* Posts by Grogan

146 publicly visible posts • joined 10 Sep 2012


NSA urges orgs to use memory-safe programming languages


Re: http://sappeur.ddnss.de/Sappeur_Cyber_Security.pdf

Don't even try to argue with these parrots.

Strong support for Snap and Ubuntu Core as Canonical meet IRL


Re: Whether it works well in Ubuntu Core, I don't know...

The problem with static linking is that you have immutable code in your binaries.

I won't parrot hypothetical security concerns with statically linked libraries that can't be updated in the application because that's only applicable in specific cases, where there actually is a problem. (i.e. show me a problem before you wag your finger at me)

However, static linking is all well and good, until the static code in your application no longer interoperates with other APIs on the system that have changed. For example, bundle or statically link harfbuzz, and your application will be broken when the system freetype API changes (recent example with Steam a few months ago). Statically link Cairo and your application may stop working when glib/gtk or X11 machinery changes (past example with Firefox). These are just personal examples off the top of my head.

So there are pros and cons to static linking. It MAY make your application more compatible and binaries more reliable with age, but it may end up being even more fragile (depending on circumstances). Often shared libraries are backwards compatible, they still support the old functions at the front end where the internals have changed, or the APIs it depends on have changed, and your application may not know the difference. Of course that's not always the case.

Vonage to pay $100m for making it nearly impossible to cancel internet phone services


When I get a service I am having trouble canceling, I call the credit card company and scream fraud (whether it really is or not). I don't play games with billing. I'll ask once for a refund or correction, then after that it means war.

My sister joined a gym in Toronto and was tricked into signing up for a "lifetime membership" (What? Who in their right mind would sign up for something like that. What if you have to move, or fall ill etc.). She had to move out of the area, and they refused to cancel the membership and kept billing. So she just called Visa and got them to stop the payments (and claw back the last 2).

Maybe things are different in Canada, but credit card companies generally will protect you from bad behaviour.

Uber, Lyft stock decimated as US aims to classify gig workers as staff


My insurance brokers got after me twice (after I ignored them the first time) to get commercial vehicle insurance, because they know I'm self employed. This is simply driving myself in around my locality in my personal car (i.e. not owned by my "business" or anything), to work on people's computers on-site.

The second time I took their advice. I was just planning on lying if I got in an accident, "I was on my way to McDonalds" or whatever, but since they were already aware of what I do (and contacted me again about it with stronger admonishments), it was sensible to just upgrade insurance.

The bottom line is, I would not be insured if I got in an accident if they could prove I was on my way to a gig.

Can reflections in eyeglasses actually leak info from Zoom calls? Here's a study into it


The media cartels will be lobbying to put a stop to video conferencing now, because it can be used to share video. I can watch a movie and you can watch it from the reflection in my nerd glasses... LOL!

Getty bans AI-generated art due to copyright concerns


Re: Ahh...

I'm not a photographer (and I don't really care about imaginary property that much) but that story disgusted me. How those gorilla huggers convinced a judge to award copyright and royalties (past, present and future) to their foundation for that photo is a testament to ridiculous times.

By that logic, Naruto the ape should have been charged with theft for taking the camera.

US accident investigators want alcohol breathalyzers in all new vehicles


Re: Regarding touch testing

Typical knee jerk, nannying bullshit that dumbs everyone else down to your level. There is no law that says you have to have both hands on the wheel. I don't at all times, even when I'm not doing anything with the other hand. If you're not competent, by all means restrict your own behaviour.

Pull jet fuel from thin air? We can do that, say scientists


Re: you focus on EVs were you can

It's fucking ridiculous having to deal with car dealership mechanics now. Expensive, they never do "repairs" (only replace parts... all of them involved that may or may not get wrecked in the process) and the vehicles are stupidly engineered and it keeps you coming back.

Fuck the flippant replies, I've got a vehicle that has a fuel line made of bioplastic. A one piece, shaped fuel line that costs $500 just for the part (thousands in labour and cleanup) when squirrels gnaw through it and pressurized gasoline sprays all under the hood an into the ventilation system and soaks into all the dampening materials. It has happened to me twice since I got that vehicle in 2018. The second time, I asked Ford to reinforce it with some steel braiding or something and they refused. I took the car somewhere else (to a real mechanic) to get that done and so far, nothing has chewed through it. It's a "Ford Fusion" this vehicle.

It's in again right now, for two days for brake work that's going to cost probably $1300.

The last car I had that I could really work on was a 1984 Mercury Topaz. It still had a carburetor you could clean and adjust, even. I drove that thing for 12 years and drove it to the wreckers not because the engine was bad, or that I couldn't keep replacing parts on the car, but because I didn't want to spend the money to get new tires again on a car whose body wasn't going to last much longer. I got 50 bucks for the car (scrap value) but a year later I noticed they were driving my car around the scrap yard (all but driver's seat removed) for hauling parts around. You couldn't kill that thing lol

New Outlook feature: It freezes up when dealing with tables in emails


For decades I've been using a mail program that strips out html junk and presents it as plain text with links. Most of the time it's enough to be able to function. Occasionally, if I absolutely have to deal with an email with some shit that doesn't work (e.g. a button I'm supposed to click whose URL I'm just not getting), I'll have to save it as html (and maybe edit a bit to get it to work) and load it in a browser.

The mail program I use is called Sylpheed. Pry it from my stiff, dead fingers :-)

Anti-piracy messaging may just encourage more piracy


It does for me. The harder they squeeze, the more that will slip through their fingers.

The financial impact of piracy is not as "consequential" as they like to whine about, as they assume that people are going to buy their rubbish in the first place. They are essentially thinking they are entitled to this money and if they don't get it, they blame piracy.

Some people will pay, some people won't, and fewer won't if it's crap, or they make it difficult. It's as simple as that. Ignore those that don't and concentrate on making it a better experience for those that will.

Yes, carrot works better than stick.

British intelligence recycles old argument for thwarting strong encryption: Think of the children!


Re: "Her Majesty's Government has no intention of picking up the tab"

Well... they can't really stop people from using their own end to end encryption anyway. I could send you files right now such that government agencies wouldn't live long enough to break the encryption.

Demand for smartphones is drying up


Re: Innovation

I future proofed this system when I built it in 2010... a good Nehalem based Corei7, a deluxe motherboard with solid state capacitors, a big futhermucking Antec case, expensive 1000W power supply etc.

I'm on my third graphics card in this system, but everything else has been just fine. I've got SSD's now too (and one NVME with a PCI-E -> M.2 adapter card)

The only problem I'm running into now is inconsiderate game devs letting AVX instructions creep in. It's only a problem for that, because commercial games are the only things I can't compile. However, it's relatively rare, because most game devs don't want to limit their customers. There are still a lot of CPUs out there that don't have, or don't implement those instructions well.

It's not like the 90's when you had to upgrade very year (when hardware advances were significant). Smart phones are now the same. I use the same one for as many years as I can... I hate having to get a new phone.

Improve Linux performance with this one weird trick


Re: Disable swap

You're defeating the most significant and important purpose of swap. It's not so much for giving yourself "extra memory" nowadays. (If you're actually working with data paging in and out of swap, that's not viable. A big compile job can take days, for example)

The most significant use of swap is to aid in memory management. The kernel can't free up anonymous pages. It has no idea if that data is there for a process, or if it's orphaned and it's data that could be lost since it's not backed by data on disk, if you don't have swap. It can't just be dropped.

Tim Hortons collected location data constantly, without consent, report finds


"As a Canadian"

As a Canadian, I'm here to tell you... Fuck Tim Hortons. They are like a cancer, spreading to your countries too. Their end goal is to displace everything else in smaller communities. Don't let them.

Overpriced, cheaply made (with fake ingredients, fillers), garbage and their coffee isn't anything special. It'll do in a pinch, it's drinkable and has caffeine, but almost anywhere else or any other brand from the grocery store is better than that. It's all marketing brainwashing.

Here you've got idiots that won't drink any coffee but Tim Hortons. (kind of like the psy-op Heinz ketchup has done on the population for more than half a century)

What are real organisations doing with zero trust?


Re: El Register is catching the same disease as a lot of commenters...

Yes, these are IT buzzwords used to garner clicks. These articles are essentially paid advertising... in this case, gathering marketing data with the survey.

Germany advises citizens to uninstall Kaspersky antivirus


Re: Just don't use ANY anti-virus

The threats nowadays rely more on human trickery. They aren't as much "viruses" with patterns you can detect and heuristics can only be so aggressive without flagging and interrupting legitimate activity as malware activity. They can't exactly block programs that are trying to write to your documents (the results of that are things like that asshole Bitdefender preventing game data from being saved)

Fancy some new features? Try general-purpose Linux alternative Liquorix


Re: I'm guessing that Devuan might [not] be able to use the Debian kernel?

Besides... there is likely a copy of the systemd binary renamed to init in /sbin (and sbin -> /usr/sbin in those silly distros these days)

Also, it's more that the kernel CAN be configured with a different default init path (something other than "/sbin/init") but it doesn't mean that a distributor IS doing that. I'd be surprised if Debian would break that convention.

Snapping at Canonical's Snap: Linux Mint team says no to Ubuntu store 'backdoor'


Well, fortunately an old school user like me can build my own system from scratch, my way, with all the old school goodness like init and shell scripting ("sysvinit scripts" whether SystemV or BSD init), ALSA only audio, Shadow only logins (no PAM), software installed to desired prefixes for ease of maintenance by hand, minimal dependencies, and normal old school directories like /bin, /lib and /sbin instead of "usrmerge" symlinks pointing to /usr. Oh yeah, and a kernel built without performance harming security mitigations... pfft.

That's what I'm using now, except I reboot to a customized Manjaro setup for games (Because for gaming, you need a lot of rubbish x 2 for lib32) which still beats the Hell out of booting to Windows to play games.

I swear distributors have lost their fucking minds. Even good distros like Slackware are starting to find it difficult to not conform with the new wave of dictatorial bullshit.

Snap is utterly retarded, and if that were to become the norm, there's no way I would use any distribution that forces it (and by force, I mean making it the only way to get a lot of packages)

Microsoft announces official Windows package manager. 'Not a package manager' users snap back


Re: Cough, Splutter, Gasp

"Why would you even want to be running multiple distro? Is there any benefit to running multiple distros?"

There are a few reasons I do.

1) I always have two Linux systems on the same machine, so I can boot to one to work on (or fix, or make a tarball backup of) the other.

2) I like to have a lean, clean, serious Linux system and another with a lot more crap (e.g. multilib) for goofing around and games. It used to be that I kept a Windows installation for games, but now I boot to another Linux system :-)


Re: Cough, Splutter, Gasp

Most "package managers" are just different front ends to the same package management system, that use the same repositories and package databases.

Even across different distros, the same or similar (familiar) front ends can often be used. For example "Synaptic" can be a front end for both dpkg (.deb) or rpm based distributions. There's even an "apt-rpm"

... and no, we're not going to homogenize everything because Windows converts can't wrap their heads around it. Choice is a feature of our environment.

We beg, implore and beseech thee. Stop reusing the same damn password everywhere


Re: In other news....

I am of a mind that security that foils the legitimate user is NFG.

A password that I can't remember is NFG to me.

So what I do, is mix and match different (hard) password phrases, so I just have to remember four 8 character phrases. If I forget what I used on some site or service, I know it's a combination of 2 of those 4. I can always get it before exhausting 5 failed login attempts :-)

The end result is pretty strong 16 character passwords.

Google tests hiding Chrome extension icons by default, developers definitely not amused by the change


Re: When will they learn?

Yes, browsers are like an operating system environment within themselves these days. Especially on platforms (e.g. Linux) where you can't rely on system library versions working correctly and have to bundle static for a lot of things.


Piss off Google... I hate your software because of stupid decisions like this. I don't use Chrome/Chromium anywhere, anymore. Vivaldi is still a top notch browser, but they are going to find it harder and harder to maintain the Chromium backend without all the unwanted changes, eventually.

I use Firefox on mobile too nowadays. It's a somewhat slower renderer (and there's a bit more penalty for using Ublock Origin... though the benefits of blocking crap outweigh that where relevant) but its worth it for having a better user interface and support for such extensions. Know what I hate most about mobile browsers? They all insist on loading your last session. Firefox is the only one I know of that has a setting to just make it start with my specified home page and not load tabs from the last session.

Remember that clinical trial, promoted by President Trump, of a possible COVID-19 cure? So, so, so many questions...


It's not so much about "virus levels", it's about surviving the infection. Much of the damage to tissue in a viral infection is the body's own immune system attacking cells. Necessary, to some extent, because virus infected cells need to be destroyed but if it goes too far it can kill the victim (lung tissue is pretty important obviously). That is how the hydroxychloroquine cocktail may help. It's an extension of "well, it helps with autoimmune diseases, so..." but its not been tested well enough for viral infections to make those claims. It is not anti-viral.

Internet samurai says he'll sell 14,700,000 IPv4 addresses worth $300m-plus, plow it all into Asia-Pacific connectivity


If IPV4 addresses are just being hoarded for speculative value, they should be taken away and allocated elsewhere.

I have to justify my IP addresses...

Crack police squad seeks help to flush out Australian toilet paper thieves


Toilet paper is in short supply, because every time somebody coughs, everyone in the area beshits themselves :-)

The shelves may be empty, but the disk is full: Not even Linux can resist the bork at times


Re: This can't be Linux

Any idiot can fill up their storage. That's not "Linux" that's stupid users and (possibly custom) software that doesn't clean up after itself.

Unless overridden in the filesystem, 5% of the storage will still be available for root owned processes. That's why they can still boot in single user mode and fix it.

US telcos tossed yet another extension to keep going with Huawei kit despite America's 'security threat' concerns


Re: Ugh

The Orange Ignoranus :-)

Windows 7 goes dual screen to shriek at passersby: Please, just upgrade me or let me die


Re: eh?

I've only used Windows for games since probably 2000'ish. Nowadays, while I still have a Windows 7 install handy, I very rarely boot to Windows to play games. There's basically one I care about that I can't get to work, Sniper Elite 4, and I don't play it that often anymore. That Windows install could almost go, but it doesn't have to. I never updated anyway, just Service Pack 1 and the Platform update (and runtimes as necessary, usually done by the game installations themselves).

My next build isn't even going to have a Windows install. I really despise Windows 10 (and 8.x before that).

Take it Huawei, Pai: Senate passes bill to rip 'dodgy' kit from rural telcos


That's OK, he'll take that money out of the mouths of the poor, and further defund public institutions and programs.

It will take a long time to undo the damage that Trump and the rest of those malicious, greedy twats that enable him have done.

US Homeland Security mistakenly seizes British ad agency's website in prostitution probe gone wrong


This is why Americans just should not have that power. Time to do something about those root servers.

Really... they get their property (domain that they registered and paid for) back only after jumping through American hoops and agreeing not to sue for damages? How generous of them. Again, typical American bullying.

Pope tells his followers to log off for Lent


... and don't forget to pour salt on the holes in your hands.

Really despise religion and Catholicism isn't one of my favourites... it's right next to that American rubbish. It's such hypocrisy too, fasting becomes "don't eat meat" and that becomes "have a fish and seafood feast".

How about the Papal Penis spending his Lent STFU'ing. It's time mankind sheds such silly superstitions as sky daddies anyway. Especially when it's used more to oppress and control people. Religion is holding back progress.

Having the Pope try to shame people into giving up their social interactions and information streams as a matter of suffering and sacrifice, really irks me.

London's top cop dismisses 'highly inaccurate or ill informed' facial-recognition critics, possibly ironically


"The head of London's Metropolitan police, Cressida Dick" <--- So not your average Dickless Tracy then? heheh

Firefox now defaults to DNS-over-HTTPS for US netizens and some are dischuffed about this


As if I'm going to let Mozilla choose a "name resolution partner" to control my DNS lookups. Not interested, not having it.

I don't do ISP DNS servers anyway, I use a service that I trust to return current (respecting TTL), unbiased results. In resolv.conf files as well as in my router/gateway for any other clients. I've also considered forcing redirection, but don't want to limit my abilities to query other name servers directly.

Microsoft uses its expertise in malware to help with fileless attack detection on Linux


Probably not, and the entire point is that you should not use it. (Because of the stated philosophy that we like)

I take that one step further. If I can't compile it, I'm not using it. This includes software that is open source, but is just too onerous to build.

EA boots Linux gamers out of multiplayer Battlefield V, Penguinistas respond by demanding crippling boycott


I didn't appreciate the flippant tone of this article either.

I have canceled my EA subscriptions. I'll buy games from companies more friendly to my environment. I certainly don't need to buy their games.

AT&T insists it's not blocking Tutanota after secure email biz cries foul, cites loss of net neutrality as cause


Well... these companies that sided with abolishing net neutrality needn't complain when they are accused of interfering with traffic every time there's a routing problem.

Shouldn't Uber freeze app accounts to prevent spread of coronavirus by drivers and fares? Oh, OK, it already is


Re: Well whaddya know

Drunk passenger: "Got room for a large pizza and a case of beer up there"?

Driver: "Sure"

Passenger (leaning forward): Baaaaarrrfffff!

Parks and recreation escalate efforts to take back control of field terrorised by thug geese


Back around 1999/2000, I had an apartment in the Etobicoke district of Toronto Canada, near Lakeshore BLVD. A stone's throw from my building was a nice lake side view of belching smoke stacks, and there was a nice park. It was also overwhelmed with geese (Canada geese) and I am not exaggerating, I've never seen so many geese anywhere in my life. You couldn't walk on the park lawns, as you'd be slipping in goose shit and you couldn't take children to this park for geese would chase people and try to hit them with their wing bones. People don't realize it, but geese are dangerous birds and can easily break a child's leg. But nobody was allowed to do anything about the geese, any time a call for action came up people were "Nooooo!" (and of course most of these people didn't even live in the area).

Noisy, smelly, ornery things. I hate them.

Bada Bing, bada bork: Windows 10 is not happy, and Microsoft's search engine has something to do with it


Dinosaur here... I use Trinity Desktop (TDE), a fork of KDE 3.

What's ironic is that back in the day, while I liked KDE, I considered it too bloated. Now on today's hardware, by today's standards, this is the snappiest desktop (other than minimalist standalone window managers like fluxbox) I have. It takes minutes to compile nowadays vs. hours back then, too.

I grew very disenchanted with XFCE, it's no longer the light weight desktop it used to be when it was based on GTK+2. Blech.

Plasma 5 is visually nice, and feature rich but it's very messy with ridiculous dependencies and bloat, as well as making a horrible mess in the user's home. I'll never install that again. That's what got me to switch to Trinity, self contained in /opt/trinity and ~/.trinity.

RIP FTP? File Transfer Protocol switched off by default in Chrome 80


Re: Such a fuss..

Yep, it's a user login. It's basically a subsystem launched by sshd. If you give users a shell that allows them access to the whole machine (no jailing of any kind, relying solely on filesystem permissions), they will have the same access with SFTP that they do with a SSH shell. It's really not for public downloading.

I've seen (stupid) clients that restrict access to files you own when making use of SSH2/SFTP protocols but if you can log in with that, you have shell access anyway.

Also, it's not at all like FTP. More connection overhead and no control markers in stream for resuming transfers. It's not a replacement for FTP. I use the standard sftp client (I like it... takes wildcards and uses most shell conventions) to transfer files to/from servers but if anything happens you're starting over with that 8 Gb tar archive backup etc.


Google started making noise about this some time ago, and it was then that I dropped all Chrome(ium) based browsers and went back to Mozilla Firefox.

There are still FTP download links out there. Some driver downloads for Windows still use FTP at the back and, and there are plenty of times I click to download a tarball from ftp servers.

FTP is a good protocol for downloading. For one example... it inserts control markers in the stream for reliably resuming transfers. Firefox has limited support for resuming http(s) transfers, if the download fails. If it stalls and you cancel, it's game over. Chrome? Not at all.

Google doesn't get to control my Internet.

At last, the fix no one asked for: Portable home directories merged into systemd


Context of optional

Systemd's optional features tend to be optional in the sense that distributors decide what features they are going to implement. Your distributor will initially decide whether to use homed for home directories (I don't necessarily mean on removable media etc.) and if you know how, you can undo it. Similarly with the binary journals, a user can edit the configuration to disable the journals and install and configure another sysklog program (e.g. syslog-ng).

I dislike systemd but I can work with it if I have to. I have one distro (a heavily customized Manjaro) that I use for gaming and I have defanged systemd as much as I can. I use straight forward static networking, I disable the binary journals and use syslog-ng, I disable unwanted init units with systemctl, mask static units that I don't want, as well as unwanted things that start through sockets. I don't mind using systemctl so much, but I do dislike what's behind it (that system of unit symlinks etc.)

Stuff like this is not "optional" for the average user though.

For my real system, I'd use Linux from Scratch (non systemd of course) and/or Slackware.

The UNTOLD SUCCESS of Microsoft: Yes, it's Windows 7


Re: What the hell did they expect?

I didn't say that programs didn't work, I said it made it more difficult to use them and that a shell replacement was needed to restore arbitrarily removed functionality.


Re: What the hell did they expect?

Well... the problem is STILL that Microsoft makes it difficult to use "legacy software" (read, software that isn't dumbed down for the tiled, "Metro" environment and the Microsoft store). That "start menu" is still dysfunctional.

Fuck that... it needs a shell replacement (e.g. ClassicShell) at the very least.

In Linux distributions, at least you have choices on the desktop environments you can use, window managers and GUI behaviour.

Friends don't do tech support for friends running Windows XP


Re: "13 years. 13 years. 13 years is far too long to expect support."

... and crap like that (and things like no downgrade rights for consumer editions of Windows), is why I employ "licensing tools" with no remorse.

I'm still going to help people with Windows XP computers. They don't have to change their lives to suit Microsoft's agendas. Most people who are used to XP don't want a silly new version of Windows


Re: I've been helping friends (and businesses) upgrade from XP to ...

Bah... go ride the baloney pony off into the sunset. Modern Slackware has decent versions of everything, has a fully functional environment out of the box, for compiling things they don't provide and it's simple to administer for anyone clueful. Once that's done, it can be be used by Grandma and it won't change.

Just as we said it would: HP clamps down on server fixers


Re: Just say

Yep, not only small businesses but I'd bet that a lot of web hosting companies will avoid HP server hardware. Dell Poweredge or machines built in house.

Microsoft-backed lobby group demands market test of Google's proposed 'search fix'


I run a computer service business where I do things like go to homes and offices to solve computer problems, remove malware, I get and set up new hardware for people etc. and generally do things for them that they don't know how to do themselves.

I remove Bing anything on sight. Bing toolbars, Bing Desktop, Bing Search Provider (I actually delete it, not just make something else the default heheh) and if MSN is the homepage, I change it. I haven't yet met anyone that wanted Bing back.

To be fair, I'll also say that I remove all other toolbars and/or things like "Google Desktop" as well (I can't stand pollution) though I make people's home pages plain old Google (www.google.ca in my case) unless they specifically want something else. It's a very useful, fast loading page without a pile of crap on it and seldom stalls the first opening of the browser like some of those other asshole portals.

I do that primarily because Google finds the things people want instantly, even before they finish typing it. I know that choice is a good thing, but I don't see the point of using anything other than Google to search. I personally try others, but I have yet to find one I like better than Google. However, I'm not above saying that it's partly vindictive, because I detest Microsoft and distrust their search results.

You'd be surprised at all the people that can't, or won't learn how to change their home page when it gets hijacked, by the way.

Behold the world's first full-colour 3D printer


When they come out with a 3D printer, that can print a 3D printer I'll be interested. Until then, it's a scam and I'll not be dazzled by pretty colours :-)