Posts by TrevorH

It's that Russian Troll farm liking posts most likely to lead to the demise of democracy...

After Kaseya it appears that REvil got out of the ransomware business. If the recent attacks on VoIP infrastructure are to be believed they've moved into plain extortion instead - "Send us 10 BTC or we will DDoS your business to death".

fleenode

> Savvy users often clean the surface with some high-strength isopropyl alcohol to remove debris and ensure peak effectiveness.

Here's a warning for those of you who have a bottle of 99.x% pure isopropyl alcohol. If it's over about 5 years old, get rid of it. I speak from experience, very bad experience :-( I had a bottle of it that fell into my pocket at a $dayjob nearly 40 years ago and I just finished it up and found the bottle rattled. Tipped it out into a pyrex glass ashtray and it was a small crystal, probably no more than 4x4x1mm, poked it with a metal stick and BOOM! Loudest single noise I have ever heard. My hearing cut out about 1/10th of the way through the B in BOOM! and and was followed by a ringing so loud I tried to cover my ears with my hands, I can only hear about 80% of what I could before. Shattered the glass ashtray into several large pieces and left a pile of powdered glass on the table. Left me completely deaf for at least 4 hours and recovered only gradually and is almost certainly never coming back. Went to A&E and they tell me my eardrums are still in one piece though I'm not sure I believe them.

Apparently isopropyl alcohol forms peroxides over time and these are extremely unstable.

Wouldn't a genuine email say "from the Federal Bureau of Investigation" not just "from Federal Bureau of Investigation"?

Having been a white hat hacker, I think I find being called "offensive" more offensive than any negative correlation of the existing name. Besides an "offensive security researcher" sounds more like someone trying to do damage than not. Perhaps a "defensive security researcher" would be better.

Also, from what I remember the terms white hat and black hat don't have racial origins at all, they come from the old Hollywood westerns where the good guys wore white hats and the bad guys wore black hats. Both sides were almost always white men.

'scuse me?

Fedora is aiming to make the Flatpak format the "primary packaging format that Fedora users consume their applications in,..."

Aren't huddle spaces what were in use on Jan 6th in the Capitol?

> "the CentOS Board signed on to it."

In the same way that a hijacked plane pilot signs on to going to Cuba...

"Changes focus". What weasel words. Red Hat pulled the plug on the project despite all their promises in 2014 about not interfering with the project and it being a safe home for it.

There has been read/write support for NTFS in linux for years. It's a FUSE based filesystem sure but it works.

Microsoft Teens...

I thought it was already decided that it would be renamed Microsoft Teens...

I've not used the 8.3 beta installer but it looks like they just moved the user creation bit into the stuff that has to be filled in before the install can start. If it's like it was before this change, when you got to fill it in at your leisure while the install was running, then setting the root password is mandatory but the user creation is optional. If you look at the text it does actually say "No user will be created".

Plus mortality rate at present is being estimated assuming that we have a functional health care system. If 20% of the population go down with this at once and 4% of those fall into the "critical" category then we're talking about more than 500,000 people in the UK needing ICU treatment at any one time. That still leaves the 15% with "severe" symptoms to fend for themselves at home. Better hope that you're one of the 81% with only "mild" (whatever those are!) symptoms.

10% per year for 8 years means that they "only" double the price (plus a bit more).

Pretty sure that Amazon & Google have a vested interest in this sort of thing.

Alexa, find me a patent troll

"with just 6GB of RAM and 128GB"

That's 384 times as much RAM and 650 times as much storage as the first mainframe computer that I worked on and that ran the entire UK network for a very large insurance company.

> to make the content of the communication available to someone who is neither sender nor recipient"

Under that clause, is it not the responsibility of the NHS trust in question since it is them that are making the content of the communication system available by broadcasting it in plain text in the first place?

How can they have a patent dated 2018 about this. Surely there is prior art and history showing it's already been done.

Have they fixed their crappy "superhub v3" so that it actually works yet? The one with the dodgy Intel chipset.

Shouldn't it be that the outbreak is magically stopped by a malware author turned security researcher...

Fixed in kernel-3.10.0-862.14.4.el7

From the extrapolated drawing seen in "b", it's perfectly obvious that this is actually the stone that used to sit in the original estate agent's window and is advertising a teepee for sale. One careful owner, all mod cons including a central fireplace...

The bug is already identified and a fix has been provided (unofficially) for CentOS. The CentOS bug report for this is https://bugs.centos.org//view.php?id=15193 and the fixed version is on https://buildlogs.centos.org/c7.1804.u.x86_64/kernel/20180820114938/3.10.0-862.11.6.el7.bug15193.x86_64/ and the fix has also been incorporated into the latest CentOS plus kernel kernel-plus-3.10.0-862.11.6.el7.centos.plus.1.x86_64.rpm

So.... interviews at the start of October, by the time they've interviewed the candidates and made their decision and had an offer accepted it'll be at least the end of October. Wait 3 months for them to resign and be released from their current job and they'd be starting around Feb 2019 and this all has to be up and running by March. So start in Feb, fired in March. Good job!

Why the fsck has this person not been in place since June 24th 2016?

> Most enterprise-grade Linux distributions do not yet use kernel 4.9 or above so aren't immediately affected.

Unfortunately not true. Redhat have a page https://access.redhat.com/articles/3553061 that says that RHEL6 and 7 and even 5 (which is quite dead) are all affected by this bug.

I've had two of these mails in the last 3 days and both told me that my password was 'changeme' which, to the best my knowledge, is not one I've ever used anywhere for anything. I vaguely recall it used to be the default password for some java key store as delivered from Sun/Oracle but it's certainly not one I'd choose to use (much too complicated, mine are all 'password', honest). They can send me as many as they want but since I already know I've never been anywhere near an adult site and most likely never will, I'm not likely to be paying anyone anything.

> So EU, find the cash, somehow, give it to Atos

Hahahahaha.

(An ex-ATOS employee)

Who'd keep half a million squid in a paypal account. I get worred if I have a fiver in mine!

> Linux tip: Avoid Nvidia graphics cards if possible

Really? That may have been true about 10 years ago but these days they pretty much just work. Besides, the main alternative would be AMD and theirs are far far worse.

Or perhaps the news release has to do with the leaks... https://www.anandtech.com/show/12387/skylaked-creeps-out-on-intels-price-list

Code review?

Someone did a code review and discovered it leaked like a sieve and was unfixable?

What happened to Nationwide?

3D?

Didn't that ship sail about 5 years ago with no-one on board?

El Reg left hand, meet right hand...

https://www.theregister.co.uk/2017/10/25/new_optane_disks_280gb_480gb/

So let's get this straight, this exploits the same vulnerabilities as the last one that made headlines all over the world and crippled various organisations and yet, some people still didn't patch against it?

sympathy-o-meter firmly pegged on 0 here.

CentOS 6 is in production phase 3

So... yes, CentOS 6 is "supported" until 2020 but the upstream RHEL that it's based on and receives all its patches from went into what Redhat call "Production Phase 3" on May 10th 2017. That means that only security vulnerabilities that Redhat class as "critical" will now be fixed. Anything that's merely "important" or less gets patched if they feel like it and judging by the things that _didn't_ get fixed in RHEL5 once that reached PP3, that's going to mean that CentOS 6 gets less and less secure over the next 2.5 years until it goes EOL.

All this stuff about not rebooting when there's a kernel update. Without the reboot you're still running the old, potentially exploitable kernel. But who needs security anyway, eh.