, according to Lookout.

Bitcoin has moved well beyond the days of being able to do any useful mining with GPUs. BTC mining is now well and firmly ASIC (Application Specific Integrated Circuit) only.

It can still be profitable to mine other alternative coins with GPU based rigs - which you then exchange for BTC in order to spend or cash out. Typically you're looking at around a 40 - 50 day return on investment buying a mid to top end AMD card after which the profit begins. That said you'd need an awful lot of them to make any real money.

Eight hour cleansing to get all the 'faggots' and 'bitches' OUT of Github


"In the spirit of positive action....</snip>"

Aaaaand.... that's quite enough to get me running for the hills.

It's in the same league as positive discrimination (race / gender / whatever-is-current) in job recruitment. Just hire on merit and be done with it.

This whole thing reads like some Daily Mail piece - OMG someone said something I find offensive, we should so introduce a new law to make that a criminal offence, no-one should ever be allowed to say anything that might possibly offend anyone else ever. The end game there of course is that no-one can ever say or express anything other than the societal norm. Is that really what we want?

Europe: Apple. Google. Yes, you. Get in here. It's about these in-app bills


Re: Is El Reg running out of e-ink?

It's horribly grainy but I think that animated image is Jen from the IT Crowd - so at least it is vaguely related. I have to agree though, I'm sure we left animated images on webpages to burn in a furnace MANY years ago for a reason...... oh yeh, I remember now - because they are horribly distracting to the eye and detract from the content.

Perhaps El Reg is trying to stimulate a RegCott (I'll leave readers to search the term Slashcott **warning** some search results may contain mild profanity).

El Reg is about the articles and the commentors discussions. Ofuscate the content behind bling or obtrusive (aka obnoxiously behaving) ads - and you risk doing a slashdot and fracturing the community.


Re: Is El Reg running out of e-ink?

Roger that.

Rejoining holding pattern with delta A. Out.


Re: Is El Reg running out of e-ink?

I was thinking the same thing.

Time to shake the toner cartridge El Reg - maybe get a few more pages out of it yet!

Nokia waves goodbye to device biz as phone sales continue to spiral


They shall be missed...

Still rocking their classic 6300 black here as the absolutely perfect "night out" phone.

- Small + light (fits in any pocket)

- Made from some super alloy of indestructium and satan's teeth.

- Just functional enough to get you home at the end of the night, without being a blurry cluster of similar looking icons that puts you in mortal danger of inadvertantly sending a picture of your todger to every social network and your boss simultaneously whilst attempting to dial a cab, pee and juggle a rapidly heating incendiary "wassitcalled again" chaser.

- No interest at all from smartphone pilfering chav-gits.

Just small and perfectly formed (barring a few scrapes and dings that merely attest to its battle hardened attitude to being repeatedly dropped from heights and launched down train station stairs).... what's not to like!

I should think about buying a couple more "just in case", but I suspect my vital organs will give up the good fight long before it does.