* Posts by g00se

212 publicly visible posts • joined 26 Oct 2009


Softbank's 'Pepper' robot is a security joke



the application performs no control over the file extension. As a matter of fact, we were able to upload images, text files which extensions have been modified to images, and even plain text files without performing extension editing

Actually Unixes don't use the lame and naive system of determining a file's type by looking at its extension. They use magic numbers - a binary analysis of the file. And that's what should be employed in input sanitization if indeed that's required in what i'm surmising is an image viewer. e.g. if you pass a non-image file to feh, it will tell you there's no "loader for that file format"

HTC U12+: Like a Pixel without the pratfalls, or eye-watering price tag



... but in Google's phone it merely evokes the sinister data-slurping Clippy-style assistant.

The word you want is invokes

Bowel down: Laxative brownies brought to colleague's leaving bash


Saline police chief Jerrod Hart said the tampering of food ...

A seasoned officer, was he?

Systemd-free Devuan Linux looses version 2.0 release candidate


Re: I don't understand...

>>Oh and I recently dumped Gparted - guess what, it now requires SystemD<<

I don't get it:

goose@t410:/tmp$ apt-cache depends gparted


Depends: libatkmm-1.6-1v5

Depends: libc6

Depends: libgcc1

Depends: libglib2.0-0

Depends: libglibmm-2.4-1v5

Depends: libgtk2.0-0

Depends: libgtkmm-2.4-1v5

Depends: libpangomm-1.4-1v5

Depends: libparted-fs-resize0

Depends: libparted2

Depends: libsigc++-2.0-0v5

Depends: libstdc++6

Depends: libuuid1

Breaks: udisks2

Suggests: xfsprogs

Suggests: reiserfsprogs

Suggests: reiser4progs

Suggests: jfsutils

Suggests: ntfs-3g

Suggests: dosfstools

Suggests: mtools

Suggests: yelp

Suggests: kpartx

Suggests: dmraid

Suggests: dmsetup


Suggests: gpart

Penguins in a sandbox: Google nudges Linux apps toward Chrome OS



Not sure why that would be any good. You can already use Crouton if you want to run Linux in 'user space'. What would be of interest is running Linux on the metal. Natch they won't allow their lockdowns to do that

Modern life is rubbish – so why not take a trip down memory lane with Windows File Manager?


life extension - file extension

File extensions visible in that screenshot. I'm wondering if they used to hide them by default in those days ...

Desktop PC shipments dip below 100m/year


Re: Market Saturation?

I no longer carry a laptop to meetings. Instead I have a tablet. Same thing, different form factor.

Nope - they're different things. One is a device that's capable of high productivity, the other is largely a device for consumption. Before you say you input stuff like a fiend at meetings, consider the general point. Tablets are good at one thing though: getting users to accept a high cost/computing power ratio. Landfill

Private browsing isn't: Boffins say smut-mode can't hide your tracks


I was going to write a article on my blog about what is left behind after you close a private browsing mode session.

Maybe post a link to it when it's done?

...to see what files can be recovered from the hard drive after the browser session is closed

Presumably a lot of files. How would you know which to look for? Isn't what 'sensitive' data can be recovered the important factor?

Unlucky Linux boxes trampled by NPM code update, patch zapped


Tiala pegged the problem to running the sudo command as a non-root user.

What other kind of user would need sudo?

"Tiala pegged the problem to running the sudo command as a non-root user." would FTFY

Bloke sues Microsoft: Give me $600m – or my copy of Windows 7 back


Re: 'OEM keys work just fine'


Until last week, you could pwn KDE Linux desktop with a USB stick


Re: And which bunch ...

Thats like blaming MS for KDE deciding to hide file extensions.

Pleeeeeeeease tell me that KDE (which i've never used, since it's too Windowsy and bloated) doesn't do that too!?


Right, but i still don't get it. WTF would be notifier be interpreting a string aimed at (mainly, presumably) mount as a command?


It's bad enough auto-mounting by default, but running scripts/executables automatically too!? (if i've got what's actually happening right ...)

This just adds to my general unease (i could just be being a paranoid old fart perhaps) that the standard of software engineering in the Linux world is slowly dropping

UK web grocer Ocado takes £500k hit after robo-warehouse tech splurge


I bought

10,000 Ocado shares but found they'd given me 10,000 avocados as a substitution

GCHQ unit claims it has 'objectively' made the UK a less desirable target to cybercrims


Oh yeah?

What did they do - make using Windows illegal?

Can't login to Skype? You're not alone. Chat app's been a bit crap for five days now


Log in

"Login" is not a verb!

Perv raided college girls' online accounts for nude snaps – by cracking their security questions


Yur pr0nz are belong to us

Powell's interest in all this was obtaining private sexually explicit photos, which people apparently store in their email accounts without much thought about security. It's not immediately clear why the large number of such images on the internet did not suffice.

Wouldn't an obvious possible reason be yet-to-emerge coercion/blackmail?

Skype, Slack, other apps inherit Electron vuln


Re: Microsoft eager to let this be known

It's appalling the new version and voice practically doesn't work on linux.

I can confirm that. My client's migration to Debian has been completely derailed by his dependence on Skype

I've also heard that the Mac version is inferior too. Is that the case?

NHS deploys Microsoft threat detection service on just 30,000 devices



NHS Digital has yet to explain why it has taken months to roll out Microsoft's Enterprise Threat Detection Service (ETDS) to only about two per cent of the UK health service's targeted installed base.

They don't need to explain. It's well known that Windows boxes are everywhere in the NHS. Their enterprise is therefore under threat by definition. Adding more MS crap is really going to improve the situation?

Death notice: Moore's Law. 19 April 1965 – 2 January 2018


Java is dead. Long live Java!

I hate to break it to the buriers of Java, but not only is it not dead but it (or a proprietary version of it) is either running or runnable *inside* your Intel processor and/or its associated chips. See https://www.slideshare.net/codeblue_jp/igor-skochinsky-enpub (slide 33 onwards)

PowerShell comes to MacOS and Linux. Oh and Windows too


Re: binary pipelines

find ./ -exec ls -l {} \; | awk '{print $3}' | grep . | sort | uniq

find -exec stat -c "%U" '{}' \; | sort -u

You're welcome ;)


Shell without Power

The big plus with Powershell, as has been mentioned above, is that it allows object-oriented access to system objects. That's not relevant with Unix-like OSs. Strip it of that superset of functionality and you might as well use the shells already available for those.

Hold on to your aaSes: Yup, Windows 10 'as a service' is incoming


Re: "Windows as a service"

No - because they at least have the decency NOT to do it in the aaS

WordPress captcha plugin on 300,000 sites had a sneaky backdoor



Genuine question: who is responsible for checking that WP plugins contain no malware?

Merry Xmas, fellow code nerds: Avast open-sources decompiler

Thumb Up

Re: Intel ME

Hopefully soon. And some EFI implementations too. There can't be that many at large i wouldn't have thought

Russian hacker clan exposed: They're called MoneyTaker, and they're gonna take your money


That's true but you might be surprised how UPNP is enabled by default often.

Black Helicopters

Maybe they're using Intel ME - the backdoor that is likely to already be present in his home machine?

Linux laptop-flinger says bye-bye to buggy Intel Management Engine


Re: Cool marketing idea

One should note that the laptops currently on offer by refurbishers typically seem to be to old for ME... so it's not a pressing need yet.

Yes. You need a pre-2015 processor to escape it

You mean Google updated its smartwatch OS and nobody noticed?

Black Helicopters


I take it that, given Google's attitude to personal privacy, they'll quickly be able to identify with their inbuilt sensors who the world's w***kers are? I'd hazard a guess there's quite a strong correlation between that population and the one that would buy such a device in the first place ...

To fix Intel's firmware fiasco, wait for Christmas Eve or 2018


Re: Can't you zap the offending management with a cattleprod?

I suspect you meant Cayman Islands, a Caimen is an alligatorid crocodilian

So, why not take your best guess, therefore, at how the Cayman Islands (formerly called 'Caimanas' and before that 'Lagartos' [lizards] ) got their name?



The flaws struck multiple flaws in Intel's Management Engine ... make it possible to run code that operating systems – and therefore sysadmins and users – just can't see.

Sorry to have to break it to you, but that's the whole point of Intel ME anyway. I shan't query the very odd first five words of the quoted sentence yet ...

Kotlin's killin' Java among Android devs


Open source

Kotlin, an open source language

What would a closed source language be? Just asking...

He's no good for you! Ofcom wants to give folk powers to dump subpar broadband contracts


Tor ticket

Seems to be some sort of deep packet inspection attempting to throttle torrents / Tor / streaming

Interesting. Other people's experiences?

It would be easy for an ISP to whitelist bandwidth measurement services and claim that everything is fine, whilst still providing a very poor service.

Let's make sure we tell them that such monitoring (by officials) will be done over Tor.

VW engineer sent to the clink for three years for emissions-busting code



Hope the board paid him at least five times that to take the rap.

Re-identifying folks from anonymised data will be a crime in the UK



Does that even make sense? If people CAN be identified from data, then it's not ... anonymised... is it?

Did eye just do that? Microsoft brings gaze tracking to Windows 10


Got a date for thought-tracking yet?

The tech, called Eye Control, will help lesser-abled individuals – such as those affected by motor neuron diseases – use computers without a mouse and keyboard.

Yeah right. That's so totally their motivation, to help that massive number of people with that unfortunate condition isn't it? WTF are they going to be tracking next? Professor Hawking, please denounce this in no uncertain terms!

How can you kill that which will not die? Windows XP is back (sorta... OK, not really)

Thumb Up


I seem to have SP2 and 3 for XP. http://technojeeves.com

Trustworthy? If you know the checksums then trust isn't a biggie ;)

Microsoft Surface laptop: Is this your MacBook Air replacement?


Re: ... but will it

Err ... i wouldn't. But if one came into my possession, there's no version of Windows 10 in the world (so far) that i would be happy with. It'd be like receiving a Maserati that had been fitted with wooden (and evil) cartwheels


... but will it

run Linux? That's the only "jailbreak" i'd be remotely interested in.

Revised 'Broadband 2.0' report: 6.7m Brits suffer 'sub-10Mbps' speeds

Thumb Down


One way of kicking people onto paying for higher speeds is to leech from people who are content to stick with entry level BB. That's what i suspect BT are doing with me. Fortunately not enough to be a big problem, but it's nonetheless annoying

UK uni warns students of phishers trying to nick their tuition fees


Re: Am I missing something?

or was he inferring that all pleasures in Newcastle are random?

I'm guessing you mean "implying"



I'm surprised that they haven't been shutdown yet.

You mean "shut down". You didn't login properly today did you?

Met Police laggards still have 18,000 Windows XP machines in use


Re: Why?

Try finding a download link to Windows 8/10 drivers for a taser. for instance.

Wow! I had no idea you plugged tasers into computers to use them. That's shocking. Do they have a USB interface?

Looking for an Ubuntu Unity close cousin? Elementary, my dear...


Re: "An"? I had no idea!

Unless that was just Red Hat, which I'm now starting to doubt as to whether it was pronounced the way you would expect. "reed hut"? "rude hot"?

It's pronounced 'bread head'

Debian devs dedicate new version 9 to the late Ian Murdock



fyi Devuan supports EFI booting already in Jessie

Ransomware realities: In your normal life, strangers don't extort you. But here you are


Inevitable - erm no

Use Linux. The prospect of getting ransomware is probably close to zero

Init freedom declared as systemd-free Devuan hits stable 1.0.0 status



a. Devuan Jessie supports EFI booting (unlike Debian Jessie)

b. network-manager is replaced by wicd in Devuan

HP Inc wireless mouse can be spoofed


Re: Mad.

Wired trackball every time! Surface unimportant. Much faster. No batteries to fail

Microsoft touts next Windows 10 Creators Update: It's set for a Fall


Re: My Windows Wish-List...

macOS does it and I love it

... as do several Linux desktop environments

systemd-free Devuan Linux hits RC2


Kind of absurd rationalization given that Ubuntu is downstream of Debian, not upstream.

Err .. isn't the fact that it's downstream the point?

Just like Devuan in fact.

That's disingenuous. It's not 'downstream' in the normal sense - in essence it's a fork