* Posts by Cronus

114 posts • joined 4 May 2010

Page:

Visual Studio Code 1.45 released: Binary custom editors and 'unbiased Notebook solution' in the works

Cronus

Multi-monitor support could perhaps be one area that Eclipse Theia could steal some market share, though I suppose MS could just try and pull in their work.

20 years later, Microsoft's still hammerin' Xamarin: Bunch of improvements on the way for cross-platform coding toolset

Cronus

As someone who had to Xamarin Forms development a few years ago all I can really say is, "stay the fuck away". Worst year of my life.That thing is so buggy and so slow! Not to mention the size of even the simplest application is ridiculous, you're talking easily 50MB and often more.

Collabora working on making any DirectX 12 driver able to support open graphics and parallel programming APIs

Cronus

This seems a bit worrying for Linux users. Unless I'm reading it wrong it sounds like this will give graphics card vendors incentive to not write OpenGL drivers for their cards at all. Making porting drivers to Linux even more effort and thus less likely to be done.

World's smallest violin to be played for opportunistic sellers banned from eBay and Amazon for price gouging

Cronus

Did you overlook baby formula?

If you're looking for a textbook example of an IT hype cycle, let spin be your guide

Cronus

I get the impression that the hype is somewhat needed to get the basic research needed funded. Sure it's never going to deliver on the scale or time-frame that's being claimed but it seems without the hype it may never get delivered at all.

Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks

Cronus

I'm not condoning what they're doing with this technique but hats off to them for the approach. I'm curious though as to why the digital certificate wasn't revoked as soon as a replacement driver was released without the vulnerability. I'm not sure if the limitation is that Microsoft doesn't allow you to revoke on a per-binary basis and you need to go through the hassle of getting a new certificate for each version or if Gigabyte were just incompetent.

Privacy activists beg Google to ban un-removable bloatware from Android

Cronus

Let's be honest, it's not going to happen. It simply isn't in Google's interests to do what they're asking.

Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear

Cronus

Nice how they provide proof of concept code for malware authors to adapt despite their "What Should I Do?" section of the FAQ suggesting they've not made much of an attempt to get this patched first.

Windows 7 and Server 2008 end of support: What will change on 14 January?

Cronus
Linux

Like so many others it seems, I decided not to 'upgrade' to Windows 10 and have been doing just fine running Debian as my home desktop OS for some months now. A few games flatly refuse to run but it's a small sacrifice to make IMO.

Ministry of Justice bod jailed for stealing £1.7m with fake IT consulting contract

Cronus

Now that's ironic.

Rowhammer rides again as FPGA attack, RSA again reportedly up for sale, anti-theft kit to nuke laptops, etc

Cronus

Re: Rowhammer/JackHammer

Perhaps but https://www.vusec.net/projects/eccploit/ would suggest there's little point.

Snakes on a wane: Python 2 development is finally frozen in time, version 3 slithers on

Cronus

At least with the withdrawal of security patches from the 'vendor' in this instance doesn't automatically mean the language is going to become vulnerability riddled since distros et al have access to the source and are free to patch it as necessary themselves.

Your workmates might still be reading that 'unshared' Slack document

Cronus
FAIL

Err how is this any more of a threat than the intended recipient just copying the contents into a new snippet and sharing that? This is yet another non-issue from a security company trying to make a name for itself.

If there's somethin' stored in a secure enclave, who ya gonna call? Membuster!

Cronus

Re: So...

This probably has implications for DRM but I most certainly agree there's not much of a threat to servers and the like.

Microsoft emits long-term support .NET Core 3.1, Visual Studio 16.4

Cronus

I'm pretty sure Windows Forms is still Windows only it just runs on the .NET core framework now.

Cronus

Re: Proof in the pudding

X years of support just means Microsoft will issue fixes and diagnose bugs for that period of time. If your application runs fine when you build it and you deploy it and you don't mess with it it'll continue to run fine. It's no different from OS support, even Linux distros have EoLs. Minor tweaks every three years if you want to upgrade to use the newer features in the next version or you want to receive potential security upgrades is hardly a big ask.

As for Java, that gets security updates all the time. If you just left it alone on a server and never touched it after release you'd likely be running on an insecure platform.

Internet world despairs as non-profit .org sold for $$$$ to private equity firm, price caps axed

Cronus

Absolutely disgusting. It stinks of corruption.

Don't miss this patch: Bad Intel drivers give hackers a backdoor to the Windows kernel

Cronus

Re: One way

You don't have to be a moron when it comes to windows device drivers. They're not exactly trivial pieces of software to write.

Section 230 supporters turn on it, its critics rely on it. Up is down, black is white in the crazy world of US law

Cronus

I don't see what's hypocritical about changing your mind some twenty-four years after making a decision when the entire context has changed and new evidence has come to light. He made a decision that made sense in 1995, he's since come to realise it no longer makes sense. Politicians that are capable of re-evaluating their position on things when presented with new findings is exactly what society needs. You shouldn't penalise them for not steadfastly holding to every opinion they've held or decision they've made.

Microsoft embraces California data privacy law – don't expect Google to follow suit

Cronus

35% more or 35% less? It seems you missed a word out of that sentence.

You're ARIN a laugh: Critical internet org accused of undercutting security over legal fears

Cronus

It sucks but I don't blame them given how the US legal system works.

Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked

Cronus

As I understand it an eight character password would have been hashed in a much less secure method back then than now. Modern passwords are hashed in such a way as to take a long time to compute in order to resist brute-force attacks.

Newb admits he ran Satori botnet that turned thousands of hacked devices into a 100Gbps+ DDoS-for-hire cannon

Cronus

Re: Will the right people be punished fairly?

The guilt of the hacker is not in question here. I'm merely pointing out that there's a big difference between failing in your responsibility to lock your own door and then being broken into and having locked your door but unbeknownst to you the lock being faulty allowing anyone to break in with little more than a firm push on your door.

Whether there is currently any laws that hold manufacturers responsible for such failures is also irrelevant. There was a time when hacking into someone's systems was also legal as there was simply no law prohibiting it yet. It was still wrong to do it even if there was no actual penalty. Likewise in this case, the manufacturer of the shoddy IoT gear might not face any civil or criminal case but refusing to patch vulnerabilities in widely deployed equipment is still wrong.

Cronus

Re: Will the right people be punished fairly?

Down vote for equating leaving your doors unlocked with selling door locks that open as soon as you push on them a bit.

Zapped from the Play store: Another developer gets no sense from Google, appeals to the public

Cronus

The Register has asked Google to comment...

but we all know that if they get one at all it'll be a generic and unhelpful response from a PR droid.

Google to bury indicator for Extended Validation certs in Chrome because users barely took notice

Cronus
Happy

and this is why I've switched to Firefox (actually I switched when they announced they were gimping the network APIs for addons and removing the https indicator from URLs, this is just yet another nail in the coffin.

LibreOffice handlers defend suite's security after 'unfortunately partial' patch

Cronus

It just occurred to me that the point you were making is that it can't be "exactly as this is done for a company like Microsoft." because then there'd be hundreds of vulns. In which case, you are indeed correct.

Cronus

Just because you have a group that handles security doesn't mean you'll never have security issues in live code. Bugs happen, no matter how careful you are.

Also I just checked and first statement is also true -- https://blog.documentfoundation.org/blog/2018/07/25/how-libreoffices-quality-has-improved-thanks-to-automated-tools-and-the-volunteer-contribution-of-security-specialists/

Relevant excerpt:

“The combination of Coverity Scan, Google OSS-Fuzz and dedicated fuzzing by security specialists at Forcepoint has allowed us to catch bugs – which could have turned into security issues – before a release,” says Red Hat’s Caolán McNamara, a senior developer and the leader of the security team at LibreOffice.

Can't dance? That's no excuse. Let a robot do it for you at this 'forced exoskeleton rave'

Cronus

When I saw this all I could think of was that scene in Iron Man where the military tries to create their own version and Tony shows the footage of that robot spinning 180 degrees with a guy inside it...

Can't quite cram a working AI onto a $1 2KB microcontroller? Just get a PC to do it

Cronus

Training is a much more computationally expensive operation than inference. Once you have a trained model, getting output given some input is trivially cheap and fast in comparison.

Legacy app whitelist can be abused to bypass latest macOS security defenses, expert warns

Cronus

It's certainly a hole but I'm not sure how you'd work around this without breaking legacy apps. Presumably not breaking legacy apps includes not breaking popular plugins that might have legitimate reasons to access restricted resources.

DRAM, that's cold: Overclockers squeeze out extra Micron DDR4 performance with liquid nitrogen system

This post has been deleted by a moderator

Guess who's addicted to GitHub, busy on Slack, stuck in 2015? No, not another hipster: It's the Slub backdoor malware

Cronus
Facepalm

It's interesting that such a professional and targeted attack would use such old exploits to infect its victims. That it was successful at all is yet another sad reminder of how piss-poor non-technical user's patching processes are.

I hate the way Windows 10 forcibly updates itself but in the grand scheme of things it's probably doing more good than harm if attacks like these can succeed due to lack of patching.

Microsoft flings the Windows Calculator source at GitHub

Cronus

Windows 10 only, eh, I'll pass.

Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints

Cronus

Avoiding writing malware to disk is not a new idea. An approach (admittedly for Unix/Linux systems) is in fact described in this Phrack article from 2004 — http://phrack.org/issues/62/8.html

Bun fight breaks out after devs, techie jump ship: Bakery biz Panera sues its former IT crowd

Cronus

I don't get the dig about McDonald's digital ordering system. I've certainly never had a problem with it and it beats waiting in a queue.

RIP, RDP... nearly: Security house Check Point punches holes in remote desktop tools

Cronus

I saw mention of a number of vulns in the Microsoft client but none of them seemed to be remote execution. Which is almost a shame really, think of all the fun you could have with remote 'Microsoft' support people who are calling to remove a virus from your PC.

Cronus

Re: Remote Desktop Protocol you say ?

You disable the client? because that is what the article is about, not the server.

Cronus

So the Microsoft client doesn't have any serious (RCE and the like) vulnerabilities but the Linux clients do?

Court orders moribund ZX Spectrum reboot firm's directors to stump up £38k legal costs bill

Cronus

Re: Two words for you ...

More like, "Never again"

Western Digital deploys heatsink on remodelled M.2 to tempt gamers

Cronus

I'd have thought this would be of more interest to people working with video editing where disk operations are quite intensive over long periods of time. I would hope that video games are better optimised than to need to constantly access the disk.

Poland may consider Huawei ban amid 'spy' arrests – reports

Cronus
Joke

About time. Polish manufactured devices for spying on the Polish people, not Chinese devices!

Wanted – have you seen this MAC address: f8:e0:79:af:57:eb? German cops appeal for logs in bomb probe

Cronus

Re: Technical Details

As per the article the blackmailer doesn't appear to have been using a randomised MAC address.

Also everybody suggesting that they should just destroy/dispose of the device with said MAC address is probably missing a trick also. The police aren't just looking for someone whose device has that MAC address they want logs indicating when and where the device with that MAC address has been.

With both date and location they can then look through existing CCTV footage in those areas and apply a process of elimination to whittle down the list of people who are present in all/most of the CCTV footage. The blackmailer is likely to be in most if not all of them but random people who happened to be in the area at the time are less likely to appear in all the footage.

This is the final straw, evil Microsoft. Making private GitHub repos free? You've gone too far

Cronus

As ever

If you're not paying for the product, you are the product.

Pork pulled: Plug jerked out of beacon of bacon delight

Cronus

Just looks like a normal vending machine to me, albeit one with packets of bacon-based products inside.

Scumbags cram Make-A-Wish website with coin-mining malware

Cronus

There's a lot of moralising going on in this article as though the attacker in question specifically singled this site out knowing full-well it was a charity for seriously ill children when in reality it's likely the entire thing was largely automated. The only thing they'd really care about is that it's vulnerable and it has high traffic.

This is quite literally one of those 'think of the children' type articles you normally make fun of. Quite disappointing really.

Micron's Chinese DRAM antagonist hit with US export boycott

Cronus

Is there anything these guys won't play the national security card for?

Watt the heck is this? A 32-core 3.3GHz Arm server CPU shipping? Yes, says Ampere

Cronus

...but does it suffer from Spectre et al?

SentinelOne makes YouTube delete Bsides vid 'cuz it didn't like the way bugs were reported

Cronus

Seems to be available again https://www.youtube.com/watch?v=BYEbhDXgElQ

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020