* Posts by Mike Tubby

69 publicly visible posts • joined 25 Aug 2007


To plug gap left by CentOS, Red Hat amends RHEL dev subscription to allow up to 16 systems in production

Mike Tubby

RedHat ... baaaa!

We were Fedora Core users until the split at FC9 and moved Ubuntu.

Now that RedHat, Ubunu and Debian have all lost their way with the preposterous joke that is 'systemd' we've settled on using Devuan 3.0 - and very good it is too. I can have unlimited *proper* servers doing unlimited workloads and without a sniff of systemd anywhere.

Systemd might be what you need if you're trying to create a windows equivalent environment, but if you just want simple, reliable, server platforms its a joke.

We now have mission critical and business critical systems just work, for days, weeks, months or years on end ... we don't have to pay anyone for the privilege and there's no systemd to f**k things up.

Life is good.

Don't believe all the BS ... pick your server OS carefully.


eBay users spot the online auction house port-scanning their PCs. Um... is that OK?

Mike Tubby

Blatant breach of Computer Misuse Act ?

Surely this is a blatant breach of The Computer Misuse Act (1990) [as amended] ?

Are there any Barristers here that fancy a class action against Ebay?

Please, just stop downloading apps from unofficial stores: Android users hit with 'unkillable malware'

Mike Tubby

Re: "and assume root privilege"

Please define "... lifetime of the device..." is this 6 months, 18 months, 5 years, 7 years?

Part of the problem here is 'churn', i.e. the rate at which the Chocolate Factory obsoletes operating systems and their ecosystems...


Zoom vows to spend next 90 days thinking hard about its security and privacy after rough week, meeting ID war-dialing tool emerges

Mike Tubby

Its much worse than that... Complete Infosec fail?

According to Citizenlab.ca there are major flaws in Zoom:

1. the encryption is not what they claim, and is, in fact AES-128-CBC

2. crypto keys have been observed being exchanged via Chinese servers

Read the report here:


Please someone ask NCSC/CESG/GCHQ whether our politicians, businesses and critical national infrastructure should be using this?

... picks up coat, heads off to server room to implement another instance of Jitsi ...


Four words from Cisco to strike fear into the most hardened techies: Guest account as root

Mike Tubby

Which order is the right order?

So, to keep the spies out and the bugs in which order to I cascade my firewalls?

Outside <--> Linux <--> Cisco <--> Huawei <--> CheckPoint <--> Inside

Outside <--> Linux <--> Huawei <--> Cisco <--> CheckPoint <--> Inside

Outside <--> Linux <--> Cisco <--> Huawei <--> CheckPoint <--> Inside

Outside <--> Cisco <--> Huawei <--> Linux <--> CheckPoint <--> Inside

Outside <--> Huawei <--> Cisco <--> Linux <--> CheckPoint <--> Inside

Outside <--> CheckPoint <--> Huawei <--> Cisco <--> Linux <--> Inside

... ... ... ...

dam... there are just so many combinations! ;-)


Eco-activists arrested by Brit cops after threatening to close Heathrow with drones

Mike Tubby

Good work MET Police

This appears to be a "good news" story as far as I can tell... MET Police did the right thing... Heathrow did the right thing.

Perhaps the Eco-activists don't understand the law of conspiracy... conspiring to perform an illegal act is as bad [or worse] and committing the act. Send them down.

Disco Dingo fever: Ubuntu 19.04 has an infrastructure bent, snappier GNOME and another stupid name

Mike Tubby

Smart name?

Windows is a smart name for a double-glazing company ... not so sure for an operating system ;-)

Mike Tubby

Moving to Devuan to avoid systemd entanglement on Servers

We are originally a RedHat house until the split between RH9 and Fedora and moved to Ubuntu, but alas Mr. Shuttleworth's creation has fallen in to the quagmire of 'systemd'.

We use Linux for servers, you know, those thing that run the DNS, mail relays, web servers and all sorts of stuff that glues the interwebs together - not a desktop environment. Systemd is becoming all pervasive, breaking things and is the wrong direction - for servers.

The problem is that all the big distros are going systemd ... Debian, Ubuntu, RedHat etc. which is why we have decided that we have to jump ship and move to Devuan (a systemd free fork of Debian) - because the big three aren't really providing a 'Server OS' any more - they're providing a hacked down desktop OS and that isn't the same thing.


Google actually listens to users, hands back cookies and rethinks Chrome auto sign-in

Mike Tubby

Re: Google still know everything about almost everyone, regardless of a switch.

I think you are referring to a new economy - its called 'surveillance economics' where if you didn't pay for the product you are the product ... its an implied bargain (sort of) since if you use gmail you [should] expect Google to index all of your email, if you use Chrome or Edge you should expect (Google, Microsoft) command line completion and spelling mistake correction convenience tools to work using the URLs that you access. If you use public DNS (,, and soon you should expect your source IP to be matched against your hostname queries.

I have put in place some mitigations since I saw much of this coming...

1. I run my own DNS servers for both my own DNS zones and as recursive resolvers. I do not use public DNS or my ISP's DNS

2. I run my own Email servers with Exim 4 and Dovecot. I ensure that SSL with AES-256-GCM over IPv6 is used everywhere possible. My email clients (Windows and Android) use SSL with my servers.

3. I use different email addresses like mike.facebook@ mike.ebay@ mike.paypal@ mike.amazon@ ... and alias them on my incoming server so that big data slurpers cannot easily join things together - this also significantly reduces the attack surface for hackers that steal back-end databases

4. I web browse with Chrome, Firefox or Brave and use AdBlock and use several different machines. I don't 'sign in' to services such as Chrome

5. For things like Google services such as Play Store, Webmaster tools, etc. I use a Gmail 'burn' account - nobody else knows it or uses it, hence nothing lost if I throw it away.

6. I don't put my mobile phone number, name, address, date of birth on anything I can avoid and where I do my DOB is deliberately wrong (and different). For suspicious/dodgy websites I use throwaway aliases.

People should think InfoSec and minimise what information about themselves they give away.


Systemd-free Devuan Linux looses version 2.0 release candidate

Mike Tubby

Devuan and sysvinit all the way!

Devuan 2.0 RC now installed on several servers and 'just works'(tm) and likely to replace Ubuntu 16.04 as I also hate systemd for eating my servers!

Consider a system with a run away process (Sophos sav-scan on a large mail server), loadave goes up to 27, attempt to login and kill the process and gets 'Failed to connect to systemd' ... throws server in skip ... and expletives to Mr. Shuttleworth.

My systems now boot fast and clean, no silly animations, and everything works as it should ... especially Ethernet bonding which seems to have gone weird on Ubuntu 16.04 with identical boxes working, or more precisely not working, differently!


Leave it to Beaver: Unity is long gone and you're on your GNOME

Mike Tubby

Re: On the face of it [loss of systemd ?]

Sorry, did you say "So when do we expect the article rejoicing at the loss of systemd?" ;-) Suggest you head over to the Devuan Project:



Who can save us? It's 2018 and some email is still sent as cleartext

Mike Tubby

Implicit or explicit?

How is this move to 'implicit' encryption?

Surely this is 'explicit' encryption since it is directly stated that we are to use encryption (on these ports) to connect to servers?


Mike Tubby

Re: "David Harris is apparently still working towards Pegasus email v5 - a major rewrite."

I say "Bring Back Euroda" ;-)


IPv6 comes to AWS S3

Mike Tubby

Not much wrong with it other than the certificate ...?

Your connection is not private

Attackers might be trying to steal your information from beta.theregister.co.uk (for example, passwords, messages or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

Automatically report details of possible security incidents to Google. Privacy Policy

Back to safety HIDE ADVANCED

This server could not prove that it is beta.theregister.co.uk; its security certificate is from edit.theregister.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

Proceed to beta.theregister.co.uk (unsafe)

BBC detector vans are back to spy on your home Wi-Fi – if you can believe it

Mike Tubby

Re: The Elephant In The Room

Actually its high time the BBC was "cut down to size" and run as a proper state-funded public service broadcaster, free to air, with no license and funded by general taxation but hypothecated, ring-fenced and triple-locked against political interference ... but for some reason we don't seem to be able do bring ourselves to do it?

The alternatives appear to be to commercialise auntie-Beeb via either (a) subscription or (b) advertising.

Mike Tubby

Re: Why not just encrypt the BBC & C4?

Because they're not allowed to according to their charter ... funny isn't it ... transmission must eb "open to all" but not "watched by all" (unless you pay) ... me thinks there's a bit of a conflict here ;-)

Mike Tubby

Fixed it

Use a wired connection. Fullstop.

Zen loses its chill: UK biz ISP falls offline for four hours and counting

Mike Tubby

Okay here

I'm on Zen with an 80Mbps down/20Mbps up FTTC service at home in 01905 land (the home of Worcester Sauce) and everything's been fine here ;-)


BT internet outage was our fault, says Equinix

Mike Tubby

Re: Brief outage?

My company builds mission critical systems for the emergency services ... we use dual, but independent, UPS(es) powered from different phases arriving on different power connections from the RCSs, dual but independent switches with dual power supplies (fed from separate UPSes), servers with dual power supplies, network connections with teaming/bonding, etc. and we can keep systems up for hundreds or thousands of days ... what the heck is a single UPS doing bringing down a big chunk of t'internet?

By now you would have thought that t'internet was considered part of Blighty's Critical National Infrastructure (CNI) and treated to the appropriate levels of 'protection'...

While many DSL users were off altogether our Bleedin' Terrible (BTnet) circuit appeared to route flap back and forth between Ealing and Ilford at hop #3 with interesting latencies:

root@gate:~# traceroute -n www.microsoft.com

traceroute to www.microsoft.com (, 30 hops max, 60 byte packets

1 0.432 ms 0.471 ms 0.501 ms

2 5.446 ms 6.740 ms 6.737 ms

3 763.008 ms * 762.993 ms

4 9.740 ms 12.045 ms 10.009 ms

5 9.398 ms 9.828 ms 9.457 ms

6 10.034 ms 10.183 ms 13.343 ms

7 9.075 ms 9.732 ms 9.310 ms

The BTnet service page showed a red alarm for 13% packet loss in to Europe and over 20% in to Asia at the same time.

Come on BT - exactly what backup circuits do you have??? Was that a bit of 100Mbps fibre you were trying to use as a backup for a bundle of 10Gb DWDMs?


No root for you! Google slams door on Symantec certs

Mike Tubby

Pesky Certs

Yep... I have the same problem with my Sec-P521 and Curve-25519 certs...

Infact not being able to install your own Root in Android is fast becoming a PITA and sucks... mind you so does not having 'administrator' (root) rights over a device that you purchased and own outright... argh!


UK.gov wants to fine websites £250,000 if teens watch porn vids

Mike Tubby
Black Helicopters

First the Pron, then what next?

Consider this:

1. Law requires "age verification" for access to Pron

2. Law fails because 98% of Pron is hosted overseas and outside UK legal jurisdiction ... is PronHub really going to do what UK HMG tells it... probably not...

3. HMG manufactures public outcry along the lines of "we made this law and they ignore us - think of the children", followed by

4. new message from HMG "We have to censor the internet - think of the children", followed by

5. its not just Pron now, its religious views, hate crime, anti-this, anti-that, anti-the-other

Part 3 of the Digital Economy Bill is bad law making and potentially the start of a slippery slope...


Q: Is it wrong to dress as a crusader for an England match?

Mike Tubby
Black Helicopters

If its good enough for Rick Mayall ...


Lauri Love: 'Britain's FBI' loses court attempt to evade decryption laws

Mike Tubby

Re: Extradition to a Police State where slavery for black people still exists

Exactly... we have a perfectly good legal system, the offence was allegedly committed from here so why can't they bring a case in the UK courts?

This is why we need the "forum bar" to decide which courts should here these things but, alas, this is the USA and the USA wants it's pound of flesh.

I am Craig Wright, inventor of Craig Wright

Mike Tubby

Re: Always look on the bright side ...

What would Chuck Norris do??

Apple's fruitless rootless security broken by code that fits in a tweet

Mike Tubby

Hang on a minute

Ok Apple, "root" that isn't root suggests that there's something above root? Hmmm... smacks of having multiple levels like:





... and now we're back to the DEC/VAX architecture :-)


Photographer hassled by Port of Tyne for filming a sign on a wall

Mike Tubby

Common assault, possibly ...

Mike Tubby

Oh dear ...

Two thoughts come to mind:

"The sign on the Tyne is all mine, all mine ... the sign on the Tyne is all mine"

"Is this a sign of the Tynes?"

... I'll get my coat

BBC News website takes New Year's Eve break

Mike Tubby

Re: Oh Dear


Double CNAME lookup.... horrid... didn't look like that last time I checked!

... and no IPV6 either !

root@ns0:/var/cache/bind/mike# dig www.bbc.co.uk

; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> www.bbc.co.uk

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31455

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9


; EDNS: version: 0, flags:; udp: 4096


;www.bbc.co.uk. IN A


www.bbc.co.uk. 300 IN CNAME www.bbc.net.uk.

www.bbc.net.uk. 300 IN CNAME www.bbc.co.uk.edgesuite.net.

www.bbc.co.uk.edgesuite.net. 7200 IN CNAME a1733.g.akamai.net.

a1733.g.akamai.net. 20 IN A

a1733.g.akamai.net. 20 IN A

Mike Tubby

Auntie Beeb's 500 moment of hell?

I particularly like the sense of humor that someone has with the error graphic... the clown from Test Card F, the blackboard with 500 written on it, something in the background going up in flames and the whole image set on light grey grid with colour bars at the top and bottom...

... BOFM moment?


Researcher messes up Wi-Fi with an rPi and bargain buy radio stick

Mike Tubby

Bet it james WiFi IP cameras too

Why am I thinking of a Benny Hill moment with him putting jamming devices in bins in down-town Turin...? I bet it would jam modern-day Wifi IP cameras too :)

How to spot a coders comment

Mike Tubby

PDP11 Assembler

MOV -(PC), -(PC) ; go backwards

aka "014747" ;-)

Mike Tubby

Re: Not comments, but

More likely transferred via Kermit with the wrong space/newline conventions .... been there before!

Mike Tubby

Re: Assembler.........

... and the C version:

i++; /* increment i */

First look: Apple iPhone 5S and 5C

Mike Tubby

iPhone 5S marketing

I remind El Reg registers of the following iPhone 5S marketing parody:


IETF floats plan to PRISM-proof the Internet

Mike Tubby
Black Helicopters

Re: @stgorner: DNSSEC

Back in the late 90's when encrypted internet was first being suggested there was a "it will use PKI" and "it will use Trusted Third Parties" drive/mantra/dogma (you choose).... where this started and how it was promoted I am not sure, but it is most definitely where the problem lies!

We implemented a system with in-security designed in and "they" (whomever they were) knew it...

1. Trusted third parties aren't - some actors are broken, eg. Iranian government issues certificate for google.com

2. Trusted third parties can be leant on by governments to provide intermediate signing certificates

3. Trusted third parties can be spoofed as part of a MITM attack

The current certificate based system is both:

a) over complex, and

b) has mixed goals

is it "encryption" and "key exchange" or is it "authentication"?

IMHO what its needed is:

* very good ciphers (AES128 is ok, others are better)

* excellent key agreement or key exchange protocols (eg. ECDHE)

* separation of roles (key exchange and authentication)

* no "trusted third parties", no certificates - use DNS for pub/private keys and authentication codes - effectively "self sign". I can assert that I am me as I own my DNS.

We already have all the components to do this, and do it properly - we only need the will (we have the way).

So, we either need another upgrade to TLS/SSL to fully support a strong, no certificate, approach or we need a new protocol... if its a new protocol then on the web lets call it HTTPZ ('Z' being used to indicate encryption)


LOHAN doomsday box dubbed BRASTRAP

Mike Tubby

Kill switch should require to operators?

Surely the operator console should be over 6ft long with two key switches, one at each end, and require simultaneous operation of both switches to abort the mission? ... or was that the bit that arms the warhead? I forget ;-)


Whoever recently showed us the secret documents: Do get in touch

Mike Tubby

As anyone should know....

As anyone that has watched 'Chuck' [ http://en.wikipedia.org/wiki/Chuck_(TV_series) [ should know, its not called "Prism", not it is called "Aurora" ... its called THE INTERCEPT ;-)


Hitchhikers' Guide was WRONG, Earth is not in a galactic backwater

Mike Tubby
Thumb Up

Watch out for hyperspace bypasses

... if we don't watch out they'll put a hyperspace bypass right through our solar system... we need to take more interest in local affairs - especially planning applications that are otherwise filed in the bottom draw of a filing cabinet in a disused toilet in the basement with a sign on the door that says "Be aware of the Tiger"!


CURSE you, EINSTEIN! Humanity still chained in relativistic PRISON

Mike Tubby

Re: Stupid question

Mine's the purple one... its neither red, nor blue but both red and blue at the same time... funny stuff this time travel ;-)


Curiosity out of safe mode, doing science again

Mike Tubby

Re: Not talking about ECCs.

Okay so we have Reed-Solomon FEC and hopefully some form of trellis convolution coding as well on the stream at bit level but where are the longitudinal checksums (CRC32, CRC48, CRC64) across the packets at block level and what about the message integrity checks (MD5, SHA1, SHA256) at whole file level?


US lawmaker blames bicycle breath for global warming gas

Mike Tubby
Paris Hilton

They'll want to tax sex next!

Better not tell him that the act of having sex frequently results is increased levels of cardio-vascular activity, respiration and breathing... OMG now we're all at it! ... killing the planet that is!

... Better tax sex!!


PS. Paris because she knows how to make CO2 ;-)

Nominet tosses plan for shorter .uk domains in the bin (for now)

Mike Tubby

For Nominet read "nanny state"

I was one of the people that responded to the consultation.

It was clearly a badly thought out mixture of:

a) how do we make more money from this

b) attempting to appease government with ill thought-out identity verification

c) security theatre (scanning websites, shutting them down)

d) DNSSEC (something that actually might be useful)

In what appears to be "Nominet become Nanny State" and "Nominet become policemen of the interwebs".

If we're going to have our own registrations in the .uk TLD then I want the good bits and not the bad bits...

Identity - if you want to fix this then simply say "UK companies, charities, partnerships or other legal entities only" and make registration require UK company number, charity commission number or similar - no need for envelopes sent via the post which can be diverted, or handled via accommodation addresses - what does that prove? Only that you posted it to *someone* via an address that was valid on *one* day... great!

Security - DNSSEC if you will, but optional - let me choose if I use it

Security - scanning my website? I don't think so... my website is my property... it might well have 10 million pages on it -- are they going to pay for the bandwidth?

Security - shutting down my website? what's it got to do with you, Nominet? You are *not* the internet police

Overall I give Nominet a 3/10 for a badly thought out, jumble of Nanny State proposals.

Mike Tubby MJT4-RIPE

THORCOM tag holder

Firm moves to trademark 'Python' name out from under the language

Mike Tubby

Re: Dumb ways to die?

Nobody expects the Spanish Inquisition!!!


Kirk to beam up chat with ISS astronaut on Thursday

Mike Tubby
Big Brother

Look, lets sort this out...

I suggest we send each of the wannabe space captains/deputies (Kirk, Spock, Picard, Janeway, etc.) up to the ISS for a month or two and see them "Celebrity Big Brother" style in space ... then we could vote for the *best* one ;-)


Ofcom ploughs up UK spectrum fields, reseeds them with 4G

Mike Tubby

Check your logarithms!

El Reg: "The increase in transmission power is 3dB, which is marginally more exciting when one remembers that decibels are logarithmic (so a 3dB increase is eight times the power) but it's still well within safe margins and more about increasing coverage than microwaving locals..."

I think you'll find that 3dB is a power doubling ...

dB = 10 x log(p1/p2) [log to the base 10]

So if we go from say 10 watts to 20 watts:

dB = 10 x log(20/10)

dB = 10 x log(2)

dB = 10 x 0.3010

dB = 3.01

commonly known as 3dB.

Incidentally, due to the inverse-squared power law this will increase the range by the square root of 2, for example 5Km -> 7km or 10Km -> 14Km which is a modest amount.


Stallman: Ubuntu spyware makes it JUST AS BAD as Windows

Mike Tubby
Thumb Up

Re: Kubuntu

Yup... my Ubuntu Server(s) appear safe (for now :-)


First pic of Ashton Kutcher as the great Steve 'jOBS'

Mike Tubby
Paris Hilton

Mr. Jobs or Mr. Black?

Looks like a young (and thinner) version of Jack Black... perhaps he'll burst forth with a rendition of the "greatest song in the world" -- or a sonnet to Mr. Jobs?


Paris should listen to the Tenacious D album ;-)

New Tosh drive can wipe out 4TB 'near instantaneously'

Mike Tubby
Black Helicopters

Re: I imagine...

... but you cannot be *made* to hand over something that you don't have :-)

I suspect that the crypto key will be something like hmac_sha256(<drive serial number>, "TOSHIBA") and therefore easily regenerated when needed (the strong "TOSHIBA" might actually be a secret that is "lawfully available" to government types ... buit there again it might turn up in the drive controller firmware... thinks DeCSS ;-)


PLT chair: UK Radio Society is 'living in a dream world'

Mike Tubby

Erm... exactly why do we need PLT anyway?

I'm still not convinced what the business case for PLT actually is? To laxy to install CAT5? Then use WiFi?


Twelve... classic 1980s 8-bit micros

Mike Tubby

Re: Remember the Nascom II ?

Had a friend with a Nascom II ... he left it switched on for so long that his programs remained in RAM after power off/on cycles...