* Posts by ElReg!comments!Pierre

2711 publicly visible posts • joined 22 Jun 2009

FabricScape: Microsoft warns of vuln in Service Fabric


Re: What?

"Such that you can delegate rights granularly and SUDO doesn't need root privileges."

Can you elaborate on that ? because that's someting *Nix has been doing for a few decades now, and that MS just figured they might try to emulate, like, last year or so. And they spectacularly failed.


Re: What?

"That's why users don't get execute privileges.

There's a reason 666 is the number of the beast"

666 is the number of the beast because it gives me the privilege to execute users who demand it. Or did I get that wrong all that time ?


Re: What?

My thought exactly. It's a Linux issue because Windows doesn't allow you to do much so you can't exploit this Microsoft bug from Windows...

- Embrace : Check, Linux on Azure

- Extend : not an issue in a Cloud, it's more like "Empower" there (still an "E" so in-spec)

- Extinguish : Let's artificially create security bugs on our platform that are only exploitable from the competition's guest, then claim it's the guest's fault.

BOFH: It's Friday, it's time to RTFM


Re: Intelligence?

In Unix systems of old there was an app for that : "wtf". On some *nix systems it is still installed by default although it tends to be more like a personnal dic than a shared one. Shared definitions these days seem to be "shared" on platforms such as Sharepoint because they have the uncontestable advantage of not being searchable in any meaningful way which allows every branch (and in many cases, every team) in the same organisation to have different definition for the same term / acronym. Sometimes several per team. We live in a wonderful world.

Salesperson's tech dream delivered by ill-equipped consultant who charged for the inevitable fix


Re: Not his fault surely

Well, the articles does state that the processing engine did not remove invalid mails aftr bouncing them, and thus re-processed old emails each time it ran, whic seems like a pretty major design flaw to me

Old-school editor Vim hits version 9 with faster scripting language


Re: Others preferred

"Personally, I prefer Geany or Scite, which resemble word processors rather than traditional programmers' editors."

I do use vim as my editor of choice on my desktop machines but I am open to discussion on that matter. The thing I like most about vim is being able to ssh to a remote server and get directory parsing, coloured syntax, advanced search, scripting, the whole lot. It helps tons when debugging undocumented legacy software. Try running Geany over ssh and tell me how it went ;)



I'll be leavig now

The Raspberry Pi Pico goes wireless with the $6 W


Hear that distant rumbling getting closer and closer ?

That would be the Risc-V tidal wave. While this gadget sounds nice, in that segment for any new project Risc-V would be my primary target, because future.

Back-to-office mandates won't work, says Salesforce's Benioff


Re: Happy to return to work if....

My presence seems to have a soothing effect in that kind of situations. Perhaps due to my natural ability to interrupt the shouting match with a well-placed "OK, we've heard everyone's problems, what do we do to reach a solution ?". Silence usually ensues, which is my time to shine because at that point I usually have a few technical options I can tout :D .


Re: Happy to return to work if....

Unfortunately Teams has this useful "invite a participant" which means you start a friendly chat with one person and before you know it there are 25 angry manglement people involved. Who are rightfully angry to be forcibly pulled in a technical chat on a subject they don't know anything about, and who will then escalate to top management just to make the thing disappear. You can't pull that trick around the coffee machine.


Re: Happy to return to work if....

I'm happy you raised the "Escort" argument. I am an ESB developper / tech lead for a pretty large financial institution (Top management speil is that we are either first or second, worldwide, in our domain). I identify as a Dev, not a coder. I can code, but that's only part of my work (almost secondary, as it happens). My work consists largely in architecture definition etc. In generic Teams meetings With 18+ people (Top management, clients, Financial managers, the whole lot) I can't raise tech issues without looking like a Grouch because all these people only think in terms of share value and there is an overwhelming auto-reinforcement bias towards the "Google does it, we want the same. Now" train of thought.

When I meet the same people around the coffee machine, ideas seem to flow much more naturally.

Am I an Escort ?


Re: Happy to return to work if....

I am happy I can WFH 3 days a week. OTH I wouldn't take a full WFH position. I do think that in-person informal discussions are necessary for a smooth workflow, especially when managerial arbitrations are involved.

EU lawmakers vote to ban sales of combustion engine cars from 2035


Re: Useful for city dwellers, I guess...

When I was a student, a few decades ago, I was able to buy an old car to carry me occasionnaly from / to "home" (aka the old folks). It cost me the equivalent of 150 € (200 USD, 100 pounds). In today's money that would be about 5 times that, but still I had to team up with my sister to gather the funds. The vehicle was able to cover the 450+ kilometers (one way) on a single tank. Its dry weight was about 450 kg. It had very litterally zero electronics, I routinely fixed it with a basic set of tools (think of the set of tools available to a student 30 years ago). It was over 15 years old and over 250 000 km when I got it, we brought it well over 350 000 km and was over 25 years old when mutual relocation forced us to part with it and in the meantime it cost us exactly zilch to maintain. I was doing the maintenance. It was still running according to spec when we were forced to part with it.

Newsflash : a lot of students and low-pay workers are in the same situation as I was in 1998, if not worse.

Now name an EV that is even remotely close to that kind of affordability / durability. EVs are OK for rich people who don't really need a car, but that's pretty much it.

Of course now that I am considerably better off, I understand your argument, but the 1998 me seriously winces and thinks "this guy has clearly much more money than sense"

IBM's self-sailing Mayflower suffers another fault in Atlantic crossing bid


Re: Electrical problems

Perhaps IBM should just buy the tech from China and call it a day. Ah, no can do ?

On a more serious note this is exactly the kind of problems that were entirely predictable, and that arise from a "solution" looking for a problem.

Surface ships are notoriosly hard to keep running unnattended, and even though most shipping companies now run ships that are almost entirely autonomous, a minimal crew is always included.

But there is little (if any) need for a reseach vessel to be a surface ship : underwater siblings are faring pretty well, thank you, as are airborne ones.

In addition to that, the project suffers from what I will happily name "the Elon syndrome", after Tesla's famous attemps at autopilot : why would you try to emulate a human operator when more efficient technical solutions are widely available and well tested ? Surely cameras and image recognition should be at the very most a last-resort help rather than in the core design? A bit like how human crews have been in most commercial carriers for quite a while now ?

BOFH: Where do you think you are going with that toner cartridge?


Well the BOFH himself is not impervious ...

... to the clever machinations of printer-attached leeches :


World’s smallest remote-controlled robots are smaller than a flea



"Rogers called the crab-like feature of the design “a creative whim.”"

Either a lie or a lucky "whim". For these kinds of application, Evolution seems to agree with this design decision. And of course XKCD has a take on it

: https://xkcd.com/2314/

IBM looked to reinvigorate its 'dated maternal workforce'


Of Yoof and (Wo)Men

Speaking as someone who's been in in this game for quite some time now, and who actually runs a MVS emulator on my own hardware (open to the world, too, for the education of the masses), I must say that IBM is trying very hard to become a subsidiary of Red Hat, instead of the contrary. The typical out-of-school software engineer knows Angular, Springboot, basic Java if you're lucky.Perhaps some Python for the most adventurous but only the flashy "AI" frameworks. Big Iron (or real programming for that matter -gerrof mah lawn yodan ngood kids-) is kinda out of fashion, and for a reason (note that I didnt write "for a GOOD reason").

As I see it, Windows13 will run on IBM mainframes in no time at all, and THAT will be either the end or the rebirth of International Business Machines. DOOM !

OpenSearch, the AWS-sponsored Elasticsearch fork, reaches 1.0 milestone


Re: But what does it actually do?

According to the coloured crayon blurb Elasticsearch and Kibana are "the Google of business monitoring". They work quite well, too. Except when they don't. Cheers !


Well, Elasticsearch and Kibana are not exactly stellar when it comes to stability

So an alternative would be at least a testable option in my opinion.

South Korean uni installs lavatory that pays out when you spend a penny


Septic tank

So it's basically a septic tank with a tracking API on top. Manure and methane are not exactly scarce resources, especially in densely-populated areas, but what happens with the water ?

Help! I'm trapped on Schrodinger's runaway train! Or am I..?


Inoui also means "unheard (of)" (with a strong hint of "unbelievable") and is running the "OUIGO" trains (which dosn't mean anything but you get the idea).

So that would be a silent "non" then.

Unlocking news: We decrypt those cryptic headlines about Scottish cops bypassing smartphone encryption


Re: Let me get this right

It all depends on how it's implemented. My assumption was that the use of dedicated "kiosks" is so that the kit can be properly locked down (and, hopefully, bolted down too). I don't think the plods want cases to be thrown out of court because of doubts about evidence massaging ...

The kiosks are probably read-only, with the devices sent to a proper lab with proper procedures if anything suspicious iis discovered. As for returning the "clean" devices to their owners, though, there is probably little hope.

Pomp and ceremony: When the US Secretary of State meets Oracle overlord Larry



Oracle (proven to exist beyond a reasonnable doubt)

Trump (proven to exist beyond a reasonnable doubt)

Amazon Not Paying Taxes (proven to be somewhat untrue, although they DO cheat a whole lot)

Assassination (proven to have happened beyond a reasonnable doubt)

There, fixed that for you.


If they have time

You might have put the subjects to be discussed in reverse order there...

Is it a make-up mirror? Is it a tiny frisbee? No, it's the bonkers Cyrcle Phone, with its TWO headphone jacks


Re: On the plus side...

Recently I went to a print shop to get a photo printed as a gift for an old lady. The snap had been shot by my wife on her smartphone (Ugh) so it was in 3:2 format (re-ugh). I took care to re-frame it properly and change it to the proper 4:3 format for photographs, only to have the millenial shopkeeper tell me that she'd have to crop it as it was not in a standard format.

Now what if I had come with a round pic !

Linky revisited: How the evil French smart meter escaped Hell to taunt me


Re: Le Diable

They have a built-in circuit breaker set (remotely) to the value you pay for ; this breaker is quite a bit more sensitive to peak consumption than electromechanical ones, and they do trip, IRL, way before the main breaker downstream does.

As it's distantly adjustable, all it takes to restore power stability is a quick call to your provider -and of course a quick increase in your monthly bill.


Re: Le Diable

No, as far as they are concerned, the electricity companies are actively SELLING customer energy usage records to the DEVIL HIMSELF.

The meters do change the way power consumption is calculated, so if you were close to the upper limit of your power rating, chances are that the new meter will cut pretty often, forcing you to upgrade your contract. That is quite evil if you ask me !

Yahoo! customers! wake! up! to! borked! email! (Yes! people! still! actually! use! it!)


Re: Guilty Secret

I do have 3 accounts with them, although 2 are mostly spam traps.

Yahoo is much less of a pain in the arse about smtp / imap or geoloc than Google is.

Bus pass or bus ass? Hackers peeved about public transport claim to have reverse engineered ticket app for free rides


Pretty much like a real ticket; for single fare*, activation performed by external hardware containing the private key. Of course there's an associated cost, however small, so First had to try and dispense with the hardware.

*for anything else, there's no real issue - besides the pervasive tracking of users, which companies insist is for our own good - because daily / monthly etc can be controlled by other means, for example a calendar.

Welsh police use of facial recog tech – it's so 'lawful', rules High Court


Re: Would I be right....

Already illegal in France during protests, and I do mean full-on, criminal charges involved, illegal, not bylaw-prohibited as for petrol stations and the like.

Overstock dot-gone: Surplus biz CEO now surplus to requirements, ejects after Russian spy fling, deep state rant


"The head of the world's most powerful country just cancelled an important diplomatic trip"

I call bullshit. Xi Jinping would certainly not do such a thing. Or were you thinking about Putin? Doesn't sound like something he'd do either. Oh, Trump? So, that'd be "the head of one of the world's 20 most powerful countries, on some metrics", then.

Ransomware attackers have gone from 'spray and pray' to 'slayin' prey'


And don't get me started on the public sector. I've seen hospitals, Unis and research institutes that are still mostly on Vista, with some XP boxen !


There is also a lot more legacy apps on corporate machines. iexplorer springs to mind... and of course large corps often have a very slow update cycle. Two of our very large clients (top-500 companies) are on Windows7.

BOFH: Oh, go on, let's flush all that legacy tech down the toilet


Re: ShitSecurity

A previous update to our password policy automatically expired passwords every month, directing you to create a new password. It was so secure that users weren't given the rights to generate their own password, so for about a month the whole company had the same password, Beach234, helpfully set up by the helpdesk one support call at a time.

Fed-up graphic design outfit dangles cash to anyone who can free infosec of hoodie pics


Re: Pitching their contest at Infosec bods

Actually it's pitched at coloured-pencils types, with the winners provided with guidance from infosec bods. How they intend to source those is unclear, perhaps dangling a bacon sarnie at a white hat con ?

France seeks science-fiction writers to help futureproof its military against science-fact


Well fr. gov has strongly denied the move in somewhat overly-precise terms "we can assure that science-fiction stories are not going to influence defense policies", or someting to that effect.

So we can safely assume that they already have prospects, or even signed contracts.

AI solves Rubik's Cube in 1.2 seconds (that's three times slower than a non-AI algorithm)


"AI solves Rubik's Cube in 1.2 seconds"

No it doesn't, for lack of opposable thumbs.

Blah blah Blaha: Slovak infosec firm ESET sues politico who called them 'outrageous fascists'


Re: Scenery?

Agreed, going from "accused of conspiring to keep vulns undisclosed" to "working with the CIA" is a bit of a stretch, but I think most people can understand the link (if not agree with the reasonning). Compared to "just ban them chinks or else" from Carrot Top, it is even rather soft.

Also, little known fact*: Slovenia and Slovakia are actually different countries, and while I'm not a rabid political correctness knight (quite the opposite in fact), what was your "mail order bride" comment supposed to bring to the discussion?

*OK, not really

Train maker's coder goes loco, choo-choo-chooses to flee to China with top-secret code – allegedly


Re: Keeping track

However, there's the need for that data to be passed from the freight co to one of the infra controllers (DB Netze, ProRail, InfraBel etc.) and from them to the next, in a standard format, as well as to regional and municipal authorities

Currently, I work on the team that develop precisely that for one of the top 10 logistics company in the world, and while it's sometimes non-trivial, it's certaily not rocket science. Also, every company -and almost every route within that company- has its own very specific needs, so stealing info about how company A does it would be of little to no use for company B. At most you could get some business advantage if you could point the competion's weaknesses to the client, but in the present case neither the goods nor the geographical reach of the companies overlap, so stealing "software blueprints" would bring exactly fuck all benefit to the chinese company.

Probably a "serial hoarder" who happened to be fired on completely unrelated grounds and who happened to find a new job, because that's what laid-off staff tend to do.


No mean feat but no rocket science either

I should know, that's my job these days

Firm fat-fingered G Suite and deleted its data, so it escalated its support ticket to a lawsuit


Re: Conflicted who and what to bash

if they took weeks to inform a paying customer their data was deleted

Well they didn't. The customer terminated the account, and thus became a non-customer. While Google gives you a grace period when you accidentally delete a document, they may not extend the courtesy to the accidental deletion of a paying account.

Bonkers British MPs rant: 5G signals cause cancer


Re: Dihydrogen monoxide

Fake news, as is explained on this site.

There's Huawei too many vulns in Chinese giant's firmware: Bug hunters slam pisspoor code


Not an investigation

A bit of PR from Trump's cronies.

Vulns discovered in 14 years old code (that perhaps noone uses anymore) ? No shit, Sherlock

You're not Boeing to believe this, but... Another deadly 737 Max control bug found


"The safety of our airplanes is Boeing’s highest priority,"

As we all know, this is the standard way to say "we couldn't possibly care less, but we can't say that out loud, can we".

BGP super-blunder: How Verizon today sparked a 'cascading catastrophic failure' that knackered Cloudflare, Amazon, etc


Oh, that would be why one of our customers had trouble accessing their IBM Cloud VMs and kept bugging us !

Out of Steam? Wine draining away? Ubuntu's 64-bit-only x86 decision is causing migraines


Re: Interesting

If Ubuntu drops this support, does that mean that Mint Linux and Debian are also affected?

There is no reason why a downstream decision would affect the upstream distro. Debian is notorious for its tendency to keep backward compat for as long as possible in order to bring maximum stability (recent decision about init systems notwithstanding).

Cisco cleans up critical flaws, Florida city forks out $600k to ransomware scumbags, and more from infosec land



not Desjardens

Good old British 'fair play' is the answer to vexed Huawei question, claims security minister


It makes sense for the keynote not to be covered by the Rule, designed to keep the discussion open.