Posts by Version 1.0 5410 publicly visible posts • joined 19 Jun 2009
Malware delivery workers all install AV software to make sure their deliveries can pass through, so the child porn folks would probably install the software to get their images through it. We're all running around saying "this is good" and "this is bad" but nothing's going to change in the world until we admit that humans have the ability to be stupid.
But email is a normal hazard these days, we see infections delivered in attachments daily. This is the email environment ... it's nothing new. Here's a monastery sig when this first started years ago ... "I would like to shake the hand of the man who first decided that e-mail clients should slice, dice and run arbitrary programs. Then I'd like to stir, blend and puree his hand.
These days "security" is just a feature, not a requirement.
If I was in Russia and creating Malware I'd make it look like it was from China, and if I was in China creating Malware I'd make it look like it had Russian origins. But if I was in North Korea writing malware I'd add some indicators to give people both of the two "sources" to everything.
Malware is everywhere ... this is malware-change these days, all organizations need to start assuming that they will be hacked and all their data lost, moving to an environment where there is zero-zero access to their data from outside and only read-only access internally. Update the data internally via a keyboard with multiple inaccessible backups.
Sure - this is not going to be easy but malware is easy so everything harder is safer.
"Windows" are normally easily opened for the fresh air and insects to fly though the room, maybe we should switch to a new OS called "Stonewall"?
Modern things are designed to be easy to use, that's far more important to the creators than stone wall security. So nothing much is going to change until we create a new OS that is totally secure, maybe it will be hard to add the modern "easy to use" features but I think that safer to use is where we need to head to these days.
And hurricane season starts next week. But "problems" can be helpful because the operators can see what happens and work to avoid the problems in future. Hurricanes in the Atlantic mean that you have to navigate around them, not through them, generator failures suggest having a backup will help .... etc etc.
Dear b011chit your password has expired, we have issued a new password, please visit your account to confirm it.
You can't blame Python, this is normal in the Open Sauce environment, most of the time the new sauce is nice and tasty but occasionally it's got too much salt and pepper.
I'll rework an old quote to today's world ... "If it turns out that there is a Open Source Coding, I don't think that it's evil. But the worst that you can say about it is that basically it's an underachiever." - Woody Allen (updated).
I guess this might be a result of where we both are, locally (in a town full of white cops) our Amazon drivers are all black so maybe that's why there are driving a lot more carefully here? I'm white so I have a bumper stick on the back of my car:
CAUTION, I drive like a Cullen.
Locally, in the US, I see the Amazon delivery drivers doing a very good job and excellent deliveries these days, I don't think it's a result of Amazon cameras (I might be wrong) but it seems to be a result of Amazon starting to employ a lot of former local UPS and Federal Express drivers.
Now flip the message icon over because this is the USA, so if you are driving around the neighborhood at the speed limit then people driving behind you will be honking their horns and then overtake you when you arrive at a Stop Sign. Don't honk at them when they do that to you because a gun will get waved out of the window. I'm not complaining, that just the way things go.
I always see the term "AI" as meaning Artificial Idiot, to say it's Artificial Intelligence effectively misleads the public into thinking that there is no stupidity in the machine. Let's move to reality, calling it Artificial Realistic Stupidly Efficient, Intelligence.
No, I'm not joking - these days we just call the programming results "AI", Windows, Android etc., etc., and are busy updating everything all the time with each version claiming to be a bug free enhancement but it's updated again every week or two. So our AI is just a guess, based on other guesses.
“I will accept any rules that you feel necessary to your freedom. I am free, no matter what rules surround me. If I find them tolerable, I tolerate them; if I find them too obnoxious, I break them.”
These days when you read quotes like that from Heinlein's book, The Moon Is a Harsh Mistress, it sounds just like our politicians at a party. Did Heinlein predict the future, or did he create it?
But Windows is designed to be "patched" so this event is just a feature implementation. All "patches" are patched, all features are "updated" ... LOL, you think that data privacy is not a feature of being patched? Just accept the patch policy but don't worry about it because it will be updated.
We're generating the power to run these systems and then need to generate power to cool them down, so that's a lot of energy running around and warming the planet. We need to start thinking about the consequences of all our "upgrades" - are we going to move to a carbon-free world where everyone needs an AC unit?
When I was moved to the US from the UK in the mid-70's I was getting $10,000 a year ... so the article is accurate but I'm not complaining because, since I was so cheap to employ, the company was happy to pay me to fly back to the UK every year to renew the H1-B visa. And they sent me off to many educational courses leading me to learn a lot of things that the UK company had never bothered about.
The downside was that I had to stop smoking entertaining substances, but the upside was that I could go to Grateful Dead concerts all the time.
The Office Is a Beautiful Place When Everyone Else Works from Home
If you spend your life looking at EKG traces then the environment is similar to coding debugging; you see the EKG trace have a big pulse up (QRS) , or a low slide down (T wave), or maybe too many little pulses (P waves) and then you figure out what the cause is ... generally something that a cardiologist can fix. So it's basically complex debugging, when your heart has an issue then a cardiologist will debug you.
I've asked El Reg to add a pair of wire-cutters to the icons in the past when we discuss security issues, but nowadays I think it would be much better to just give us a axe icon for cybersecurity posts. The concept of cybersecurity is just a joke these days - every time we talk about cybersecurity we're just discussing failures so let's all just use this icon until we get a "cybersecurity update" that works.
If the technology worked then the companies creating the driver-assist mode would be able to create an operating system and web browser that we could all use without any risk at all of getting infections ... oh wait, are they writing the driver-assist code in Java?
And what happens when they decrypt your Blind Faith album cover, or see your QAnon posts about Hillary Clinton porn videos? I agree that porn is bad but I think that everyone's attitude to the fact that we are all naked under out clothes is much worse...
If we charge down this road without thinking about the consequences then maybe we will simply ban all artists. In college I was taught to draw and paint pictures of people, you started with a naked body (drawing a naked civil servant) and then we drew and painted clothes on it ... it always looked realistic, I was in the top five of the class and now when I see people walking around, I always know just what they all look like naked. Clothes are irrelevant to me although I wear them everywhere.
Facebook stopped all companies from having an effect on my life ... when Facebook opened to the public I tried to sign up for an account and was told my name was fake. They said that if I ever tried to create an account on Facebook then I would be prosecuted ... and then when I started reading the small print on several other social media companies I saw paragraphs in their terms and conditions pages that said you can't apply for an account if you have been banned by any other social media company so I have no social media accounts. Initially I was pissed off, but now ...
I am very happy and wish to express my contentment.
Making Backups is a good safety procedure but when Malware invades an institution and gets everywhere then it's a hell of a lot of work to eliminate it and clean absolutely everything before you can start restoring the backed up data. If you are a University then you are a huge collection of different data environments so maybe the data is "safe" but it's going to be months before you can restore everything ... and that's months of being unable to be a University so I understand their response, I don't think they had a choice.
Replace IBM with Nice Automatic Ship Again ...
These problems that we're seeing probably indicate that the design team built the ship as "working" but never verified that if wouldn't fail. That's pretty much a normal design environment these days but the NASA engineers are totally devoted to making their designs work for years.
It's useful to have a second NAS that can read the primary NAS contents and maintain copies of everything via rsync and configured so that it cannot be seen on the network. So if Ransomware invades the network you can just clean everything and restore the main NAS contents from your "invisible" backup which has maintained a complete private backup.
Python is a very adaptable environment so adding SAS support is an advantage in the University education and research worlds (icon). I wonder what will be the next language "addition" to Python, will it start to support Ada Lovelace and Charles Babbage's Analytical Engine? Will El Reg use it to create comments and allow me to add their Joke icon to this post too?
"Fire and brimstone coming down from the skies! Rivers and seas boiling! Forty years of darkness, earthquakes, volcanoes! The dead rising from the grave! Human sacrifice, dogs and cats living together... mass hysteria!" -- The Ghostbusters explain why not to buy or use any Microsoft products. (an ASR sig).
Hackers are busy looking at what everyone is installing today, if you are running an app written a couple of years ago that has been "replaced" by "updates" then so many users have moved to the new versions that the hackers are not busy tracing or hacking the old apps.
For example, how many Malware infections are there for Windows 3.0 or XP? Has WordStar ever been hacked?
I'm in Louisiana (home of the greatest music and food in the world) it's nice outside today, just a little cloudy with a pretty sun and blue sky, cool today, only 86F. But Hurricane season starts next month.
The internet cloud has always been easy to use, but now it's getting windy (locally we watch out for windy days with gust above 100mph) so effectively the internet is being sold as easy to use and the malware writers agree - El Reg, this story is good but not a surprise. We need to rework the internet and everyone's security if we are going to have a safe world again - this would be a big change ... see, locally we can make ourselves safe from hurricanes by moving to Minnesota ...
Essentially this ought to be a tax deductible donation that you can reclaim. You may think that you are only posting on social media to your friends, but all these companies are making billions from your "donations" and paying no taxes because technically you made a donation to the billionaires running all these companies.
So now "...a bill that aims to improve how the federal government tracks and prosecutes cybercrime..." but spam, QAnon, phishing, et al, are still seen as just naughty free speech. I support free speech but not free lies or what is effectively just cyberprofiteering attempts.
Yes, an attempt to stop cybercrime is a good start, but it's like putting just one shoe on each of your kids when the family goes for a run up a mountain.
For any country it's very profitable for local companies when you say "replace all foreign devices with locally made devices"
It's the same as the recent "upgrade" of cell phones to 5G ... now everyone needs to buy new phones so the main feature is not performance or safety, it's just an economic boost.
You have to think about the environment creating the cyberattacks.
It's not that different to our normal efficient programming environments - the most important thing for the cyber-warrior programmers is to create an attack that works and does the job. Once it's fully functional you start to add the cyber-attack environment, the next step is to make it look like it wasn't built and designed by a known source to keep the writers relatively safe. There has been quite a bit of evidence over the years that this is done by changing the language inside the attack module to try and false-flag another country or including some code from another attack, modified to work around the AV defenses.
Cyberattacks suck, but they are normal these days.
You need to be careful when you select the Ugly Extra Firmware Idiot startup...
I saw a local issue when a server administrator was told that the server needed to be rebooted and thought that he was using the UEFI - the reboot then reinstalled the RAID configuration on the two system disks ... but before he selected UEFI the system had been running one disk and using the other as the server backup.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
