* Posts by ElReg!comments!Pierre

2706 posts • joined 22 Jun 2009

Help! I'm trapped on Schrodinger's runaway train! Or am I..?


Inoui also means "unheard (of)" (with a strong hint of "unbelievable") and is running the "OUIGO" trains (which dosn't mean anything but you get the idea).

So that would be a silent "non" then.

Unlocking news: We decrypt those cryptic headlines about Scottish cops bypassing smartphone encryption


Re: Let me get this right

It all depends on how it's implemented. My assumption was that the use of dedicated "kiosks" is so that the kit can be properly locked down (and, hopefully, bolted down too). I don't think the plods want cases to be thrown out of court because of doubts about evidence massaging ...

The kiosks are probably read-only, with the devices sent to a proper lab with proper procedures if anything suspicious iis discovered. As for returning the "clean" devices to their owners, though, there is probably little hope.

Pomp and ceremony: When the US Secretary of State meets Oracle overlord Larry



Oracle (proven to exist beyond a reasonnable doubt)

Trump (proven to exist beyond a reasonnable doubt)

Amazon Not Paying Taxes (proven to be somewhat untrue, although they DO cheat a whole lot)

Assassination (proven to have happened beyond a reasonnable doubt)

There, fixed that for you.


If they have time

You might have put the subjects to be discussed in reverse order there...

Is it a make-up mirror? Is it a tiny frisbee? No, it's the bonkers Cyrcle Phone, with its TWO headphone jacks


Re: On the plus side...

Recently I went to a print shop to get a photo printed as a gift for an old lady. The snap had been shot by my wife on her smartphone (Ugh) so it was in 3:2 format (re-ugh). I took care to re-frame it properly and change it to the proper 4:3 format for photographs, only to have the millenial shopkeeper tell me that she'd have to crop it as it was not in a standard format.

Now what if I had come with a round pic !

Linky revisited: How the evil French smart meter escaped Hell to taunt me


Re: Le Diable

They have a built-in circuit breaker set (remotely) to the value you pay for ; this breaker is quite a bit more sensitive to peak consumption than electromechanical ones, and they do trip, IRL, way before the main breaker downstream does.

As it's distantly adjustable, all it takes to restore power stability is a quick call to your provider -and of course a quick increase in your monthly bill.


Re: Le Diable

No, as far as they are concerned, the electricity companies are actively SELLING customer energy usage records to the DEVIL HIMSELF.

The meters do change the way power consumption is calculated, so if you were close to the upper limit of your power rating, chances are that the new meter will cut pretty often, forcing you to upgrade your contract. That is quite evil if you ask me !

Yahoo! customers! wake! up! to! borked! email! (Yes! people! still! actually! use! it!)


Re: Guilty Secret

I do have 3 accounts with them, although 2 are mostly spam traps.

Yahoo is much less of a pain in the arse about smtp / imap or geoloc than Google is.

Bus pass or bus ass? Hackers peeved about public transport claim to have reverse engineered ticket app for free rides


Pretty much like a real ticket; for single fare*, activation performed by external hardware containing the private key. Of course there's an associated cost, however small, so First had to try and dispense with the hardware.

*for anything else, there's no real issue - besides the pervasive tracking of users, which companies insist is for our own good - because daily / monthly etc can be controlled by other means, for example a calendar.

Welsh police use of facial recog tech – it's so 'lawful', rules High Court


Re: Would I be right....

Already illegal in France during protests, and I do mean full-on, criminal charges involved, illegal, not bylaw-prohibited as for petrol stations and the like.

Overstock dot-gone: Surplus biz CEO now surplus to requirements, ejects after Russian spy fling, deep state rant


"The head of the world's most powerful country just cancelled an important diplomatic trip"

I call bullshit. Xi Jinping would certainly not do such a thing. Or were you thinking about Putin? Doesn't sound like something he'd do either. Oh, Trump? So, that'd be "the head of one of the world's 20 most powerful countries, on some metrics", then.

Ransomware attackers have gone from 'spray and pray' to 'slayin' prey'


And don't get me started on the public sector. I've seen hospitals, Unis and research institutes that are still mostly on Vista, with some XP boxen !


There is also a lot more legacy apps on corporate machines. iexplorer springs to mind... and of course large corps often have a very slow update cycle. Two of our very large clients (top-500 companies) are on Windows7.

BOFH: Oh, go on, let's flush all that legacy tech down the toilet


Re: ShitSecurity

A previous update to our password policy automatically expired passwords every month, directing you to create a new password. It was so secure that users weren't given the rights to generate their own password, so for about a month the whole company had the same password, Beach234, helpfully set up by the helpdesk one support call at a time.

Fed-up graphic design outfit dangles cash to anyone who can free infosec of hoodie pics


Re: Pitching their contest at Infosec bods

Actually it's pitched at coloured-pencils types, with the winners provided with guidance from infosec bods. How they intend to source those is unclear, perhaps dangling a bacon sarnie at a white hat con ?

France seeks science-fiction writers to help futureproof its military against science-fact


Well fr. gov has strongly denied the move in somewhat overly-precise terms "we can assure that science-fiction stories are not going to influence defense policies", or someting to that effect.

So we can safely assume that they already have prospects, or even signed contracts.

AI solves Rubik's Cube in 1.2 seconds (that's three times slower than a non-AI algorithm)


"AI solves Rubik's Cube in 1.2 seconds"

No it doesn't, for lack of opposable thumbs.

Blah blah Blaha: Slovak infosec firm ESET sues politico who called them 'outrageous fascists'


Re: Scenery?

Agreed, going from "accused of conspiring to keep vulns undisclosed" to "working with the CIA" is a bit of a stretch, but I think most people can understand the link (if not agree with the reasonning). Compared to "just ban them chinks or else" from Carrot Top, it is even rather soft.

Also, little known fact*: Slovenia and Slovakia are actually different countries, and while I'm not a rabid political correctness knight (quite the opposite in fact), what was your "mail order bride" comment supposed to bring to the discussion?

*OK, not really

Train maker's coder goes loco, choo-choo-chooses to flee to China with top-secret code – allegedly


Re: Keeping track

However, there's the need for that data to be passed from the freight co to one of the infra controllers (DB Netze, ProRail, InfraBel etc.) and from them to the next, in a standard format, as well as to regional and municipal authorities

Currently, I work on the team that develop precisely that for one of the top 10 logistics company in the world, and while it's sometimes non-trivial, it's certaily not rocket science. Also, every company -and almost every route within that company- has its own very specific needs, so stealing info about how company A does it would be of little to no use for company B. At most you could get some business advantage if you could point the competion's weaknesses to the client, but in the present case neither the goods nor the geographical reach of the companies overlap, so stealing "software blueprints" would bring exactly fuck all benefit to the chinese company.

Probably a "serial hoarder" who happened to be fired on completely unrelated grounds and who happened to find a new job, because that's what laid-off staff tend to do.


No mean feat but no rocket science either

I should know, that's my job these days

Firm fat-fingered G Suite and deleted its data, so it escalated its support ticket to a lawsuit


Re: Conflicted who and what to bash

if they took weeks to inform a paying customer their data was deleted

Well they didn't. The customer terminated the account, and thus became a non-customer. While Google gives you a grace period when you accidentally delete a document, they may not extend the courtesy to the accidental deletion of a paying account.

Bonkers British MPs rant: 5G signals cause cancer


Re: Dihydrogen monoxide

Fake news, as is explained on this site.

There's Huawei too many vulns in Chinese giant's firmware: Bug hunters slam pisspoor code


Not an investigation

A bit of PR from Trump's cronies.

Vulns discovered in 14 years old code (that perhaps noone uses anymore) ? No shit, Sherlock

You're not Boeing to believe this, but... Another deadly 737 Max control bug found


"The safety of our airplanes is Boeing’s highest priority,"

As we all know, this is the standard way to say "we couldn't possibly care less, but we can't say that out loud, can we".

BGP super-blunder: How Verizon today sparked a 'cascading catastrophic failure' that knackered Cloudflare, Amazon, etc


Oh, that would be why one of our customers had trouble accessing their IBM Cloud VMs and kept bugging us !

Out of Steam? Wine draining away? Ubuntu's 64-bit-only x86 decision is causing migraines


Re: Interesting

If Ubuntu drops this support, does that mean that Mint Linux and Debian are also affected?

There is no reason why a downstream decision would affect the upstream distro. Debian is notorious for its tendency to keep backward compat for as long as possible in order to bring maximum stability (recent decision about init systems notwithstanding).

Cisco cleans up critical flaws, Florida city forks out $600k to ransomware scumbags, and more from infosec land



not Desjardens

Good old British 'fair play' is the answer to vexed Huawei question, claims security minister


It makes sense for the keynote not to be covered by the Rule, designed to keep the discussion open.

A $4bn biz without a live product just broke the record for the amount paid for a domain name. WTF is going on?


billion-dollar business that comprises of nothing but others' confidence that it is worth something.

To be honest that is an accurate description of the whole stock exchange system.

Sad SACK: Linux PCs, servers, gadgets may be crashed by 'Ping of Death' network packets


Re: So, not great, not terrible

As for me I'm moving to Kolibri. Much cleaner than all this text file nonsense : all you need to tweak the OS is a bit of assembly coding.

Greatest threat facing IT? Not the latest tech giant cockwomblery – it's just tired engineers


In a previous life it was more like 80 hrs for each working for 12 years straight (and barely any vacation at all). I've taken more days off in 2018 than in the previous 6 years combined ! Yay for carreer changes.

Captec saps tech from Aleutia to put its tiny PCs back to work


I'm glad I never heard of them, I'd certainly bought a couple for roles that I now devoted to Raspis with great success.

Nice little machines for sure.

That magical super material Apple hopes will hit backspace on its keyboard woes? Nylon



That's not new and not limited to Apple. Pro now means "top tier personal". Good examples include MSWindows (Pro for consumers, Buisness for professional use) or indeed the PS4 Pro.

Let's make laptops from radium. How's that for planned obsolescence?


Well, they DO make degradable carrier bags

The buggers are a PITA, too, if you are in the habit of reusing your shopping bags as garbage bags.

Here's what Autonomy told its salesmen they were allowed to do


Re: It begins with H and ends with E and is 8 letters long:

habitude, hackable, hackette, hairlike, hairline, hairwove, halazone, halflife, halfpace, halfpipe, halftime, halftone, halicore, halidome, halimote, hamulate, hamulose, handlike, handmade, handsome, hangable, hangfire, harambee, harangue, hardbake, hardcase, hardedge, hardface, hardline, hardnose, hardwire, harelike, harplike, hateable, hawklike, hawknose, headache, headcase, headgate, headline, headnote, headrace, headrope, healable, healsome, hearable, heatable, heatwave, hebetate, hebetude, hebraize, hegumene, hellfire, hellhole, hellkite, helotage, helpable, helpline, helpmate, hematine, hematite, hemipode, hemocyte, hemolyze, hemplike, henhouse, hepatise, hepatite, hepatize, herblike, herdlike, heritage, herniate, herolike, hesitate, hetaerae, hexamine, hexylene, hiccatee, highlife, highrise, hillside, hireable, hittable, hivelike, holdable, holesome, holocene, holotype, holydame, holytide, homelike, homemade, homepage, homesite, homicide, hominine, hominize, homodyne, homotype, homuncle, honeybee, hoodlike, hooflike, hooklike, hooknose, hooplike, hornlike, hornpipe, horologe, horrible, hoselike, hosepipe, hothouse, hotplate, huarache, huggable, huisache, humanise, humanize, hummable, huntable, hurtable, husklike, hylobate, hymnlike, hyoscine, hyperope, hypnotee, hypobole, hypogene.

Found it !

The curious case of Spamhaus, a port scanning scandal, and an apparent U-turn


PS: Re: For the love of..

By any chance do you still have the reject message from that? That would be very interesting to see.

No, I don't. I tend not not collect trash for the fun of it. I have no doubt that you would be very interested in a free audit of your broken model. I -and many here, I suspect- can provide test cases, logs and stats from a variety of systems both senders and receivers. At a price.

Anyway, as anyone even vaguely familiar with the matter might tell you, the "reject message" would be of no interest at all since it's configured by the receiver. Unless you're trying to pinpoint which of your clients let slip that you are the cause of an abusive block, with potentially disastrous consequences. I understand that it would be damaging for your extortion-based business model. In my case the message was something about my IP being listed in some SpamHaus blocklist. It wasn't even in any of the many, many, many languages easily understood by "worldwide" SH operatives, like US English, US Ingrish or US English_Indian -optionnally US English_Boston_Litterary, US English_Southern_States or US English_Midwest but these may carry a surcharge. (none of them a problem for me, but still a concern).


Re: For the love of..

They must have been sitting there waiting for you

The great thing about over-automation is that noone has to be sitting there at all. The automated system sees a direct-to-mx from a yahoo account to one of their customers, blam, IP blocked.

The main metric used by SpamHaus and their ilk to market their lists is the percentage of blocked inbound mails. A blocklists that blocks 86 % of inbound mails is marketted as better than a one blocking "only" 85 % of inbound mails, regardless of false positives. False negatives are visible to the client (the receiver, who pays SH) so they MUST not have them, but false positives are only visible by the sender, who may not be a client and may not have an alternative way of contacting the receiver to report abusive blocks by SH, so who cares ? I actually suspect that SpamHaus clients are automatically added to a do-not-block list, too, even if they deny maintaining such a list.


Re: For the love of..

If Spamhaus lists something(*) there's invariably a bloody good reason for it

Absolutely. In the case of my individual home IP addy, the reason is that I sent one email from a yahoo-hosted account to a fellow of mine who works at the local hospital ("protected" by SpamHaus) to refer a patient.

There is a reason. It's just absolutely idotic.

Spamhaus are worst than Equifax, because the methods are the same but their reach is far wider and they are more moronically entrenched in their sense of self-righteousness.

Google rolls out Android Easter Egg for Europe – a Microsoft antitrust-style browser, search engine choice box


Actually I had switched away from Chrome / Google, but I ran out of space at some point, and you can't uninstall Google or Chrome, so the alt had to go... and np*, I'm not terribly happy with that. But I don't do much browsing on my phone anyway.

How'd your servers get that baby-smooth look? Dutch and Brit cool kids dunk Supermicro systems in synthetic oil


Re: So they've fixed the problems then?

poor circulation/localised cooling

That's why you should use diesel as the coolant.


Aussie engineer accuses 'serial farter' supervisor of bullying, seeks $1.8m redress


Re: Farts are Omnidirectional


"Oh, Majesty, you shouldn't have said a thing. I thought it was the horse."

Linux 5.0 is out except it's really 4.21 because Linus 'ran out of fingers and toes' to count on


Re: Backward Compatibility

Thou Shall Not Break Userland is one of the few strictly-enforced rules un Linux kernel dev circles, and the origin of much of the famed rants by Linus.

WannaCry-hero Hutchins' trial date set, Microsoft readies Google's Spectre V2 fix for Windows 10, Coinhive axed, and more


DNSSEC push renewed

Yeah, we saw this one... one of our subsidiaries raised an P1 incident with us -during the WE- over it just to check that we weren't at risk. Of course we rolled out DNSSEC months ago. Hell Oh Hell, as they say. Had to shoot this one down.

Ready for another fright? Spectre flaws in today's computer chips can be exploited to hide, run stealthy malware


Too many cores

This happens because we have idle cores sitting around doing nothing. If we made faster cores instead of just throwing more of them at workloads that can't use them, we wouldn't need speculative executions and thus, no spectre. I wonder if IBM would <ant to revive the Power phylosophy.

WWW = Woeful, er, winternet wendering? CERN browser rebuilt after 30 years barely recognizes modern web


Re: Sigh. Those were the days.

I would like to reserve a special place in Hell for whoever thought it was a good idea to incorporate web elements into email.

I don't know what you're talking about. I will classify this snippet as "nonsense", that's what I do with the various claims I receive stating that the newest info was in blinking red bold MSComicSans as opposed to the superceded info which was in blue strikedthrough boring old Arial, and how can I not have seen the difference?

Email is for text. Information is most efficiently conveyed through articulate sentences.


Alas, more and more websites just don't work on it at all.

My policy for these is pretty much the same as it has been for decades regarding "your bowser doesn't support this website, please switch to [browser]" websites. In 2 words, rhyming with Duck Goo.

When a contact info is available, I also fire off an email to the webmaster to the same effect - phrased in more polite terms.


Re: Not by hand

themes and styles in MS Word.

The features that are consistently inconsistent in large structured documents, almost impossible to re-use between documents of differing sizes and structures ? I've heard of those, used them even. I now stay way clear off them.

If I want kerning and ligatures I will use Lyx

LyX is a front-end to LaTeX, which pretty much negates your whole argument.

No yoke: 'Bored' Aussie test pilot passes time in the cockpit by drawing massive knobs in the air


In the people I personnally know, "penis drawers" are roughly equally distributed between all genders. Mostly because the shapes involved are simple, distinctive, easily drawn with only connected lines, and the conveyed sillyness is immediately perceived by the viewer.

Note that the "symbol" is almost always drawn erect and "upwards", because sideways it woud be an antique gun on wheels, °I° is just a face, and a shrivelled penis is as difficult to render as a vulva - i.e. too much effort. The female equivalent would be (.Y.) , which is again used equally by all genders but VERY difficult to render with connected lines.

Don't assume gender bias until you have ruled out gratuitous silliness and laziness.


Biting the hand that feeds IT © 1998–2021