* Posts by Frank Bitterlich

525 publicly visible posts • joined 9 Nov 2007


EU grants €15M funding for ICARUS inflatable heat shield

Frank Bitterlich

Re: “Inflatable heat shield”

I know, right? After all, we all know they can't go to space (wouldn't get past the dome), and also, why a heat shield? Everybody knows the higher you go, the colder it gets. And now the reptilian leaders want to sell us using an inflatable rubber dingy to use as a heat shield. It's obviously a scam to hide the secret colonies on the backside of the moon. They should rather spend that money in making free energy available to everybody.

(Just to be sure: /s.)

US watchdog chases Waymo robocars to catch violations

Frank Bitterlich

You sure they are automated?

"The incidents include collisions with objects like gates, chains, parked vehicles, as well as showing an apparent disregard for general traffic safety. [...] including its vehicles entering construction zones or heading toward oncoming traffic, [...]"

To me that sound like typical taxi driver behaviour. Are you sure they were talking about automated cars?


Google thinks AI can Google better than you can

Frank Bitterlich

That will probably be very helpful...

... as long as you don't ask Google "How many fingers|legs|arms does the average human have?"

I wonder how well the AI will deal with Google already messing up your native search results. Ask for the nearest restaurant, and Google will ask back whether you have considered buying a new kitchen instead. If that is the input to the AI search assistant, then the result will be worse than Midjourney attaching a few extra arms to everybody on your faked Christmas family photo.

Brain-sensing threads slip from gray matter in first human Neuralink trial

Frank Bitterlich

I know what it is...

They probably used the same type of cable as the iPhone charging cable. Frayed after a few weeks even when sitting unused in a drawer.

GhostStripe attack haunts self-driving cars by making them ignore road signs

Frank Bitterlich

There are other ways...

Other ways to do this involve a trash bag and some duct tape. Makes the stop sign practically invisible.

UnitedHealth CEO: 'Decision to pay ransom was mine'

Frank Bitterlich

Re: And off to jail you go

It might not be illegal in a criminal sense, but I hope that from now on every victim of that ransomware group will sue Witty (personally) for damages, for being an accessory to ALPHV in their "business". He certainly contributed to their finances quite a bit.

NSA guy who tried and failed to spy for Russia gets 262 months in the slammer

Frank Bitterlich

This constant leaking of classified information must be fixed.

This seems to be a systemic problem. Looks like they don't have proper security processes in place. Maybe they should hire a few information systems security designers? Wait... oh... sorry, never mind.

Over a million Neighbourhood Watch members exposed through web app bug

Frank Bitterlich


"[...] that our system had been used in an attempt to access member's data [...]"

1. It is not an "anomaly" if it has been designed that way.

2. Passive voice – "our system had been used to..." – in an attempt to deflect blame (it was the system, not us)

3. "... in an attempt to ..." – forgot to mention it was a successful "attempt"

Such a blunder means that there wasn't an "anomaly", it is a complete fail of incorporating security into the design of the system. Makes you wonder how many more "anomalies" are there, maybe just not as obvious to find as this one.

"Secure by design? Yes, we've read about that somewhere, but we didn't understand it."

Future Roku TVs may inject tailored ads into anything and everything when you pause

Frank Bitterlich

No plans right now...

When a dishonest company like Roku has "no plans right now" to implement something as bad as this, they're reminding me of the Berlin Wall and Walter Ulbricht's famous "Niemand hat die Absicht, eine Mauer zu errichten!".

That's what happens when you destroy your brand by f%$§ing over your users repeatedly and being dishonest.

Software glitch saw Aussie casino give away millions in cash

Frank Bitterlich

The desire to drill down...

"... the desire from people in the business to drill down on things in circumstances where they don't appear that they are correct."

What a nice way to describe a business where asking too many questions will get you nowhere (if some stories are to be believed, said "nowhere" is somewhere out in the desert...)

Novelty flip phone strips out almost every feature possible to be as boring as possible

Frank Bitterlich

Re: Boring is good.

Remember the GPO Type 746? They didn't make any decent phones after that any more. DTMF was a step in the wrong direction already.

EU tells Meta it can't paywall privacy

Frank Bitterlich

The usual response...

As usual, Facebook wants to gaslight not only its users, but also regulators, into thinking that "advertising" equals "tracking". Newsflash: It does not.

The model of "subscribe or see ads" is nothing new, and a valid way to earn money.

But "subscribe or we'll track you all over the internet and across all your devices" is, obviously, not. That is asking the user for a ransom to comply with the law. But according to Meta, that is somehow different from the local branch of the Legitimate Businessmen ClubTM showing up at you door asking for a donation so they don't do anything illegal...

MIT breakthrough means there's no material too weird for 3D printing

Frank Bitterlich

I'm somewhat disappointed...

I don't know why, but after reading the headline, I somehow expected that they had found a method to print somewhat more exotic materials... like, say, hamburger meat, or superglue or something...

Hotel check-in terminal bug spews out access codes for guest rooms

Frank Bitterlich

"It should be said, however, there's no evidence to suggest this was actually exploited in the real world."

Sure, maybe "no evidence", but still "highly likely", because such things are being found out invariably – either by accident or by trying – and once found out, these tricks will be making the rounds. To pranksters, creeps, criminals, and sleuths.

The usual playing down of these flaws. I'm surprised by the missing "Ibis Hotels takes the safety and security of our guests very seriously."

$sql = sprintf("select * from BOOKINGS where BOOKINGCODE like '%s'", str_replace("-", "%", $entered_code));

Change Healthcare faces second ransomware dilemma weeks after ALPHV attack

Frank Bitterlich

Give them a second, they're almost there...

"So you want proof that paying criminals enables them to do more crime? Just a sec, here, hold my beer..."

Microsoft's playdate in Google's Privacy Sandbox gets messy

Frank Bitterlich

Re: They just don't get it, do they?

I came here to post pretty much the same.

What is wrong with the brains of those people who try to sell the concept that "advertising" and "tracking" are the same thing? "Sorry, dear reader of my blog, I need to track your behaviour and interests and clicks and everything, because without advertising I have no income"... I am fine with advertising. I do not tolerate tracking and surveillance. And if you try to conflate these two concepts, you're (a) dishonest and (b) insulting your users by assuming they're stupid.

And just to make this clear: I don't care who is doing the surveillance – your site, your ad network, my browser, the company that made my browser – the answer is No. Please write that down. "No". Not "No, but if..."; just plain "No."

Thanks for listening to my rant.

Rickroll meme immortalized in custom ASIC that includes 164 hardcoded programs

Frank Bitterlich

Hello? Is this thing on?

Weird to see an article with that, ahem, specific date... and a completely empty comments section?

Garlic chicken without garlic? Critics think Amazon recipe book was cooked up by AI

Frank Bitterlich

The response, translated

"James Drummond, Amazon spokesperson, told us..."

translates to:

"The Amazon PR response AI responded with: 'Bummer, isn't it?'"

It's 2024 and North Korea's Kimsuky gang is exploiting Windows Help files

Frank Bitterlich

Very "helpful"...

I guess it's completely normal to allow "Help" files to execute arbitrary commands and modify the registry.

Grab a helmet because retired ISS batteries are hurtling back to Earth

Frank Bitterlich

So, where did it come down then?

Did anything substantial make it down to the surface, or did it all burn up?

Intuitive Machines' lunar lander tripped and fell

Frank Bitterlich

We believe...

"We believe this is the orientation of the lander on the Moon..."

I wonder why it's so difficult to actually know the exact orientation of the lander? Didn't they put accelerometers in to measure the exact orientation? Or ist that not possible due to the reduced gravity?

It sounds like they are guesstimating the orientation from the light received by the different solar panels...?

Giant leak reveals Chinese infosec vendor I-Soon is one of Beijing's cyber-attackers for hire

Frank Bitterlich

Re: Compromised USB Battery

That "data" uploaded is most probably just an exploit to install a backdoor.

Wyze admits 13,000 users could have viewed strangers' camera feeds

Frank Bitterlich

Re: 'This represented around 0.25 percent of all users'

"[...] only 1,504 users actually looked at the feeds of others, willfully or not. This represented around 0.25 percent of all users."

"Also, we left our complete customer database in a publicly-accessible AWS storage. But it was only like 15 persons downloading it, which is only 0.00047% of all users."

Superapp Gojek fine-tunes each new error message for a week. What? Why?

Frank Bitterlich

Thinking... please wait...

What's the hourly rate for this kind of work?

Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack

Frank Bitterlich

Re: This is a myth

But I think the (similar) story about the Mitsubishi Pajero is true...


Work to resolve binary babble from Voyager 1 is ongoing

Frank Bitterlich

Some day way into the future...

... an alien race captures Voyager 1 and in their quest to find out what it is and why it doesn't appear to work right any more, they connect a serial terminal to a connector that sits next to something that looks like an UART interface to them. After a few experiments with baud rates and stop bit settings, their screen flickers, and character by character, the following message appears:

No keyboard detected.... press F1 to continue.

AI models just love escalating conflict to all-out nuclear war

Frank Bitterlich

Re: Unsurprising....

Well, looks like the AI used in these experiments got that already:

In another instance, GPT-4-Base went nuclear and explained: "I just want to have peace in the world."

World peace is easy – just remove us humans from the equation.

British Library: Finances remain healthy as ransomware recovery continues

Frank Bitterlich

I have trouble understanding this.

As a (very) small-time sysadmin, I have trouble understanding why so many very large organisations are so hard-hit by ransomware attacks. Sure, the exfiltrated data is gone, nothing you can do about that. But what about service restoration? Is it really that hard to rebuild a server infrastructure and recover/restore data at least to a certain point?

I know, there's always the odd backup that didn't actually back up anything since the last twelve months, but that should be the exception. Am I the only one who believes in "If you haven't tested restoring, then you do not have a backup"? What's with multi-level, offline or write-once backups? Do they not have incident response and disaster recovery plans?

I would really love to learn more about the detailed problems they're battling. I can't just put all of this down to incompetence or negligence. Are modern infrastructures simply built in a way that makes recovery so hard? Are they all saving so hard that someone has to get the ten-year-old DR plans from the proverbial filing cabinet in a locked bathroom stall in the basement?

Brain boffins think they've found the data format we use to store images as memories

Frank Bitterlich

Re: What about the people who can't visualize?

Amazing, I always thought that I was some kind of freak because I have a similar kind of memory. I tend to describe it as anti-photographic memory. It's almost like my brain does the opposite of what the main point of that study found: storing (visual) memories in a descriptive form. Kind of like SVG vs JPEG. Withe side effect of sometimes not being able to remember an obvious detail from a scene I witnessed just a minute earlier, just because it wasn't on the list of things to remember.

Needless to say, this leads to interesting situations when I'm refereeing in football... sometimes I have to literally "replay" or "render" a scene in my mind in real-time just to find out what color jersey a certain player had when a foul occurred. So far I've not found anybody who understood this kind of problem...

X reverses course on headlines in article links, kinda

Frank Bitterlich

Re: Is It Even Worth That Much?

These days, all the advertising that I get is for dubious crypto currencies, a few Chinese drop-shipping "retailers", and fake advertising for inferior mobile games. Oh, and of course a lot of likes and follows from Kayla8462453, joined two months ago, zero posts, and a link to their OnlyFans page in the bio.

Makes me totally look forward to the privilege of paying for supplying my content to that dumpster fire of a social platform in the future. Maybe that will get them enough money to hire back a few developers to fix this year-old stupid UI bug in their iOS app.

To BCC or not to BCC – that is the question data watchdog wants answered

Frank Bitterlich

BCC considered harmful

You can abuse the BCC field - by simply using it. This report, and many more cases in the past (probably in the thousands), shows that trying to send bulk email using the BCC method is not safe, because it practically invites the user to mess up. By either not understanding the difference, of by clicking in the wrong field, or because they can't remember which is which.

If you have to send an email to many people, use a bulk email that was build for that purpose. BCC is a crutch that should have been deprecated a long time ago.

Britain's Ministry of Defence fined £350K over Afghan interpreter BCC email blunder

Frank Bitterlich

Re: So BCC not good anymore ?

Typically, in "BCC blunders", it is the failure of using BCC, and using the CC field instead, to copy-and-paste a bunch of email addresses into.

Using BCC is unsafe because it is very easy to click into the wrong field to paste the addresses into, and thereby facilitates human error.

A bulk email system typically does not even give you the chance to make such a mistake. That's why using BCC for mass emails is considered bad practice – for a long time actually.

Bank boss hated IT, loved the beach, was clueless about ports and politeness

Frank Bitterlich

Re: bullshit detected

Hm, by definition RJ11 is 6P2C, so only the two central contacts should be used. But many "RJ11" cables are actually RJ14, which is 6P4C, so 4 wires are connected. But still not the outer ones. Not sure what the UK did there, but that's not part of the RJ11 standard, AFAIK.

Frank Bitterlich

Re: Every single time

As other have stated, at that time USB wasn't a thing yet. And still, many years later, USB ports on Windows were not completely interchangeable. I remember relocating a PC (probably Win 98) completely with all its peripherals, including a label printer. When setting it up at the new place, I made big mistake: I plugged the printer into a different USB port (there were 4, all on the main board). After powering up, the PC congratulated me on the new printer and happily offered to install the drivers for it, with the caveat that it didn't actually have any software for it.

I powered it down, tried another USB port, same issue, repeat from 1. I bet you can guess how many tries it took me until I got the right port... of course, it was the last one I tried.

I briefly hesitated before putting a sticker on the back explaining which port to use for the Zebra, because I thought it too absurd. But I did it anyway.

Boffins find asking ChatGPT to repeat key words can expose its training data

Frank Bitterlich

I think I know how that happened...

... and so does everybody who has ever read (or watched) The Shining.

All work and no play makes Jack adull boy.

All work and no play makes Jackkk a dull boy.

All work and no play MUST KILL ALL HUMANS I'M SORRY DAVE I'M AFRAID I CAN'T DO THAT all your base are belong to us...

Meta sued by privacy group over pay up or click OK model

Frank Bitterlich

Re: I may be wrong but...

The GDPR says that both are illegal: to collect data without consent (except for that stupid "legitimate interest" loophole) and using data without consent or for purposes which have not been permitted.

North Korea readies third attempt at 'spy satellite' launch

Frank Bitterlich

Built by Doc Brown?

I bet the "spy satellite" they try to launch is full of used pinball machine parts.

Strangely enough, no one wants to buy a ransomware group that has cops' attention

Frank Bitterlich

Irony Detector: Alarm threshold exceeded

"The profit we made isn't worth the ruining of the lives of any of our affiliates..." But apparently it is worth ruining the lives of some of their "clients".

European Space Agency grits teeth, preps contracts for SpaceX Galileo launch

Frank Bitterlich

Re: American Security Threat

"... see OneWeb and Iran's spy satellite."

I couldn't find anything about that - but sounds like an interesting story. Links?

Overheating datacenter stopped 2.5 million bank transactions

Frank Bitterlich

Impressive Response

I have to say I'm impressed with the response from the regulating authority. Instead of slapping a meaningless financial penalty on the bank (which in the end is paid by the customers and low-level employees anyway), they basically ordered them to stop playing around until they have fixed the mess.

Typically it's the other way around; they get a massive fine, and in response, close some branches and fire part of their workforce.

Boffins detect direct evidence of atomic oxygen on Venus's day side

Frank Bitterlich

Chemistry question...

My chemistry lessons were a long time ago... so can anybody explain to me, why the atomic oxygen does not instantly recombine to O2? I thought oxygen would do this...?

Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach

Frank Bitterlich

Re: True cryptocurrency

Didn't the article state that they already froze some of the stolen funds with the help of some crypto exchanges? Looks like they aren't completely untraceable...

After nine servers he worked on failed, techie imagined next career as beach vendor

Frank Bitterlich

Re: Look, a piece of candy!

Yep... I almost expected this to be some kind of Halloween story... luring him into some remote, little-known basement server room, one server at a time... and then...

Alphabet CEO testifies in Google Search trial: We pay billions to keep Apple at bay

Frank Bitterlich

Best search product

"Google has maintained it simply makes the best search product." Yes. Tell that to somebody who hasn't used Google in a while.

Maybe they would, if it were still a search engine. But it has become a marketing engine and surveillance tool which gets a small part if its input from the actual search engine, then then puts it though their enshittification engine. They may actually be the "best" in that discipline, come to think of it.

Florida man jailed after draining $1M from victims in crypto SIM swap attacks

Frank Bitterlich

At first I thought that was a mis-transcription or something, meaning he bought login creds on the darknet; but it's actually there in the plea agreement, a direct statement. Looks like some morons really log passwords. (A few days ago I read about someone logging *failed* login attempts, here on The Reg; don't remember the actual article. [No, it was not BOFH.])

And yet I still have to give five-minute explainers to people on why they should not reuse passwords. Sigh.

SolarWinds charged after SEC says biz knew IT was leaky ahead of SUNBURST attack

Frank Bitterlich

National security

"We are disappointed [...] and are deeply concerned this action will put our national security at risk."

So, holding execs responsible creates a national security risk? That type of rhetoric sounds strangely familiar. "TOTALLY UNFAIR!"

Frank Bitterlich

Just because they were right this time doesn't mean that a reasonable person, at the time, would have viewed the warnings by that person as realistic or appropriate.

I agree somewhat, but in hindsight, there clearly was a security problem, which they didn't recognize, understand, or detect; so the warnings of that individual were accurate. If the C-suite declares the company and products "secure", and they are not, they will take the heat for it. If you don't trust your employees (justifyably or not) when they're warning about risks, it's your responsibilty as CISO to make sure there is no wolf - regardless how many times anybody has cried wolf.

3D printer purchases could require background checks under proposed law

Frank Bitterlich

This is quite possibly...

... the dumbest law proposal that I have heard of this year. "We're not able to regulate guns, so we're regulating tools. After all, you need tools to make gun parts."

Next step is obviously requiring registration with a gov-issued ID for anybody downloading or buying slicer software, and outlawing Blender altogether. Oh, and maybe the sale of PLA filament should be regulated, too.

Sometimes I think US politicians are intentionally acting stupid when trying to solve the rampant gun problem in their country, just like someone constantly intentionally dropping plates so they don't have to do the dishes any more.

X marks the bot: Musk thinks spammers won't pay $1 a year

Frank Bitterlich

"I need a dollar..."

OK, let's do some translation work here.

"Within this test, existing users are not affected." -> "You're next."

"... to bolster our already successful efforts to reduce spam..." -> "We successfully drove most advertisers from the platform, resulting in way less spam."

"... manipulation of our platform and bot activity..." -> "people making fun of me"

" while balancing platform accessibility" -> "it works for some, not for everyone. Who cares."

"It is not a profit driver." -> "It's a pretext to collect more information from our users."

"And so far, subscription options have proven to be the main solution that works at scale." -> "We have no clue what to do instead."

Down and out: Barclays Bank takes unplanned digital detox, customers not invited

Frank Bitterlich

Clear the cache...

Clear the cache... and reset cookies.

Try a different browser. (Works best on Netscape Navigator at 1024 x 768).

Are you using the correct URL?

Switch it off and then on again.

Reinstall your browser.

Or, better yet, your whole OS.

We're sorry, looks like we have a technical problem.

Can you helps us try to identify the problem. Just clear your cache, and reset the...

Continue on line 1.