* Posts by regadpellagru

541 posts • joined 31 Jul 2006


Microsoft Trusted Root Certificate program getting a lot less trusting


Re: Don't stop there

"They should also change the OEM program to state that you are not able to modify the Trusted Root Store of any machine."

This all along.

And they should as well make the OS itself can't be modified by OEMs.

Hint: we're dreaming, here. The drug dealer business model will prevail and none of this will happen.

Microsoft steps up Windows 10 nagging


Re: FFS Microsoft

"Sadly so many of the best PC games are still only on Windows. I am probably going to have a Windows games-only box and use Linux for everything else."

Have a look at SteamOS, it's now working great. Spent the night playing games on it (with a steam controller) ...

OopSSL: Pushme-Pullyou for OpenSSL patches


Openssl code example

From bio/bss_conn.c in Openssl 1.0.2e (!):



# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */

# else


# endif

# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)

/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */

# undef FIONBIO

# endif


# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)

i = 1;

i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, (char *)&i,


if (i < 0) {

SYSerr(SYS_F_SOCKET, get_last_socket_error());

ERR_add_error_data(4, "host=", c->param_hostname,

":", c->param_port);


goto exit_loop;


# endif

Seriously ??

Lenov-lol, a load of Tosh, and what the Dell? More bad holes found in PC makers' bloatware


Re: New machine?

"The EU needs to get onto this. "

The EU is not even able to tell its ars from its elbrow, mate ! How could they even see anything wrong, here before the cows come home ???

They never sent anyone fighting against terrorism, until, what, 2 days ago ? Only the french and the american went to Mali !


malware as a business model

"New machine?

First job, wipe and rebuild, always."

Sure thing, but that may not be enough in Lenovo World, see this: http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/

More to come, from other OEMs ... Get your popcorn bowl ...

Lesson of all of this, is this: Microsoft has withdrawn control of Windows to OEM, so that they all can get money off their customer via malware and probably next, ransomware.

This is the result of, quoting an El Reg hack, "a cut-throat business model", as the laptop PC business has become, where you can't do more than 10E margin via usual means and have to resort to "other" means ...

The Windows eco-system has simply become a toxic dreag-dealer business model, both directly (Windows embedded (and more to come) distributing security updates only to paying customers), and indirectly (allowing OEMs to simply install, propagate and sponsor malware, even to the cost of the whole https stack security).

The number of incidents, for the last 6 months, is testament to this. MS is culprit of letting this happen, otherwise they'd taken strong measures ... They know what money hunger can lead people to do, they just let it happen.

End of the line: Windows is now doomed as a trusted platform. Get out of it people !

Smart telly, router, app makers have left a security hole open for – drum-roll – three years


Re: IoT Smart crap!!!!

"When I bought my new TV a few months ago, I asked the Salesman about its operation without being connected to the Mothership/Internet.

He smiled and said

"I'm being asked that a lot these days"."

My TV died this summer so I bought a new Sammy screen.

While fiddling with it, I noticed it had a freaking anti-virus on it ! A frasking AV on my TV ! WTF !

This is really telling ...

Music publisher BMG vs US cable giant Cox: Here's why it matters



"It appears that he thinks, at least in the case of the Cox Torrenter who downloaded tens of thousands of files, that tens of thousands of notifications was good enough to create obligations on Cox's part."

And that's where it is retarded. He probably assumes one file = one full movie, but reality may be a lot different.

For example, some retro-gaming torrents are thousands of 10-20 KB files, so a single torrent could mean thousands warning triggering spam systems ...


"One had triggered 54,489 notifications in 60 days. Each notification was alleged to have been passed on to Cox.

Well anyone hitting our emails servers that fast are likely to be blacklisted very, very quickly. Did anyone check the spam folder?"

You've beaten me at it, mate ...

Just in time for Xmas: Extra stealthy Point of Sale malware


Re: Bah!

"Interesting. Which one?"

Credit Mutuel. I've been using their service to pay for online stuff for now 8 years (I've bought probably 1 item/week online ever since (up to 1500 E stuff !)). Is free, easy, secure, and just works. I think other french banks are doing this as well.

Possibly Caisse d'Epargne is still stupid enough to have withdrawn this kind of service. I know for sure they did that, 3 years ago. Retarded.


Re: Bah!

"The obvious answer is to use your card once, cut it in half and request a new one."

I'm using this every single online purchase. I may start to use this with POS. Visa and Mastercard already offer services by which you create a virtual card number, limited in duration (2 months) and amount of money (your online purchase final invoice). That's at a french bank.

It is, indeed very secure, as frauding this would involve stealing the unique number, transmitted via a TLS channel AND getting the money before the online retailler gets it. Good luck with that !

I don't think this is mainstream in the US or UK, unfortunately. You guys need to go to your bank manager ...

Is the world ready for a bare-metal OS/2 rebirth?


"I can't work out if you're Bill Gates or Steve Ballmer (probably the later), but take your negativity and shove it up the tailpipe of Windows 10."

Uh ? None of them obviously. Just making the point that a dead OS needs to be used as a) emulated or b) virtualized. And not on bare metal, since it introduces some issues (OS from the 80s on 2015 metal is probably gonna introduce some difficult to come by problems or security issues).


"An awful lot of the legacy uses for OS/2 are on embedded systems.

Used to see a lot of photo finishing equipment running OS/2, it was pretty much an industry standard."

Well, fair enough. Get that emulated or virtualized then, and use it at will until the end of this century.

No need to get the OS on bare metal ...

As I said, any AmigaOS utility I still need is running this way ...


"The focus will be on running a full OS/2 implementation on bare metal, not just in virtual machines,"

Why ?? FFS, why ? Why on earth would anyone want this ? OS/2 or Amiga OS is totally OK in a VM, or emulation, but why on bare metal ?

Are people not aware world has moved from the 80s and OS/2 on bare metal is not a thing ?

Can't get this ...

VW's Audi suspends two engineers in air pollution cheatware probe


Reminds me of a Blackadder episode

"Blackadder: Someone's for the chop. You or me in fact.

Percy: Ah yes.

Blackadder: Let's face facts Perc, it's you !"

Love your IoT gadget but could you keep the noise down?


All too true

"What’s that, you say? Shielding? Insulation? In your dreams, pal. Not at the prices you want to pay. "

This one just cracked me up. All too true, unfortunately.

As spot on, as was all the article. Keep it up, Dabsy !

PS: no tinfoil hat icon ??? How do I shield ?

Remember Windows 1.0? It's been 30 years (and you're officially old)


Those vids, really

They made me laugh so hard.

What were they on, when they shot them ?

French Playmobil heist: El Reg denies involvement


No surprise here

Frankly, since Playmobils, those days, cost nealy as much as any hard drug, there's no surprise they get stolen in lorries like drugs, cigarettes, and solid gold.

If my memories of the period when my nephew whas crazy about them, and every Christmas was an obligatory 60 bucks on a small Playmobil box with 2 figurins, those palets have to be worth millions !

Pause Patch Tuesday downloads, buggy code can kill Outlook


Re: The tables have turned

"The biggest one that comes to mind recently is OpenSSL's heartbleed bug, which highlights just how easy it is to cock this sort of thing up. "

Openssl is quite particular, but nonetheless showed (for the first time ?) that open source can have totally unbelievable security bugs, due to source being unreadable, library architecture being completely brain dead, and project supporting platforms long gone and forgotten.

Ransomware scammers: Won’t pay? We'll put your data on the internet



Presumably, in the future, there will be an assertion at what is more damaging to users: stealing their files or publishing them ?

I see nothing unusual, here, in the grand scheme of cyber-criminality: pressing people to pay, by any means ...

Next year's Windows 10 auto-upgrade is MSFT's worst idea since Vista


Re: Time to look at another opsys?

"I live in a French village of 200 inhabitants, so you can imagine the ratio of Brits....I have already had to rebuild two laptops back to Windows 7 from 10 "upgrades"........so when and if this starts I think I will just hide somewhere..............."

Same, here. I've already told village+dogs & cats that I DON'T DO W10 and W8.

Everyone is now aware of this weird obsession of mine about 8 and 10, so no-one bothers me ...

How Microsoft will cram Windows 10 even harder down your PC's throat early next year


Re: Tried and tested recipe

"Where are the law suits?"

There's no way you or me will see them. Judges, in whatever country, can't understand a thing about this, therefore, plenty of bollocks tellin them it's allright, while it's clearly not.

We're fighting a lost battle, here.


Re: a looming disaster

"If that doesn’t work then the only solution is to turn off updates for ever.

ideas to help mitigate this please"

No more ideas. Turning off updates forever seems to be the solution to MS malware, really ...


Re: Undoing all the hard work in trustworthy computing...

"It's absolutely bloody ridiculous. Generally speaking, I like Microsoft's technology, but this is a total joke, and my current policy is now to disable updates entirely on machines I have, so I can take control back"

+ 1, here. Windows 7 in a locked-up VM, no network. Enabling network has now become dangerous, and frankly, I don't really need it ...

Why was the modem down? Let us count the ways. And phone lines


obligatory youtube sound reference


Can't see why no-one has posted it already ...

'Profoundly stupid' Dubliner's hoax call lost Intel 6,000 hours of production


"But how does that amount to 6000 hours of lost production? Did they close the plant for a whole year?"

(time of closure + time to restart all lines) X number of production lines

Problem is a semi-conductors line doesn't start in 10 mins, takes hours. And I think this factory was big, if 4000 staff is anything to go by, therefore the 6000 hours. Probably 500 production lines, there.

Microsoft now awfully pushy with Windows 10 on Win 7, 8 PCs – Reg readers hit back


Only way to keep W7

It seems, nowadays, the only ways to keep W7 or W8 the way they are would be:

- to fight a permanent battle against MS, by uninstalling unwanted updates, managing a mile long list of banned IP in the firewall

- or, to run W7/W8 in a closed VM, with no access to the network, for legacy apps

I'm going the second option TBH

If you wanted Windows 10, it looks like you've already installed it


"I feel like I'm going to be condemned to fight this fucking war for the rest of my damned life. At least once 2020 rolls around they'll have to choose between Windows 10 or Linux Mint. When that happens anyone who goes with Windows 10 won't have me looking after their computers from that point on."

I feel for you. Ever since the W8 madness, I've made very clear to the population I currently support (family, friends etc ..., some of them 70 years old, who have yet to discover we can actually launch stuff on W7 by other means than double-click on the desktop), that if they buy a new laptop, they should get a Mac, and any Windows version above 7, I don't touch, like ever.

Weird garbled Windows 7 update baffles world – now Microsoft reveals the truth


Is it just me ...

Or this blunder may be a symtom of an incoming Wupdate as a Service, like, you know renting the Wupdate channel to "partners", whatever than means ...

Lies from VW: 'Our staff acted criminally but board didn't know'


What Lies (LOL) didn't complain about ...

was actually not being made aware of the cheat ... He only (see below) complained about the fact it was known in the US ...

That's telling, no ?

"So we need to find out why the board wasn't informed earlier about the problems when they were known about over a year ago in the United States."

KARMA POLICE: GCHQ spooks spied on every web user ever


Re: I can imagine several foreign governments being annoyed with this.

"I can imagine several foreign governments being annoyed with this.

Mainly Germany. But possibly a few others as well."

Really ? Then watch how none of european countries officials are ever going to react to this, nor how the mainstream press is gonna even talk about it.

Truth is: no-one understand a bit of this, and pending understanding, opposing what is seen (wrongly) as counter-terrorism is very risky from a political standpoint.


Re: Meaning?

"What does "visible to passive SIGINT" mean?"

It means what they get via the below and all its siblngs as opposed to stuff captured on your PC.


Chinese ad firm pwns Android users, creates hijackable global botnet


China sponsored maybe ?

"Xinyinhe cannot be reached for comment as it has taken down its site and another linked to the malware. Web archives were not accessible at the time of publication.

"This is a worldwide, spreading malicious adware family with a high threat, likely controlled by a Chinese organisation," the researchers say ."

Spooky. Did they uncover something from their own government ?

/Black helicopters coming ...

D-Link spilled its private key onto the web – letting malware dress up as Windows apps


"No one at D-Link was available to comment on the reported leak. No one at Microsoft was able to confirm whether or not Windows has stopped trusting code signed by the leaked key. No one was available to comment at Symantec, which owns the part of Verisign that issued the code-signing certificate to D-Link. Apple does not respond to The Reg's requests for comment. "

While I find largely disturbing D-Link are not commenting, since they are the red-faced people, here, I don't see the point of questioning MS, Apple or Symantec over the issue.

For MS and Apple, there's really not much they could do or have done to counter this blunder. If cert is legitimately signed, then of course let the install happen !

And even less for Symantec: if someone's been stupid enough to let a private key leak, how is it at all their problem ? Their job as CA has been done neat and clean ...

Fiat Chrysler recalls THOUSANDS more cars to swerve hack-my-brakes roadkill


Re: Unaware, geez ...

"Oh hello, Conspiracy Corner is open for business. So long as the steering wheel is mechanically connected to the rack and the car can be taken out of gear and the handbrake works it would be rather difficult to crash a car remotely with a half competant driver on board."

Hmmmm, no, really no. You seem to imply you'll have dozens of seconds to react in case of attack, but that is not the case. I can't comment on the aforementioned affairs on security people, but I'm sure those things, carefully used, can kill.

If someone can remotely control and suppress your brakes, only your brakes outside of handbrakes (and here, understand we now have vehicules with bus-driven handbrakes and steering wheel, opening tons of other possibilities) and he knows you're coming to the mountains road I live closeby, he'll be in a position to wipe you out of the road.

Simple: wait until you're in one of the very sharp turns and suppress the brakes 2s before the sharp turn, you'll be so stunned you won't have time to switch gears or handbrake, your car jumps the barriers and crashes 20 m below. You're history.


Unaware, geez ...

"The company is unaware of any injuries related to software exploitation, nor is it aware of any related complaints, warranty claims or accidents – independent of the media demonstration."

Of course, smart ass, cos no-one will even investigate nor have the competences to do so, even if those design flaws kill thousands !

How many deaths caused by cars design flaws, in the entire world, have ever been reported ?

Actually, the article should point out those problems result from DESIGN flaws, which are a lot more serious than software flaws.

Entertainment network should really share no physical part with driving network.

My understanding is, again, the manufacturor is just hiding it out with smoke, not fixing the design flaw,

which would be really costly, but just updating the software.


Asus ZenBook UX305: With Windows 10, it suddenly makes perfect sense


Re: Wellll......

"The absence of navigation buttons (Home / End / PgUp / PgDn / and most importantly DEL) was the what drove me back to the PC world. Much as I admire both Apple hardware and OS X, the absence of those buttons caused a serious decrease in my productivity."

To be franck, when I switched to a Macbook pro, even if a number of things I had grown acustomed to, had to be done differently, it really was short learning for me.

The 1/2/3 fingers stuff on the Mac pad is really priceless and replaced the totally insane abundance of keys of every PC laptop I've seen, including Home/End/PgUp/PgDn. DEL is not really usefull when you have backdel.

That's when I understood at which point so many keys (WIFI on/off, geez and so many others) have cluttered the PC laptops.

Dell CEO: Very few will survive the PC bloodbath


@Dogged Re: margin enhancing malware strategy

"Yep, they did it. Nope, they didn't quite understand what they were doing."

Really ? They developped a program aimed at detecting a Windows agent, overwrite it at boot time, all of this embedded in the MB memory, without knowing what they were doing ? It costed them quite some effort, so be sure they knew what they were doing, along with all the engineering mgmt line.

"They took money to make a low-margin product cheaper."

Yeah, in other words, they screwed their customer by selling their laptop to someone else to make for a better price. You seem to find this OK, I don't.

"It was only ever on the cheapest nastiest shit they sell, never on the ex-IBM product lines."

Doesn't matter. People paid for it anyway. Again, you seem to find it OK, I don't.

"This was a catastrophe for Lenovo. No sane board would have approved it with full knowledge. It cost them far more than they made. Think they're ever going to do it again?"

This was a very minor incident for Lenovo. Which of your neighbours or mine heard of it ? They were just cought and backtracked in emergency. Joe User will still find those Lenovo laptops very attractive at the local shop. Of course, they'll do it again, but will try to be more cautious.

If I were a security researcher, my christmas gift would be the first entry level Lenovo laptop, 2016 line.


margin enhancing malware strategy

“Financially it is tough,” he said, “there is nobody arguing that we will not be there in the future. The market trends toward commoditisation ... plays totally in our favour. We know how to play the low-cts environment."

Yeah, we've seen how, but stuffing malware in Lenovo-installed OSes (http://www.theregister.co.uk/2015/02/19/superfish_lenovo_spyware/) and even in bloody motherboards (http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/) !

Of course, getting some money from cyber-crims to enhance margin ...

It's still 2015, and your Windows PC can still be pwned by a webpage



" ... one in Windows' handling of OpenType fonts, four in Windows' Journal file handling ..."

Journal handling, fonts, ain't Windows great ?

Can't say I'm surprised by the edge thingie, though.

Boffins clock MONSTER BLACK HOLES inside quasar-hosting galaxy near Earth


Old news

If it is to happen 100 000 years after the current visible situation, and the objects are 581 million lights-years from here, then it already happened more than half a billion years ago !

We just need to let light the next half-billion and some years to come to us.

Astronomy is really a funny science. We may need Douglas Adams' dictionnary for time traveller ...

Nano – meet her: AMD's Radeon R9 4K graphics card for non-totally bonkers gamers, people


Re: How does it compare to a GTX 970 ITX?

Probably not that great, seeing the only version that won't set your build on fire is severely under-clocked, vs. mitx 970, which some of them are over-clocked.


Re: Cough.. cough... cough...

"175W in a mini-ITX case is called a fan heater, not a piece of electronics. There is no way in hell you can dissipate that amount of heat in that little space unless you are pushing all of it outside the case straight away which is not the case (the heatsink has vents on top and on the side in addition to the exhaust)."

Yes, 175W is quite high, but I really wonder about the Fury X TDP ... 275 W ?? Really ?! It's more than my total mitx new gaming build, which burns 250 W total on extreme load ! No OC yet, though.

And meantime, the ASUS GTX 270 mini IS overclocked, and as far as I can tell, doesn't throttle while gaming.

Desperate Microsoft PAYS Win Server 2003 laggards to jump ship


Disturbing, really

"The Reg’s integrator source told us: “Microsoft is keen to help pay them [customers] to move. They want shot of it – they are committed to getting Microsoft customers off an unsupported version of Windows. They don’t want to support it.”"

That is well fully understood. Who would want to support it ? Costs arms and legs ...


- They don't have to. Ever. They stated years ago when they'd stop doing anything on 2003. They just DON'T have to support it. In other words, the ressource burden is something of the past.

- Why on earth, given what is above, would they pay transformation fees ? There has to be, as some other commentards have already stated, some other reason (crap W10, fear of migration to other platforms ?)

MS is totally insecure, here.

Are smart safes secure? Not after we've USB'd them, say infosec bods


@ The Original Steve

Yes, but still, I know no modern OS that still have this huge stupidity set by default: auto-executing of removable storage. Apart from Windows.

OS X doesn't do that, no Unix I've approached (and I've seen quite a bit) do that. QNX, I'll admit I have no idea.

It's totally baffling to see Windows devs never learnt from the 80s viruses on Amiga (and probably other platforms, Atari ST ?), which primary vector was indeed the autoexec of removable storage, aka floppies in this age.

When you haven't learnt from the mistakes of people 30 years past, it's really hopeless.

We tried using Windows 10 for real work and ... oh, the horror


come again ?

What added-value for me to upgrade from a MAC-contained W7 VM, to W10 ?

I read the press but still haven't figured it out ...

It's all Uber! France ends its love affair with ride-sharing app


Correction, here ...

"However the service is in fact illegal in France and last week Pierre-Dimitri Gore-Coty, general manager for Western Europe and Thibaud Simphal, general manager of Uber France, were arrested. They will have their day in court in September."

It's true that both blokes have been arrested, due to insane political pressure, that was deemed (source: Le Canard Enchaîné, 01/07/2015, page 2) as overkill by police insiders.

However, it is not true the service is illegal in France. This is up in the air at courts.

Taxis are actually angry because they buy their licence at 200 000 Euros which puts them much at debt, unlike Uber, due to, it seems, a legal loophole. Of course, Uber can have prices totally lower than taxis due to lacking this huge racket/tax, so we have unfair competition, here.

Amazon just wrote a TLS crypto library in only 6,000 lines of C code


Re: OpenSSL

"OpenSSL code is not as bad as it is often presented nowadays."

If you really think this, chances are your C code is ready for IOCC.


Re: s2n != OpenSSL




Ah ah good laugh, indeed. Have an upvote. Everyone should read the links.

Microsoft U-turns on 'free' Windows 10 upgrade promise for ALL previewers


Re: Guessing games

That's 7: they lost it. They don't know how to make money anymore, after all the debacles.

Give it for free for 1 year (legit W7 & 8 users), maybe. Force cloud usage to rip users off ? why not.

They don't know where they're going ...

Duqu 2.0‬ malware buried into Windows PCs using 'stolen Foxconn certs'


Only MS

"The question begs, however, why ALL Foxconn-signed executables are trusted automatically just because they're signed by Verisign."

Indeed, AFAIK, only Microsoft issues windows core executables, so they should really be the only ones to sign them, and no-one else !

Why can joe foxconn get anything installed and validated on Windows is a big problem. How many other companies ? HP, IBM, Lenovo, paypal ? FFS !!

MS has to tighten the bolts of who the f**k can install any package on *their* OS. Windows is MS's OS, shall I remind everyone !

Whatever the OEM deal is, with MS, MS has to keep control of its OS security, and that starts by being the sole responsible for exec's security.



Biting the hand that feeds IT © 1998–2020