* Posts by sysconfig

305 publicly visible posts • joined 5 Jan 2010


Munich mk2? Germany's Schleswig-Holstein plans to switch 25,000 PCs to LibreOffice


Re: Not saving money?

Seems like a lot of effort to achieve zero savings

That's the bean-counter angle, which does not always work out well in the long run.

The intention, as stated in the article, is obviously not saving money short term (or at all) -- and 5 years is a pretty short term view on that scale.

Sitting comfortably? Then it's probably time to patch, as critical flaw uncovered in npm's netmask package


Javascript standard library? hahahaha...

Ha fair enough! I actually replied to the wrong post in the thread before. My comment was aimed at the broader picture, that is homemade code vs using libraries, not JavaScript, which, well... no, I'll refrain from opening a huge can of worms.


To be honest, in large projects you'll probably want to use standard libraries as much as you can, because a lot of homegrown stuff will sooner or later reach the "nobody present knows how it works, nobody dares touch it" sort of maintenance category. Or legacy. Bottom line is, a lot of broken and insecure code will stick around once the developers left, whereas standard libraries usually have a lifetime beyond the contractor's or FTE's term.

Sure, crap happens either way, and it's not uncommon to benefit from the power of hindsight and point fingers then.

There's no 100% secure and bugfree software beyond "hello world". Personally I'd go with something that will (or is most likely to) receive future updates.

Cherry on top: Dell shoves MX keyboard into its Alienware m15 R4 ultrabook


Interesting exchange rate...

The machine itself starts at £2,049 ($1,799.99 Stateside) for the base configuration

They're taking the piss aren't they?

Apple reportedly planning to revive the MagSafe charging standard with the next lot of MacBook Pros


Re: Wish list

Touch screens would be nice too, at least as an option.

Cyberpunk 2077: There's a great game within screaming to get out, but sadly it was released 57 years too early


The original table top had glitches too...

How often did we end up with one player missing for the weekly session, or dice being lost, or the story just not making much sense. We started over so many times... maybe CDPR should too?

More seriously though, I have been looking forward to this game's release for years. Nostalgia. Hype. Whatever it is. I know I will eventually get it and might have already if it had been released on schedule. But the constant pushing of the release date did not make me very confident, to put it mildly. The first reports and reviews did nothing to change that either, to the contrary! I'll just wait now until it's on sale on Steam. Maybe I'll have a new PC by then and can get a much better experience altogether.

Bill Gates lays out a three-point plan to rid the world of COVID-19 – and anti-vaxxer cranks aren't gonna like it


Re: If Bill Gates has the technology to implant chips to control people's behavior

I already determine everything that happens in this Universe including it's backstory. (Well, not exactly as I used a template.)

Universe As Code? Universial DevOps?

Put that Covid bug fix in the release pipeline, then!

BT cutting contractors' rates by a fifth and halving notice period because 'coronavirus'


Re: This years excuse

They're not changing the rate mid contract. They are ending it by normal means (notice period) and will then offer less if contractors decide to sign a new contract, which starts the day the current one ends.

No breach there.

Yes it's shit, but it's not illegal. And because the contract and job markets are dire right now, they can do it. They will find replacement for those who decide to not sign the follow-on contract.

The same shit is going to happen when the IR35 changes finally hit next year. (And for some it happend pre last April, which is when the changes were first intended to go ahead before the government decided to prioritise fucking up their Covid response first.)

NHS tests COVID-19 contact-tracing app that may actually work properly – EU neighbors lent a helping hand


Re: How will they know it's a false alarm?

Isolation isn't just inconvenient it's also potentially expensive.

What's the price tag on your life, mine, or that of any other person?

Yes this pandemic costs money. So what? That does not give anyone the right to sacrifice the lives of 10s of thousands of people, least of all an inept government with a cabinet full of clowns.

Whoops, our bad, we may have 'accidentally' let Google Home devices record your every word, sound – oops


Wasn't meant to be discovered so early,...

...but was always intended to happen. And will happen again.

If you own one of these 45 Netgear devices, replace it: Kit maker won't patch vulnerable gear despite live proof-of-concept code


The headline should read...

If you knowingly own any Netgear device, replace it.

Sorry feeling a bit snarky, but if a manufacturer knows of a flaw and chooses to shrug it off, they should only be spoken to in the one single language they understand: money, or lack thereof.

Xen and the art of hypervisor introspection: Bitdefender donates meditative tech to open-source virty outfit


Re: How much can VPS hosters see in your memory?

It's been a while since I set up Xen-based clusters. But from the top of my head I'd say, yes, in theory. The fact that Bitdefender's toolkit would add ability to analyse your VM's memory for malware, supports that.

If data is so sensitive that not even the hosting company must ever be able to read it, don't use it in someone else's hypervisor (or indeed on their hardware).

What the duck? Bloke keeps getting sent bathtime toys in the post – and Amazon won't say who's responsible


Re: I haven't a funny quip to add to all these.

No beak deal.

Nine million logs of Brits' road journeys spill onto the internet from password-less number-plate camera dashboard


Not sure if "joint responsiblity" is a good start. In practice that could just mean that each party involved points fingers at the other.


"As for the cameras - were the IP addresses public or private (RFC1918)? I would expect sort of overlay VPN for those."

Don't bet your (furlough?) salary on that. Security obviously wasn't particularly important.

No wonder cops are so keen on Ring – they can slurp your doorbell footage with few limits, US senators complain


Re: Better not put a Ring on it then

@Marketing Hack

Are you holding out Amazon,..., as some kind of privacy champion??

Certainly not. It was not my intention to make them look like saints. You could argue that they have been less evil than some other global players, especially those in corporate America, but that debate would lead nowhere, since we only see what they've been called out on. Best to assume that they're all after our private data, the more the merrier.


Better not put a Ring on it then

(the door that is)

More seriously though, I'm not really shocked any more that privacy is trampled over. Happens everywhere all the time, sadly. But to see the scale of disregard in this case, from an Amazon-owned company no less, is a bit baffling. They are clever people. I'm assuming that someone has come to the conclusion that the free (albeit negative) coverage they get for this will be worth it.

Things won't change until (deliberate) privacy violations become crimes, where a person (not a business) can be held accountable and ultimately end up behind bars.

HMRC: We 'rigorously tested' IR35 tax-check tool... but have almost nothing to show for it


Re: High Quality Test Software Of High Quality

With the current government you have better chances of getting the contract, if you haven't even got a computer or skills at all. (see Seaborne Freight debacle)

The Large Hadron Collider is small beer. Give us billions more for bigger kit, say boffins


Re: I see oppotunity

Absolutely. And nobody knows more about colliders than Trump!

Clicky here

London Gatwick Airport reopens but drone chaos perps still not found


Re: I have a solution that is very feasible and would be dead-reliable...

So you were behind the drone nuisance to pitch your project next week? :P

Dropbox plans to drop encrypted Linux filesystems in November



I've been dropping Dropbox slowly over the last couple of months. Going to switch it off by end of this month now. I use Syncthing instead. N-way filesystem sync between PC, laptop, home backup and remote virtual server, all of which use different encrypted file systems and three different OS between them. Has been working like a charm. Oh, and the transfer off-site goes via OpenVPN link between home router and virtual server. Not that I have reason to believe that Syncthing's in-transit encryption of traffic isn't good enough, but I trust OpenVPN to be better tested and scrutinised.

Mobile app devs have, oh, about 9 hours left to decide whether to stay on Google's ad platform



Facebook handles end user data itself, so users of the ad network have nothing to worry about at all from GDPR.

I wish I could accept that as a fact. I'm sure you meant this to be funny.

Careful with the 'virtual hugs' says new FreeBSD Code of Conduct


So, in line with the new Code of Conduct...

Who of you snowflakes social justice warriors wants a *hug*?

WikiLeave? Assange tipped for Ecuadorian eviction


Poor living standards...

A person cannot live forever in these conditions...

So the Ecuadorian Embassy is one of the less comfortable Knightsbridge accommodations then?

Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs


Re: Hmm, If I was working at a secret agency

[...] it greatly benefits certain agencies

Exactly that. Especially given that Intel and AMD are American, and ARM is British, but their chips are used globally. From an agency and gov point of view: What's not to like? I bet they are more upset that this has come to light than they ever were about the existence of those flaws.

I'd also be inclined to wager that there are more flaws like this in CPUs and other chips/hardware. It's no secret after all that the 5 Eyes would like to see backdoors and reversible encryption everywhere.

Developers, developers, developers: How 'serverless' crowd dropped ops like it's hot


Re: A true paradigm shift!

Dataless. That's the future young man!

Oh, so the "big data" hype is already over?

Military test centre for frikkin' laser cannon opens in Hampshire


Time to start developing defensive measures...

...like a giant mirror?

UK.gov told to tread carefully with transfer of data sets to NHS Digital


Re: Privacy Lite as ever, it seems

Seems the upcoming GDPR will have no bearing on either our gov or the NHS. I wonder if they are somehow exempt. Any legal eagles around to clarify that?

NYC cops say they can't reveal figures on cash seized from people – the database is too shoddy


Lock them away...

...and conveniently lose paper trail and jail door key. Let's see how quick the database is fixed and/or a previously unheard-of backup found.

The mere fact that a law allows to snatch assets because somebody (police officer) thinks they might be connected to a crime, sounds very Wild West. Sad that these laws actually exist.

44m UK consumers on Equifax's books. How many pwned? Blighty eagerly awaits spex on the breach


EU data protection?

Customers of these companies might therefore be affected by the attack despite not having signed up for Equifax's services. The US agency holds the personal details of 44 million UK citizens

I'd be curious on which legal basis they hold the data in the US. And I'd be even more curious how they are going to inform all non-customers about the data they kept and failed to secure. 44 million UK citizens, for Christ's sake. That's almost all of the adult population.

Lord Sugar phubbed in peers' debate on 'digital understanding'


Re "Oh, and Hey you 'Amber Rudd', You are FIRED!"

If only!

Smart cities? Tell it like it is, they're surveillance cities



Absolutely spot on!

I'd only like to add one thing: You don't need to ponder "smart" control of resources, while hundreds of tons of water are wasted in London every year due to mains pipes that leak. Don't know about other countries, but this one has to get the basics sorted first. In the meantime I'll keep the little privacy I've got left, thank you very much.

NSA ramps up PR campaign to keep its mass spying powers


Re: @John Smith ... NSA"Last year we proved <redacted> really did kill 20 US citizens at <redacted>

"You have the issue of bad guys wanting to kill you because you don't believe in the exact same things that they do. They think of you as the evil incarnate."

I've got a few issues with this statement. First and foremost it's the moral high ground which the U.S. and many of its citizens are still claiming. The number of civilian casualties in the Middle East caused by the U.S. and their allies, is likely a lot higher than the number of terrorism victims on U.S. soil, in the same time frame. You don't even need to go as far as including the Gulf wars, which were based on the evidently false claim that WMD existed in Iraq. (That claim was known to be false before the war, not after returning empty handed.)

Moral high ground and fear mongering together are the biggest threats to our society. They're both used for political and economical gain, not to make us safer.

Besides, a lot more people have died in car accidents, drug misuse, gun accidents and crimes; each of these categories individually have produced more fatalities. And they are domestic. Now why do you think that not a lot is happening to tackle those? Because there's nothing to gain for big arms dealers, intelligence agencies and politicians; all of them desperately need fear and threats to further their agendas, inside the country and abroad.

Every time we give a piece of privacy away, the terrorists have actually won another battle.

After London attack, UK gov lays into Facebook, Google for not killing extremist terror pages


Unless the US social media companies are actually supporters of terrorism?

You don't have to go far back in time to find plenty of cases where the US, UK and others have made a sizeable amount of money by selling war machinery into countries which are now "evil" and supporting/hosting terrorists. In some cases you don't have to go back in time at all. The Saudi's are UK's biggest importer of weapons currently, for example, and as long as they keep fighting Yemen, they'll need more gear.

So if our governments (via arms manufacturers' lobbying and tax collection) have no interest in having an entirely peaceful world, why would companies in such countries care much about it?


Two things they want

1. They want to be seen to be doing something, anything.

2. They want more control over what we can and cannot see. Even if it's done with best intentions (I doubt that), there's no way anybody can effecitvely control which website should or shouldn't be visible. No pattern is perfect: Country of origin? (Hey there Donald!) Keywords? (let's ban everything about cars or knives?)

The UK Gov's wish (and that's all it is) answers to the demands of rags like the Daily Fail and their readers. But it's a futile attempt at best, and it's a very slippery slope.

Also, unless UK Gov somehow manage a world-wide ban of certain sites on Google (and all other search engines), people with enough criminal energy will easily be able to work around it. So it achieves nothing. Meanwhile, all the false positives will affect Law Abiding Citizen. Another win for the "terrorists" (in quotes, because we use that word way too lightly and sometimes inappropriately).

COP BLOCKED: Uber app thwarted arrests of its drivers by fooling police with 'ghost cars'


Bad press vs no press...

They say bad press is better than none at all. Uber really embraced this concept.

'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time


Re: Stop using PDFs ?

That's a very good point you're making there, JimmyPage.

Since false certificates were part of this discussion, I'd like to see that too. A cert is nothing but a ASCII text document of a very specific format. That should be a lot harder to pull off than using binary blob formats like PDF, which would allow you to hide a lot of stuff quite easily to tweak the hash to your liking.

Having said that, I'm not defending SHA-1. It was already known that its days are numbered.

Also, let's not use the term "calculate" when we refer to this stunt Google pulled off. Anything that uses 6500 years of compute time sounds a lot more like trial & error to me... or trial, verify, dismiss, repeat. Not quite a straight forward calculation. So SHA-1 is not really broken; it's just too weak as compute power becomes cheaper.

EDIT TO ADD, even if wandering off on a tangent: There are better ways to break SSL encryption, regardless of the hash used. How many of the Certificate Authorities that your OS&browser know, do YOU know? How many of them do you personally TRUST? SSL is fundamentally broken by design; unfortunately with no feasible alternative as yet.

Google agrees to break pirates' domination over music searches


Whether something is illegal or not...

...is for courts to decide, not for governments, search engines, or the music industry.

Censorship is in full swing in our so-called free western world.

Smash up your kid's Bluetooth-connected Cayla 'surveillance' doll, Germany urges parents



If big companies who earn money with coms and networking (in the broadest sense) struggle to keep their stuff secure (TalkTalk, I'm looking at you, but not only at you), how on earth can anybody think that some random company from far far away can and will keep their cheaply produced IoT stuff secure? Even if it was secure at time of purchase, who is going to update their daughter's doll? I mean seriously.

They did the right thing in Germany; the ban won't help much, but it raises awareness of the risks. It's a start, and goes quite in the opposite direction of what's happening here in the UK (as pointed out by someone else before).

This whole Internet of Trash is going to blow up in all our faces, if it hasn't already (depending on what gadget you have bought or intend to buy, or what is forced on you).

NGO to crowdfund legal challenge against Investigatory Powers Act


So they don't take AmEx, then?

Yes they do, and the input field splits the groups of digits correctly as you type. I can confirm, you may go ahead and pledge with your Amex, too.

Prez Obama expels 35 Russian spies over election meddling


Gesture to appease Joe Public

Expelling known spies is and has always been just a gesture to show Joe Public, "Look, we're doing something about it." Just political bullshitting, to be honest.

Much harder to expell spies the US doesn't know are spies. Even more difficult to expell those who have an American passport. And those are the one to worry about.

On a side note, I don't buy this RU interference nonsense. It's a desperate attempt to depict Trump as an illicit successor in the White House. (Disclaimer: I think he is a shite candidate. But so was Clinton. Choosing the lesser of two evils was particularly hard this time around.)

Samsung, the Angel of Death: Exploding Note 7 phones will be bricked


Re: Is this even legal in the EU?

I'm sure they can override mere property laws under public safety or anti-terrorism grounds

What has the world come to...

Brexit means Brexit: What the heck does that mean...


Re: And there's also the Snooper's Charter

We're going to lose a lot of data business, I think, just by creating yet-another-jurisdiction to deal with

Exactly. New, currently undefined, red tape and uncertainty about what and when and how are poisson.

Also, the giant holes in the left and right foot? They are called Snoopers' Charter Crater and Digitcal Economy Abyss. Neither of them is going to help attract business, to say the least.

HMS Queen Lizzie to carry American jets and sail in support of US foreign policy



That deployment will take place with half the air wing provided by US Marine Corps F-35Bs because Britain hasn't ordered enough of the jets for delivery in time to fully equip the air wing

So let's build those bloody carriers, even though we don't have enough planes to utilise them?

Want to spy on the boss? Try this phone-mast-in-an-HP printer


Re: I'm wondering

Who replies to text messages from numbers they don't recognise or people who won't identify themselves?

The same people who click on links in spam and phishing emails, and hand over credentials to third parties. We wouldn't see any of those "attacks", if there weren't enough stupid "customers".

What will happen when I'm too old to push? (buttons, that is)


Re: RE; LEDs

Or get an Echo and do everything by voice.

A cloud-enabled recording device in the bedroom? To each their own...

UK 'emergency' bulk data slurp permissible in pursuit of 'serious crime'


Re: Exactly what defines 'serious crime'?

Judging by the looks I get from my neighbours, having your bin out more than two hours before or after it's supposed to be picked up is pretty serious already. (out = end of your driveway, not even on the pavement)

Pressure mounts against Rule 41 – the FBI's power to hack Tor, VPN users on sight


@Six: Re: Definitely different!

Thanks for that rather insightful post. I didn't know any of that. Very interesting.

Energy companies aren't going to slurp your personal data. Honest


EDF keep trying

to force one of those smart meters on me. And boy are they persistent. But so am I.

It might be the case that energy companies are supposed to roll that shit out by 2020. That doesn't mean that I'm obliged to help them with that. There's neither a law that requires house owners to have those snoop smart meters, nor is there any law that allows energy companies to deny supply based on what meters are installed. So service will commence as usual, for the time being.

I don't care how old EDF think my meter is. It counts kwh just fine. They will not convince me otherwise, unless my leccy bill is suddenly much lower than it used to be (meter stopped working).

Lester Haines: RIP


Very sad news

55 is way too young to log out!

Rest in peace. Condolences to the family and friends.