* Posts by Muppet Boss

80 posts • joined 20 Jul 2018

Page:

DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline

Muppet Boss

Re: Urgently patch your publicly available, recursive DNS server

>> The attacker uses the authoritative that it owns to craft a response to a resolver with a referral that contains n new and non-existent name-server names ..., gets a DDoS attack on either the resolver or on a corresponding authoritative server, with an amplification factor of O(F) packets ... .

Sounds like a Cunning Plan.

https://www.youtube.com/watch?v=fQk_832EAx4

Huawei's defiant spinning top says Chinese vendor can cope with renewed US sanctions

Muppet Boss

>>"How dare you not allow me to play in your garden! Just because you're not allowed to play in my garden, you've no right to deny me access to your garden!"

>Actually I was talking about China's locals only policy. If you want to do business in China, you have to hand over all your IP, you have to team up with a local firm with majority Chinese shareholders and they can take whatever they want and run with it. And if the Chinese governments decides they want to give a boost to a local firm then they can kick you out without warning, and hand over all of your IP to the local firm.

Does this mean that Apple had to hand over its IP, source code and lawyers' souls to sell $50bln worth of iThings into China every year? Do WOFE not exist in China? Is the "negative list" not becoming smaller year-on-year?

Preferential treatment of local businesses is nothing new in any country, however large US enterprises are notorious for their gangster methods abroad and getting away with it at home. What could be the punishment for financially aiding a terrorist organization, smuggling lethal weapons to the terrorist organization and assisting it in smuggling drugs if you are a large US banana company? A fine amounting to the monies paid out to the terrorists ($1.7mln) and 8 employees wanted by a foreign state for terrorism fired without criminal charges, denied extradition.

What about having a large competitor such as Huawei and try to put them out of business worldwide by denying them supply of essential components to disrupt their manufacturing chain? The sanctions seem to be carefully targeted to disrupt Huawei's worldwide sales, not just in the US' own garden.

China has a strong way to retaliate in the short term by restricting exports and/or re-exports of rare earths to US-owned companies on national security grounds however it is a double-edged sword since it would further disrupt global supply chains and lose China much goodwill from the global manufacturing community in the same fashion the US lost much goodwill by their disruptive actions. Surely, not only Huawei is looking to be able to replace US-tainted components now.

Internet samurai says he'll sell 14,700,000 IPv4 addresses worth $300m-plus, plow it all into Asia-Pacific connectivity

Muppet Boss

Re: In 3.. 2.. 1..

Nice attempt, AC, looks like you successfully deployed IPv6 in single person IT environments. Now you you may have a few weeks, depending on where you are, to read about IPv6 deployments in larger, regulated organizations.

Freed from the office, home workers roam sunlit uplands of IPv6... 2 metres apart

Muppet Boss

Re: Perhaps (probably?) mobile users

>>It is really the Corporate users that never bother to setup IPv6 (due to fear, ignorance, etc) in their corporate firewall that prevents greater adoption of IPv6.

You are surely unaware that the IPv6 standard did not include network-level resiliency for end users, unlike IPv4. It was never too difficult for corporations, until lately, to obtain a PI (Provider Independent) block of public IPv4 addresses and "advertise" it to multiple telcos (known as multihoming). It means, telcos could be added, dropped or changed easily without the need to change public IP addresses (re-addressing is painful).

The original IPv6 standard did not explicitly allow Provider Independent IPv6 address blocks and early deployments were effectively locked to a single telco and its IPv6 address space. When corporate network engineers and IT managers realized that, IPv6 became extremely unpopular among corporate networking pros for many years due to a telco lock-in.

It is now possible to obtain a Provider Independent IPv6 address block, and with IPv4 PI space exhausted, corporate networking is slowly moving to IPv6. This is a slow process because many self-hosted resources are being moved to the cloud in parallel and many companies are quite happy with their existing IPv4 PI space.

As for the internal network, RFC1918 "grey" IP addresses are more than sufficient for the internal network addressing in most corporate networks. Separation between the internal network and the Internet is most often desired and mandatory.

Crazy idea but hear us out... With robots taking people's jobs, can we rethink this whole working to survive thing?

Muppet Boss

Re: They toooock ewre joohbs!!!

>>Hence, the stagnation or retreat of standards of living for most of the population,

I thought this comes from smartphones??? Seriously, any proof available?

>Funny, it seems a lot higher now for most people than it was before the industrial revolution

Mate I have no idea why you have been so heavily downvoted for telling the truth but have an upvote from me.

As if the French managed to destroy their robots in protest, the jobs would miraculously stay in France... The businesses are just trying to stay globally competitive which also means employing people in France and paying taxes in France... rather than Asia or elsewhere.

The employment problem is not unique to the Western world. I spoke with a Chinese colleague someday about people toiling at Chinese assembly factories. Those reported to have harsh worker conditions etc. He said true, but these people come from the villages. No education, no qualifications. Can easily be replaced with a machine but then they have no jobs and create tensions in the society. So jobs are created for them to keep them busy and keep the social cohesion even if the machine is cheaper. Same approach in other Asian countries, employ low-skilled people in often redundant roles to keep them occupied and feel needed. Very different from the Western approach but for them feels very effective.

Cops storm Nginx's Moscow offices after a Russian biz claims it owns world's most widely used web server, not F5

Muppet Boss

>So, why would they care any more than the mafioso setting alight (say) a bar they no longer have any need for? Putin-era Russia has never made any pretence of having anything positive to offer, at least outside the propaganda stream aimed at their own people.

It will be fair to say that for the first 10 years of Mr. Putin in power, between 2000-2010, real wages in Russia grew 160% and number of people below poverty fell from 29% to 11%. Then, as so often happens in Russia, the aging tsar started 'wondering where the lions are'.

Muppet Boss

>Either Igor Sysoev wrote Nginx using company resources, in which case they'll have proof.

>Or he wrote it in his own time, in which case it depends on Russian employment law ("All your derivative works, including your children, belong to us"?).

Not as easy, the former Rambler (complainant) COO is publicly saying there was a verbal agreement between Mr. Sysoev and Rambler that Mr. Sysoev would be free develop his own project and keep all rights and Rambler would be able to use it in their infrastructure (think Linus Torvalds in Transmeta). Formally Mr. Sysoev was not tasked with developing this software as he was responsible for system administration and search engine, however it seems obvious that the company allowed him enough time to work on his own project as it was mutually beneficial.

Seems to be a random hit-and-run attempt anyway since Rambler never previously asserted copyright, which is for almost 20 years and nginx source code is copyrighted by Mr. Sysoev for the same period. The employment law from that period is that their had the rights to terminate his employment due to consistently not performing his duties (doing personal things on company time), however unless his job description specifically included software development _and_ Rambler originally copyrighted the product (such as placing the copyright notice in the source code), proving copyright now would not be practical.

Muppet Boss

>This is a case of Russian business stealing American corporate tactics with ex employees.

Nope, this is completely homebrewed, unfriendly takeover attempts in Russia usually involve the raider filing a criminal complaint with friendly police (in this case it is Sberbank, the largest Russian bank owing the complainant and known to aggressively accumulate high-tech assets), the victim's owners and management being jailed on pretrial detention grounds (there is no bail in Russia) and then negotiations start.

In the Nginx's case the police seem to have opened a case for "copyright infringement carried out by an organized group" which carries a maximum of 6 years jail time.

It is also very destructive tactics for Russia economically as successful businesses and their owners are being pushed abroad to jurisdictions where business disputes are resolved by commercial arbitration rather than criminal court and the owners do not risk losing freedom for having a successful business.

It does not take much for F5 to shut down their Moscow office and "evacuate" valuable employees to a friendlier country. Mr. Sysoev who was reported to be released by the police and not formally charged with anything would be wise to pack his bags quick, too.

IT contractor has £240k bill torn up after IR35 win against UK taxman

Muppet Boss
WTF?

Re: I cannot understand why HMRC pursues contractors so much.

>NI is a stupid tax that discourages employment. It's only function is to enable the government to pretend that the rate of income tax on employment is lower than it really is, by hiding part of that tax under the label of NI.

>Do away with NI and there would be no need for IR35. Let's have honest, transparent, simple tax laws that are easy to understand, and easy to implement.

I could not agree more. Maybe HM Diminishing Revenues & Cock-ups could get some training and advice from their Chinese counterparts: China's corporate tax at 25% is in the healthy middle of G20 (UK's 19% is one of the lowest) while personal taxes are not too high: a highly skilled salaried employee that costs the employer £120K a year (NI included) will bring home £69K a year in the UK (42.5% effective tax rate) and £88.5K in China (26.5% effective tax rate). That's almost £20K extra (and a way better purchasing power too)! It is not about politics, few really cared about Chinese politics when they were a poor country, it is about becoming a wealthy nation.

I wonder how their taxing local entrepreneurs out of existence while boasting about leaving all trading alliances and making new, better trade deals is going to work out. They seem to think that other countries are still eager to exchange gold for brass and mirrors.

Muppet Boss

Re: I cannot understand why HMRC pursues contractors so much.

>19% of £75m is £14.25m, so it sounds like Amazon did indeed pay their due share, according to the current method of taxing companies that we operate in the UK.

I do not seem to find any info on how much VAT Amazon paid in the UK, is it available anywhere? It could be an interesting number to look at.

GitLab mulls ban on hiring Chinese and Russian support staff because 'security'

Muppet Boss
Trollface

Re: How many "WTF GitLab?" stories recently?

>Are they actually trying to shoot themselves in both feet, or does this come naturally?

>VP of engineering Eric Johnson said: "Please be aware there is an active, time-sensitive contract negotiation linked to this matter."

Hoping to please the most discriminating clientele, it seems...

Japanese hotel chain sorry that hackers may have watched guests through bedside robots

Muppet Boss

Re: Humans Not Optional?

>It's Japan - the most popular channel would be the humanoid robots doing it with each other .... with tentacles ....

"Adventures of a a robot operator inside a Japanese love hotel" for those quest addicts.

Haxis of evil: Russia, China, Iran and North Korea are 'continuous threat' to UK, say spies

Muppet Boss
Trollface

>Well, isn't there just a slight difference between totalitarian regimes and democracies?

Totalitarian regimes usually torture at home and democracies offshore it to the lowest bidder?

Muppet Boss
Trollface

Re: If they really were bothered

>Businesses being hacked is not good, but neither is the 3 years of post Brexit referendum political chaos for which Russia bears some degree of blame.

What's wrong with Russia bears?

Muppet Boss

I always feel it is so cheap when a whole country is accused of something. "Russia, China, Iran and North Korea continue to pose strategic national security threats to the UK" (but we won't tell you why and how we hack them back) - ok, "but we can't often talk about the operational successes ... and wider state capabilities that are deployed against them".

In other news, "Australia, Canada, New Zealand, the UK and the US continue to pose strategic security threats the the world".

Inside the 1TB ImageNet data set used to train the world's AI: Naked kids, drunken frat parties, porno stars, and more

Muppet Boss

Re: Pictures of bikini clad women

“I was trying to generate pictures of bicycles using BigGAN,” ... "Instead, however, his code conjured strange flesh-colored blobs that resembled blurry, disfigured female bodies."

They call it acid.

https://www.theguardian.com/artanddesign/gallery/2019/aug/06/graphic-history-first-lsd-trip-brain-blomerth-bicycle-day-in-pictures

Muppet Boss

Looks like this restricted access scientific research database was not politically correct enough for our politically correct times.

Hope the PC kids do not learn about medical image datasets.

Now they are addressing diversity and equality of what was scrapped from the public Internet. Good luck!

http://image-net.org/update-sep-17-2019

Sod 3G, that can go, but don't rush to turn off 2G, UK still needs it – report

Muppet Boss
Trollface

Re: Set a date, and stick to it.

>Set a date, and stick to it.

>

>Unless forced, 2G will continue to be used for decades like with all older technology that

>there is a reliance on. A switch off date, and a reasonable date at that needs to be set, and stuck to.

>Otherwise we are not going to see 2G switched off in our life times.

Now replace 2G with EU. It will be easy they said...

Muppet Boss

Re: Set a date, and stick to it.

Could they arrange at least decent 3G coverage across the country before turning off anything?

Lenovo unfolds time frame for bendy ThinkPad: Pricey Windows PC out in summer '20

Muppet Boss

Re: but... WHY?!

IMHO this and others are just a first generation of flexible display technology (which itself is not new). In a few years some people will not imagine life without folding credit cards showing credit amount left and purchases in real time on its surface (those traditionalists who did not switch to paying with Brainwave® by touching the forehead with a wrist phone and thinking "confirmed").

UK culture sec hints at replacing TV licence fee, defends encryption ban proposals and her boss in Hacker House inquiry

Muppet Boss

Re: Hmm

>I feel that the license fee is the best way to help fund our television service.

>I don't tend to watch much live now, with Netfilx etc.

Have you heard that you can get a criminal record and go to jail for watching BBC illegally?

Most countries fund their public TV service from taxes, the UK is one of the very few remaining countries which still force people to pay up under the threat of criminal prosecution.

Muppet Boss
Holmes

>So how will that work with Digital TV, Satellite and TV's that don't have any ability to log in or download an app ?

Generation Z, I assume?

g00g1e for "newspaper subscription"

Careful now, UK court ruling says email signature blocks can sign binding contracts

Muppet Boss
Trollface

Re: So folks will be adding

If it was an automatic signature block, I wonder if they could have argued that the signature was forged by Microsoft (or whatever) software...

You know SAP's doing a great job when a third of German users say they 'have no confidence in it'

Muppet Boss

'Have no confidence' does not sound German enough to me

'We have no confidence in it' sounds as a nice British way to say 'das ist echt Scheiße'

Apple tells European Commission it's nutty for slapping €13bn tax bill on Irish subsidiary

Muppet Boss

Re: 'defies reality and common sense'

>"As per EU rules, It's illegal for the Irish government to allow a company, regardless of it's size or the employment it creates, to pay far less tax than what the rest of companies in the country pay."

I am sorry, this is not correct. Under the EU rules a special tax regime or tax exemption would be considered a form of state aid. The state aid is generally prohibited in the EU, however if one asks them nicely, it is ok (meaning, if it is approved by the Eurobureacrats following the established procedure, then it is legal). The current list of approved state aid recipients can be found e.g. here:

https://ec.europa.eu/competition/state_aid/register/msf_2017.pdf

Ford, Coca Cola, Fiat, Renault, Dell, Amazon, Volvo, BMW, FIAT, Peugeot, Samsung, Johnson&Johnson, Pfizer, Nissan, Skoda, Glaxosmithkline, Rackspace, HP, Sony, Barclays, IBM & a lot of other big names are among the recipients of 'legal' state aid.

The forms of 'legal' help include, among others, 'tax benefit', 'tax allowance', 'tax credit', 'tax relief', 'tax grant', 'tax premium' and 'tax exemption'.

The problem with Apple is, the European Commission determined Apple's Irish tax arrangements to be 'incompatible' (not approved) state aid, and asked Apple to return the monies plus interest (as free use of the monies is also a form of state aid). They are not accused of tax avoidance, they are asked to return the 'state aid' where the due process was not followed.

The Irish Government are apparently more than happy to keep the existing scheme since it is much more beneficial for the Irish finances in the long run than getting the 'aid' back and risking quickly losing the largest and most competitive part of the economy, becoming [again] yet another indebted EU country with no jobs. I hope this is not what the EU bureaucrats are trying to achieve.

Sometimes I wonder if the EU economy would be better off competing as a single block with other large economies rather than trying to ensure that all economies inside the block are 'equal'. For example, by making sure that foreign investment and high-tech jobs prefer to stay in the EU rather than go to China/Asia.

Stallman's final interview as FSF president: Last week we quizzed him over Microsoft visit. Now he quits top roles amid rape remarks outcry

Muppet Boss
Trollface

Re: A product of his time

>"save it for your echo chamber. you're out of touch and out of date. that '60's generation' you mentioned turned out to be assholes once they aquired property and benefitted from the rampant capitalism, foisted on the world by years of corporate greed. they were no more educated or intelligent than any other group of people think they are when they leave uni with no responsibilities and never had to deal with real world problems."

Thank you AC, you summed up the SJW thinking very nicely.

Just what we all needed, lactose-free 'beer' from northern hipsters – it's the Vegan Sorbet Sour

Muppet Boss
Trollface

They should have added soy meat, it is not fully vegan without soy meat

The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network

Muppet Boss

The whole thing sounds like bull***t to me, "to be formally published in May next year". Ok, they legitimately got themselves DMA to the victim machine. Next thing they are doing, trying to guess keystrokes by measuring pauses between key presses? Ah, they are in Amsterdam?..

Clutching at its Perl 6, developer community ponders language name with less baggage

Muppet Boss

5 -> Per(a)l

6 -> Perbl

7 -> Percl

8 -> Perdl

9 -> Perel

10 -> Perfl

11 -> Pergl

12 -> Perhl

13 -> Peril

Zapped from the Play store: Another developer gets no sense from Google, appeals to the public

Muppet Boss

I am sorry, someone had to post it anyway

https://youtu.be/_lu1xyYx3Eo?t=5

GIMP open source image editor forked to fix 'problematic' name

Muppet Boss

Re: Eh?

>Self-deprecating is different from insulting towards a minority.

>It's like MongoDB -- how did they ever think that was OK?

Hmmm, does not "mong" mean "brave" in Mongolian?

Of all the word meanings, some people seem to be fixated only on the offensive ones.

MongoDB is from humongous but see above.

Muppet Boss

Re: Huh

+1 for Glimpse sounding suspiciously abibas. Gimp is a name of an open source graphics editor in many human languages; it is a pity that coincidentally it is also an offensive word in English. Can we rename the offensive g-word into glimpse please and keep the program name intact?

Lenovo ThinkPad X390: A trusty workhorse that means business but it's not without a few flaws

Muppet Boss
Devil

Re: Why are these still popular?

>how would you feel, sitting in a Starbucks ... and having to pull out your boring black laptop, with no glowing logo??

Like a hacker?

P.S. You know, sometimes colour is just colour...

Muppet Boss
Pint

Re: Why are these still popular?

>Never understood the love for these dated looking, unstylish, overpriced, poorly specced (seriously, that screen?) laptops.

You mean, the love for these classic looking, expensive, excellently specced (finally, this screen does not seem to have PWM!) business laptops? Usually these are chosen by professionals who appreciate the ergonomics and productivity gains these excellent machines bring. While these can technically be used for watching pr0n, these are for work.

Regarding overpriced: old aftermarket Thinkpads are anything but expensive with very few cons.

--Typed from X220 16GB RAM, 512GB+1TB dual SSD, custom aftermarket PWM-free FHD

Dear Planet Earth: Patch Webmin now – zero-day exploit emerges for potential hijack hole in server control panel

Muppet Boss
WTF?

Re: At least a responsible response

>I feel that prosecution is taking it a bit far

What Mr. Akkuş seems to have achieved is created what probably amounts to a malicious computer program targeting certain popular software installed on 200'000+ computer systems and publicly distributed such program without notifying the said software authors. Also publicly acknowledged not being a white hat and not notifying Webmin authors when responding to Webmin's Joe Cooper on Twitter. People certainly got jailed for less.

https://twitter.com/ehakkus/status/1163293486554255360

Dry patch? Have you considered peppering your flirts with emojis?

Muppet Boss
Headmaster

Missed the deadline

I think they missed the deadline for this year's Ig Nobel Prize submission. Feeling sad as this is a clear winner.

Freshly outsourced Home Office project: Overseas student visa IT slammed for delays

Muppet Boss

Wait a minute, and they still have to visit OVRO too??????? That would be ridiculous!!!

I don't know but it's been said, Amphenol plugs are made with lead

Muppet Boss

Re: "The router went dark"

>Based on descriptions, it was likely a Cisco 6513. I suspect they may be referring to the handles on the power supplies as guard rails.

Nope Cisco 6500-E had very difficult to turn off accidentally power switches, 1950's-style. This surely was a Cisco 4500-E switch which power supplies had a very sensitive power button only protected by a thin barrier on each side which protected nothing - without any sort of a plastic cap as on some other models. It could flip by literally knocking on the PSU.

Muppet Boss

Re: "The router went dark"

Ah those infamous Cisco 4500-E super sensitive power switches. They could flip by simply breathing at them. Cisco 6500-E PEM power switches were a way more secure and better designed.

https://www.cisco.com/c/dam/en/us/td/i/000001-100000/75001-80000/79001-80000/79138.ps/_jcr_content/renditions/79138.jpg

Someone slipped a vuln into crypto-wallets via an NPM package. Then someone else siphoned off $13m in coins to protect it from thieves

Muppet Boss

Re: Just goes to show

>So you've checked every line of code in every application and all it's dependencies? You've learnt how each and every bit of code interacts with every other bit of code in your entire production eco-system?

That's the point: NPM makes it fairly easy to introduce malicious code into _your_ codebase by hijacking some obscure package you are not even aware of. End-to-end code and security audit becomes very difficult too.

Barbie Girl was wrong? Life is plastic, it's not fantastic: We each ingest '121,000 pieces' of microplastics a year

Muppet Boss

Re: What fraction of a gram ? @Duncan

In SE Asia they have really small plastic bags for a single chewing gum pack... a pack of cigarettes... a plastic spoon... a plastic "bag" for a plastic cup... and they will pack all these plastic bags in a plastic bag...

Muppet Boss

Re: What fraction of a gram ? @Duncan

Talking about urine and faeces, before starting to enjoy the fine odour of exhaust fumes, city dwellers had to be content with horse manure.

/sarcarm but true, cars greatly improved ecology ;)

Muppet Boss

Re: What fraction of a gram ?

1. Which might be true in the same sense as saying there will be more people than fish by 2050. Safe assumptions! There will still be more water by sheer weight though ;)

2. Oh, you need to see by yourself, what's happening with plastic pollution in Asia & Africa is horrible. I think Indonesia alone produces more untreated plastic waste that is thrown into the ocean than all "developed" countries together. China and Indonesia together produce more ocean plastic waste than all other countries combined. Europe is less than 4%. What is happening in Asia and Africa is truly, truly horrible and better be stopped.

https://ourworldindata.org/plastic-pollution#share-of-global-total-mismanaged-plastic-waste-by-country

Btw those scary plastic particles. I am surely our XVIII century ancestors with <40 years life expectancy would be terrified!

March 2020: When you lucky, lucky Brits will have a legal right to a minimum of... 10Mbps

Muppet Boss

Same as my backup symmetric 200Mbps fiber back home and nope, it is not subsidized. We are talking about monthly bill, correct? ;)

Russia signs Huawei deal as Chinese premier decries 'protectionism', 'unilateral approaches'

Muppet Boss

Both China and Russia love American technology. But what's happening is a bit too much for business as usual. The US is losing trust as a reliable business partner. First Snowden now this. If the US cannot be trusted, better leave them* alone. If they** turn from partners to liability, they* ** will be the one to reap the harvest.

*The US policymakers.

** The US businesses, collateral damage.

Muppet Boss

Re: "get clarity [..] on the supposed intelligence risks of Huawei"

>I don't see the equivalence between the NSA and the Chinese Intelligence Services at all, at least from the perspective of the American Government.

Good for you to work for the American Government.

Church roofs? Nyet, say Russian scrap thieves, we're taking this bridge

Muppet Boss

Re: the Poles were at it before

What about scraping a nuclear power plant? There was one in Russia, Tatar Nuclear Power Plant, fully completed with reactor cores about to be installed. This never happened due to popular resistance and everything that could be stolen was stolen in early 90s, including 2 world-largest heavy-lift Kroll K-10000 Danish cranes for loading the cores.

Makes a good paintball arena now, very surreal, e.g. https://vk.com/album-8118322_84205260

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020