* Posts by foxyshadis

484 publicly visible posts • joined 17 Oct 2006


COVID-19 cases surge as do sales of fake vaccination cards – around $100 for something you could get free


Re: A long way still to go

Several studies have already come out that a booster doesn't increase immunity in the fully vaccinated, except in the immunocompromised. That's more of a "we must do something, and this is something" knee-jerk response by politicians and the public, as comforting as it is to think that each booster actually boosts immunity.

It will take a whole new "Mark II" series of vaccines to actually keep ahead of variants, though the current ones are far, far better than nothing despite that.


Enforcement it going to be tough

I'm sure that while they would absolutely like to be arresting everyone handing them out, if most of them are coming in nondescript anonymous envelopes (especially from overseas), they're not very detectable. It's not like you can train a drug dog to alert on a piece of paper, either.

So they can mostly only shutdown storefronts (the same whackamole we know all too well from torrent sites) and arrest the blithering idiots who actually use their real name and connections.

Elastic amends Elasticsearch Python client so it won't work with forks then blocks comments


Re: Ugh...

The other part of this is that GPL says *You* may charge, but you may not restrict anyone else from distributing it as they wish. So your customers can just go to the one guy who paid you and get it from them, instead, and you can do nothing about it, except making getting it from you so attractive that no one wants to go elsewhere.

Though all of this discussion is about distribution of source and/or binaries, when ElasticSearch's license now embeds charges for certain *uses* of them, which isn't covered by GPL so much as Stallman's opinions over the years.

Facebook gardening group triumphs over slapdash Zuck censorbots


The only lesson here seems to be "If an internet giant screws you over, your only choice is to plead your sob story to the media." Absolutely nothing changes otherwise, and never will until regulation hits them like a sack of bricks.

In a complete non-surprise, Mozilla hammers final nail in FTP's coffin by removing it from Firefox


There is no possible way that any "full fat" FTP could be more than a rounding error against a web browser today. The fattest I can think of is Filezilla, and that pops open and starts downloading in half a second, let alone lighter ones like WinSCP or ye olde WS-FTP, or on Linux the window manager's default browser.

Teen turned away from roller rink after AI wrongly identifies her as banned troublemaker


Re: Jeez

Saving labor costs, plus management just hears the sales team say "Now you'll never accidentally let someone banned in to cause trouble again!" Of course, they know nothing about the tech, and sales knows practically nothing about the tech or what false positive means.

And note this kind of low-end, error-ridden AI is just a module for the security camera system, it's not like a whole new system installed just for this purpose. It's increasingly common for all the major premises security vendors to offer one.

Oracle files $7m copyright claim against NEC's US limb over 'unreported royalties' from database distribution


It's almost guaranteed the Microsoft key was valid at the time it was sold to you. It was probably a MAK key from a volume license, likely a non-profit since those are even cheaper; Microsoft gives them out in blocks of 500 even if you only need 5, to ensure reactivations aren't a burden -- so the resale of them is rampant. They're cycled every three years.

And that's just for legit small businesses and charities, not just ones chartered solely for the purpose of opening up licensing without paying more than pennies upfront. Microsoft shuts those down more proactively, but it's still not uncommon for outright scam keys to stay valid for at least a year.

Anything key you find on eBay is one of those two.


What do you want to bet it was because one database VM was now capable of being vMotioned to a new server in the cluster with twice as many cores, even if it never had been? Oracle charges by the physical host cores, not the VM cores, after all. (Last I heard, at least; they also change their licensing every year to extract maximum fees.)

Google killed desktop Drive and replaced it with two apps. Now it’s killing those, and Drive for desktop is returning


Riding into the sunset

I always love how these sunset dates are firm and absolute -- backup is going away October 1, come hell or high water. But promise for the porting of the canceled features to its replacement? "Oh, you know, soonish, maybe. By December 31, for sure. Pinkie swear. Maybe."

Linux kernel sheds legacy IDE support, but driver-dominated 5.14 rc1 still grows


Haha, it's been so many years since I've even thought about PATA that my mind went instantly to wondering why the kernel would need specialized support for development GUIs. Debugging hooks? Than it clicked halfway down the article. ^^;

The PrintNightmare continues: Microsoft confirms presence of vulnerable code in all versions of Windows


Re: The final death knell of kernel-mode printing

User Mode Driver Framework, the name for it in Windows, is almost 20 years old now and has been in production for 15 years. There are practically no new third-party kernel-mode drivers and only a handful of first-party ones, and most of those deal with virtualization; the problem is the long tail of outdated, abandoned, but supported drivers keeps the path to kernel exploit open.

For printers, it comes down to companies abandoning software support for their copiers years or decades before the real service life of them runs out. For drivers in general, it's mostly old server hardware that no one wants to update.


The final death knell of kernel-mode printing

At least, I really hope this will be the end. The drivers haven't needed to exist in over a decade and were a bad idea from the beginning, and the last thing the subsystem needs is deeply vulnerable legacy support. Hopefully after this all kernel paths in the print system will be fully excised. Next up, full process isolation for each printer, not just the spooler, because drivers will still suck and will always suck.


Re: Not just domain controllers

Even on home/pro editions, there's a reason it's called "File **and Printer** Sharing", and people certainly do use it. The mechanics of sharing printers aren't really any different between a server and a home edition. Certainly being able to own your dad's or your coworker's PC isn't quite the win that a DC is, but it's still an extraordinary breach.

TITAN crypto-token does the opposite of zero to $60: Value plummets in hours


Re: I for one commend IRON

Well sure, because a money market fund must return 100 cents on the dollar.

Now that they've seen people will buy in, though, I'm sure a few bankers are scratching their chins about how to monetize this new 75 cents on the dollar concept.

TCP alternative QUIC reaches IETF's Standards Track after eight years of evolution


Firefox's implementation of HTTP/3 with QUIC is going live this week too, so that's another point that'll drive adoption. I've been using it for a year solid, and sporadically before that, and when it works, it works great. (When it doesn't, it takes extra refreshing and it's really annoying. Twitter, for instance, has a terrible HTTP/3 server.)

After staff revolt, Freenode management takes over hundreds of IRC channels for 'policy violations'


Re: Sinking

Eh, seems more like the all-too-common ego of a big siterunner getting in front of good sense, let alone the concept of cooperation and consent. I mean, just read his own statement: Lee _truly believes_ that he and he alone is the last bastion of the FOSS movement and only he knows how best to run each of these huge projects.

Why Python's pip search isn't working: We speak to infrastructure director about ongoing traffic overload


I've been using both for years and this is the first that I found out the teams aren't related at all. Go me? Well, there are only so many hoods I can look under out of sheer curiosity, rather than when they give out and stop running.

I would've thought the pip team would do whatever it took to burn down anything Webservices/XML-RPC the minute any alternative appeared. REST is 99% of the functionality in 5% of the overhead.

GitLab tries to address crypto-mining abuse by requiring card details for free stuff


Re: Dropbox

Someone's going to try it at some point, and run smack into the main problem: Dropbox will just ban them based on the acceptable use policy as their upload gets ludicrously large. To sign up you also have to pay a minimum of $1200 (5 users for 1 year) and submit proof of your status as a business. They don't let you do unlimited personal anymore.

Backblaze is another unlimited-ish option, but the problem there is that restores are glacially slow, even for one file. I wouldn't be surprised if cold data on Dropbox was treated the same way.

Micron: We're pulling the plug on 3D XPoint. Anyone in the market for a Utah chip factory?


Re: All hail spinning rust

Spinning rust has been a niche product for years, relegated to the lowest of the low end or power users who need to store multiple terabytes of data; for everyone else flash is spacious enough and ten times as fast. It doesn't need to die *completely* to become irrelevant.

Microsoft nudges Windows 10 21H1 toward commercial customers


Re: Wish list

For all that settings had a long and janky evolution, and starts slow, it's pretty good for most purposes now. Control panel was never really much better, it had just been evolving one agonizing screen at a time for a little longer, but I'd pull my hair out if I had to go back to Win7's control panel. And that's exactly what the other option is, because they don't see any pressing need to create a coherent and consistent settings panel, so you know nothing would be updated.

Not an off-by-one error: Java 16 brings 17 enhancements to Oracle's JDK. We chat to Big Red about what's new


ZGC will probably make the most waves long-term, it's nice to see it finally land in an actual release.

Pattern matching is going to be handy too, but who knows when 16 will be widespread enough to actually start using it.

State of Maine threatens to tear up Workday HR contract and request $21m refund if it cannot remedy concerns


Re: Scat Occurs

"Technical debt" is a very common and well-understood term in IT and software development, meaning putting off doing things right in order to do them quickly, which comes at a steadily increasing maintenance cost until it becomes impossible to maintain even the simplest of functionality ("technical bankruptcy").

You do know you're on an IT blog, right?

The wrong guy: Backup outfit Spanning deleted my personal data, claims Cohesity field CTO


Re: 36TB is not for small business

Have you seen the mind-boggling sizes of recent iPhone images and video? Photos are 12000x9000 and video is 4K, plus you have motion photos which are a photo combined with 5 seconds of video, and that's on by default! If you take a lot of pics and vids, you can accumulate terabytes in no time. Same if you're a photographer using a recent high-end SLR.

It's not your daddy's data storage world anymore.


Honestly, yeah, if you sign up with a company that offers unlimited hosting and then they change around the EULA so that when you renew, you're kicked off, that's absolutely shitty and I sympathize. I doubt this dude lost everything, or anything like that, but he's royally pissed off that a promise that was offered wasn't kept, and I would be too.

Let this be a lesson to any company that offers "unlimited" anything.

It only took four years and thousands of complaints but ICANN finally kills off rogue Indian domain registrar


NameCheap has automatic free WhoisGuard on every domain now anyway, so they might as well not even have whois in the first place. Same with many other registrars, of course, but at least there's a few dollars of friction there.

Whois has pretty much been dead forever, only the naive and the exceptionally idealistic put their real information in it and allow it to be open.

Google looks at bypass in Chromium's ASLR security defense, throws hands up, won't patch garbage issue


Re: Why not Firefox?

Pieces of Servo have been incorporated into the main codebase, but Mozilla has been hamstrung by a funds crunch for years. The project is now unofficially dead, since the whole team was laid off last year, though Linux Foundation has thrown a few people at it since. Unfortunately, due to the Big Ball of Pain that is the whole SpiderMonkey JS engine (and every other JS engine), the Rust-based HolyJIT engine that was meant to replace it never made it to production.


Re: So if you find a bug so bad

Anything unfixable isn't a bug, it's a feature.

Popular open-source library SDL moving development to GitHub despite 'calamitous design choices' in git


On the other hand, I won't work with a project that uses SourceForge anymore, because it's simply too clumsy, too backward, and too impossible to use compared to its peers now. Even back in the day, it was only acceptable because no other platform was doing what it was doing.

Synology to enforce use of validated disks in enterprise NAS boxes. And guess what? Only its own disks exceed 4TB


For a NAS, it might well be -- RAID gets you fail-over capability, but you need a lot less random-access capability when you're storing files instead of databases, so you can spend it on making big reads and writes faster. SANs are designed to fetch and write that 4K block in the absolute lowest possible time. And technically they kind of are the same thing, but since they have two different names and niches they get optimized in two different ways.

Countless emails wrongly blocked as spam after Cisco's SpamCop failed to renew domain name at the weekend


That wouldn't be possible; the owner has an automatic 30 days' grace period to renew before it's allowed to go back on the market. Most registrars will put up a parking page during that period. It's when it stops resolving entirely that it's on the market.

AWS is creating a 'new open source design system' with React


Re: It's just natural.

They didn't even open source it. They promised that they *would* open source it, but only provided the compiled (minified) binaries so far. So they're reaching for the cred without even doing their part.

Big IQ play from IT outsourcer: Can't create batch files if you can't save files. Of any kind


Re: Couldn't happen now?

Excel is the real software that all companies, big and small, run on. Most likely someone had made a spreadsheet or three, and when the Big Consultant came along, was told they were a critical part of operations. So they just created a rickety workflow around the spreadsheets.

Heck, they might have just created them on their own. Excel is involved somewhere in almost all Rube Goldberg IT disasters.


Re: Idiocy

Oh yes, when I worked at an MSP, we had companies that were impressed by the staff, response time, proactive protection, etc. And we had "infrequent fliers" who only called when something broke very badly, often so rarely that it would be companies that I'd never heard of because the last time they spent a penny on anything IT was long before I started there. Now they have ransomware or a dead disk array, and it turns out their backups haven't worked in years and antivirus was long expired, because it was too expensive to get someone out to take a look at their little network even once a year or so, or get it set up to send basic system alerts. They end up finding out how much more expensive it can be for your business to shut down and rebuild it, especially the accounting side.

India drops the bar on e-commerce seller's listings: You want to sell it? Tell us where it came from from then


Re: We need those rules too.

Sounds like it was a third-party seller, not Amazon Prime. Amazon washes their hands of the matter if you buy something outside their warehouses.

Motorola Moto G 5G Plus: It won't blow your mind, but at £300 we're struggling to find much to grumble about


Likely to be supported

FWIW, despite everyone doing their best to convince me that Moto drops their phone support the day they release, they've kept up with both security updates within 1-2 months and major OS updates within a year for me. (Just got Android 10 on my G7.) Samsung isn't even close to that.

Nokia 5310: Retro feature phone shamelessly panders to nostalgia, but is charming enough to be forgiven


Re: cool

RAM isn't listed for the original phone; that 30MB is internal storage, and no one knows how much RAM. New one has 16MB storage, 8MB RAM. GSMArena's specs have weird gaps like that, where people have to shove multiple things into one field.

Companies toiling away the most on LibreOffice code complain ecosystem is 'beyond utterly broken'


It's not even on by default yet.


I'm probably one of the tiny handful of people on a site like El Reg that actually likes the new Ribbon interface. I'm glad they finally implemented it, and I feel it's improved my productivity, despite two decades of using OOo/LO.

Also, if you have ever needed charts in Calc, those are MASSIVELY better now than at fork. Like, a whole world of betterness. Charts went from being broken and useless to being better than Excel's.

The end really is nigh – for 32-bit Windows 10 on new PCs


Re: "Buyers reliant on 32-bit apps don't need to worry"

Those are 16-bit ActiveX controls then, lots of VB6 apps were 16-bit or mixed 16/32-bit, as insane as that might sound. Then again, VB6 is from 1998, after all, and many businesses still ran Win 3.1 then.

The silliest thing Microsoft did from Win8 on was to get rid of XP Mode, it made a lot of Win7 transition headaches much easier.

Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you're using HTTPS, SSH, VPNs... right?


Re: "MitM attacks on unencrypted network traffic do happen"

Someone could park outside your house and spew dissociation packets. This vulnerability has nothing to do with public/private wifi, it's your device's failure case that's the problem.

Like other tech giants, Netflix gets govt takedown demands – and impressively, none of them involve Adam Sandler



"Americans and Brits will be happy to know that none of the requests came from their governments, so Netflix the MPAA and TV networks walling their content into their own streaming services have had full control over what you do and don't see in those countries."

Artful prankster creates Google Maps traffic jams by walking a cartful of old phones around Berlin


Re: Performance? Art?

Unless every single car in the city is now self-driving and navigating entirely off of Google Maps, and all heading in the same direction, this didn't "fuck up the city." It caused a few people using GM to pick alternate routes, probably mostly rideshare drivers, and confused the hell out of a few people who stayed on the road anyway.

And, you know, it's white hat hacking that points out a potential problem in a system in a relatively benign way.

If only 3 in 100,000 cyber-crimes are prosecuted, why not train cops to bring these crooks to justice once and for all, suggests think-tank veep


Thank you for the TED talk on how things should be, but back in the real world, how do you propose any of this actually happens? Where will all of the cyber-savvy officers come from? What budget will pay for the equipment, software, training, and salary for each department's new task force? Who will make hostile nations cooperate with our investigations? Without an action plan, a goal will never be more than a goal and a feel-good TED talk.

Low code? Low usage, more like: Add G Suite's App Maker to the Google graveyard, it's switching off next year


At this point, no one in their right mind would adopt a second-tier Google app because Google will shortly abandon and eventually ax it, and Google will abandon and eventually ax every second-tier app it makes because no one in their right mind would adopt it. They created this bed, and they're going to lie in it until they stop treating big projects like someone's hobby project on GitHub.

You publish 20,000 clean patches, but one goes wrong and you're a PC-crippler forever


Malwarebytes is not the only antimalware on the planet; there are other consistently top-rated ones, though I've since come to trust MB again. Someone who burns you has to earn that trust back.


Yeah, I got an emergency panicked call and had to uninstall MalwareBytes from someone on Saturday morning. Apparently by the time I was done, the update was pushed, but there was no way to actually update, because it was chewing up over 12 GB on a 4 GB laptop, continuously allocating more, and it took ten minutes to be able to kill the damn process via task manager, after first wasting time trying to stop the service cleanly. It's going to be a bit before I trust MalwareBytes again, I'm not going to reinstall it just because they say the one-off goof is fixed.

Microsoft's Windows 10 Workstation adds killer feature: No Candy Crush


Re: Why candy crush in pro?

It's obvious: Customers demanded it. Not just a few, but an overwhelming number of corporate(!) and high end home customers demanded that Microsoft's Pro OS include everything the home version does. Most higher-specced OEM systems only come with Pro, no Home option available, so anyone just buying a system for themselves would also expect at least everything in Home. And some people just want the top edition of everything despite just wanting to browse the web and play games.

They set easy ways for IT departments to lock things down, but it turns out executives like to play games too.


Re: Consumer refers to who's paying

"That's only true if you had a Windows 7/8 version to upgrade from, and you upgraded in the allotted time. Otherwise, you pay for it upfront, then pay for it again through telemetry."

Just yesterday I was still able to upgrade and activate a few systems to Windows 10 that had never been reserved (domain policy preventing any hint of upgrade), by starting a fresh install and plugging in the product key. Did a couple OEM and one retail, same result. Even if you'd rather upgrade than start fresh, you can still find multiple ways (the "accessibility technologies" link is the most popular).

It's patently obvious that Microsoft actually wants everyone on 10, come hell or high water, and all those deadlines are just there to get some holdouts nervous enough to do it.

If you've ever wondered whether the FCC boss is a Big Cable stooge – well, wonder no more


Re: Pardon?

Might just backfire, if the earnestness to please his corporate masters brings more damnation and regulation on them than if he'd just left well enough alone. Even if he was just doing exactly what they told him, they can still leave him to twist in the wind like a good scapegoat.

I doubt he even got more than vague verbal promises of future employment from anyone. He doesn't seem like the sharpest tool in the shed.

Audio tweaked just 0.1% to fool speech recognition engines


El Reg is showing a pattern here

While this is a major step up from the last two "machine learning fail" studies The Register has breathlessly reported on -- at least this time it's not just testing some crap created from scratch by the researchers themselves -- they chose DeepSpeech, of all the speech-to-text algorithms, widely considered so bad that this might be the first study to actually bother testing it. It's no surprise that it fails so badly. Even if they have to confine themselves to open source (which makes no sense in this case, since they neither analyze the algorithms nor modify the code), CMU Sphinx and Kaldi are the gold standards.

No one cares how DeepSpeech fails, it's widely regarded as a failure. Waste of time testing that. Wait until it has another year or two to mature before it's worth testing.