* Posts by DCFusor

868 publicly visible posts • joined 12 Oct 2013


Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET


Then they tell their friends, and they tell THEIR friends and...

Since this stuff steals SSH creds, it only takes that first compromise, then you have all those logins, which in turn get you all the ones on the next batch of systems which...

The real initial vector could be as simple as social engineering on some middling important system somewhere.

What happens when the internet realizes the stock market is basically a casino? They go shopping at the Mall


Re: The Big Short Squeeze - Naked shorting

It's illegal when I do it. What appears to have made this all worse is that the big hedgies - who mostly haven't been performing anywhere near well enough to justify their 2 and 20 fees ...

Naked shorted the stock - and a few others. If what I see in reports is the case, more than 100% of the float in this stock was sold short.

Illegal if I do it....shares not borrowed at all, just made up out of thin air and sold by hedgies.

You can do that when no one looks at the bits or demands even paper records. Faking is easy.

OF course, those guys are well connected, since the people they manage money for are politicians and rich folk.

So they had to call a halt on the poor doing to the rich what the rich have been doing to the poor all along.

Perl-clutching hijackers appear to have seized control of 33-year-old programming language's .com domain


Sometimes older is better

I'm a rather enthusiastic perl user myself, even on things like CGIs running in Raspberry Pis.

Since I don't use the bleeding edge stuff - just the version that comes with whatever distro....not a problem for me yet.

Updates to "distro perl" are pretty rare...

Now, if the baddies get metacpan, we're all in he soup.

Engineers blame 'intentionally conservative' test parameters for premature end to Space Launch System hotfire


This is almost pure pork (See Scott Manley's comments)

And we all know how well pigs fly.

Flash in the pan: Raspberry Pi OS is the latest platform to carve out vulnerable tech


No mention of Okidata? Some of them still work.

New year, new rant: Linus Torvalds rails at Intel for 'killing' the ECC industry


Recent AMD mobo

My b550 mobo claims to support ECC, though I haven't tried it. I just built a pretty nice system on one. Since I only use it for video editing, it doesn't

need huge long uptimes at one go, I use a less power hungry system for a daily driver.

Doesn't the ECC check slow things down a little bit? Or is it always pipelined so the CPU finds out a couple cycles later (if it hasn't already crashed)?

IIRC that's how it used to be done.

Red Hat defends its CentOS decision, claims Stream version can cover '95% of current user workloads'


Re: ** To get a decent desktop manager - which Gnome 3 is not.

Mint Mate works for me. And the "real" one, not the bastardized one you can put on ubuntu.

Simple, doesn't get in the way...little to no BS (and yes, I put the bar on the bottom).

Twitter, Mozilla, Vimeo slam Europe’s one-size-fits-all internet content policing plan


:This statement is disputed" could realistically be applied to any statement whatever.

People dispute all sorts of things almost all of us believe are true. From perpetual motion to the shape of the earth, (and remember epicycles?) - and a really long list of other things scientists are basically tired of having to debunk over and over - the Gish gallopers just wear you down...and then they say "no one refutes my argument" because they only bother to look at the last week - as if having blown it up a century ago or more doesn't count.

The fact is, which ones get that tag - and which not - reveal quite clearly what the agenda is of those who use that tag. Sadly, this is mostly obvious to those who somehow learned critical thinking, despite the lack of teaching it in our schools.

No one seems to want to do the effort to connect the dots - if some thing is true, there are implications, ditto if that thing isn't true - two utterly conflicting things can't both be true, for example.

Yet people are lazy enough to allow serious cognitive dissonance to survive and even be celebrated, when it should be the butt of jokes.


Re: Who decides the definition of "Harmful"?

Those who want more control want us to forget:

The truth doesn't need to be protected from other ideas.

Those other ideas collapse when revealed as untruths.

It's messy and takes awhile, but in the end, the truth wins. Those afraid of it shouldn't be protected, they are in fact the enemies of the rest of us, and undeserving.

Some times it's better to keep quiet at let people think you're a fool, than to open your mouth and prove you are - via this truism, false ideas are shown to be the work of fools. They are their own best counter-arguments. Why would someone want to prevent that? /rhetorical, see politician above

Cybersecurity giant FireEye says it was hacked by govt-backed spies who stole its crown-jewels hacking tools


Re: Woops

My own experience is that individuals, not state actors, are by far the most competent. Bunnie Huang (REd SD cards), Chris Domas (RE'd intel's rings and got to negative rings and undocumented instructions...). Search youtube for either. My own guys REing Microchip's internal debugger (which violated a BS intel patent so their own tools hid how it worked). And on and on. The thing state actors have is time and a guaranteed paycheck. Which might not be that helpful, since if they slip up and are detected before they succeed...they might lose the chance.

Here in the US it turns out that one of our agencies has a program called UMBRAGE to get people to mis-identify their attacks as coming from some _other_ state actor. And it's not even a secret.

Recent news here seems to show that those who've been shouting "Russia" the loudest were actually on the CCP payroll...including some in congress...

As Bruce Schneier (and others) have said, attribution is _hard_. And there are a lot of reasons to attributed things incorrectly to support other agendas. Look, a squirrel!

Many grains of salt are required in this business.

One more reason for Apple to dump Intel processors: Another SGX, kernel data-leak flaw unearthed by experts


Re: Seems like isolation is the best solution

The raspi 4b I'm using as a daily driver for my off-grid homestead - winter cuts down the hours I can use the big stuff (solar), is good for revealing who writes lousy scripts and bloated websites. Other than that, browsing, editing and testing code, running services like a local NGINX, MySQL and some perl CGI's while polling some LAN of things devices on the homestead and making plots with gnuplot - with data stuffed into MySQL and served by NGINX to a local chromium) no problems. The pi is mostly loafing.

The main issues are with pages made with some bloated framework that allow unskilled to add content without considering sizes and formats, and frankly, gmail's webpage seems to go slower and slower until it's taking 20 seconds to respond to a keystroke in chromium. Some opaque script I suppose, written by developers who only test on their big dev machines- a common issue.

Everything else is quick enough not to matter to me, even driving two 1080p displays with YouTube on one of them.

Yes, it's overclocked to 2 ghz and runs from a gumstick drive with a USB3 adapter. Fairly swank.

Who among you can resist an eight-core, 2.9GHz mini-PC or thin client that drives four displays?


Re: Not really embedded ready

In my hard real time embedded apps, I don't expect the CPU that runs the "big analytic and user interface" stuff to be hard realtime.

I instead follow the long used model of using a dedicated CPU running a hard RTOS to do the low level stuff and buffer for the big guy - the little guy handles the a/d converters and actuators. This lets the big guy run some pre-emptive multitasking system and occasionally ... pre empt something without losing data or timely control. The simple stuff is all delegated to the little guy which is commanded by the big guy and ultimately the user. There are lots of cheap and fast teensy cpus out there to choose from.

This is how PC's work anyway - there're a lot of little CPUs in most modern ones. Disk drives all have one, even USB sticks. Sound cards have had to have some smarts and buffering forever. Then there are GPUs/video cards. All use some special processor "at the metal" to satisfy requirements you can't really do with a multitasking interrupt driven opsys whose glory is to -- pre-empt and go do some job of it's own now and then.

Intel is over GPUs and CPUs – it's all about 'XPUs' now that OneAPI code-abstraction tool is golden


Re: Bye?

Lots of people wish they could sell their ex...

Global Privacy Control emerges as latest attempt to let netizens choose whether they want to be tracked online


Re: Another flag to be ignored

How would you ever prove that party B got your info by buying it from party A (or any other you'd told not to sell your stuff)?

No enforcement, no effect.

There used to be at least slight decency, morality, doing the right thing for the sake of it.

But all of society has become just "don't get caught" instead of "don't do wrong" and "do right".

Those things we call schools....and parents...kinda stopped teaching those ideas quite awhile back, and

here we are.

With so many cloud services dependent on it, Azure Active Directory has become a single point of failure for Microsoft


"No commercial software is written for anything else" is less and less true by the day. You must have a particular setup in mind. Do you work for one of those companies that only provides a windows version of their code? Could you name examples?

Even the hated Oracle supports linux these days. MS is coming along, and many minor players have been there quite awhile.

Not the Southern Rail of the stars: Rocket Lab plans frequent, regular trips to Venus from 2023


Re: Exciting times.

As it would seem you're aware, surface conditions on Venus are kind of a nasty engineering challenge. However, it would seem that various layers higher up in the atmosphere might be quite interesting, making the design challenge different, if no less difficult.

Something that floats...and can maybe navigate vertically should be quite interesting - and also a dream project that might return more useful information, particularly about life than something that sits in high gravity in a nasty chemical atmosphere that can melt solder...

Flying camera drones, cuddly Echo gadgets... it's all a smoke screen for Amazon to lead you gently down the Sidewalk – and you'll probably like it


Re: I'll keep living in my gloriously dumb home....

At least they still can't hear my imaginary guitar notes.

Not Particularly Mortifying: IEEE eggheads probe npm registry, say JavaScript libs not as insecure as feared


Re: Not even one in ten

You'll be fine. Most of the bullets shot at you will miss - that's what they're saying.

Someone appears to think it takes a majority to do the damage.

Bennu Jerry's, anyone? OSIRIS-REx probe to attempt 3 scoops of asteroid next month before bringing samples home


Scale calibration

We used to use nickels for at least coarse calculation. US nickels (at least used to) weigh precisely 5 grams. There's your metric system in practical use.

How else to know how much pot to put in a nickel bag?

Take your pick: 'Hack-proof' blockchain-powered padlock defeated by Bluetooth replay attack or 1kg lump hammer


Re: Sounds familiar

LPL totally rocks - and counts the prep time most often.

But here, I think we have a relevant saying I first heard from Bruce Schneieir -

(paraphrased) - Anyone can create a code they can't break themselves.

Taking that one more step of indirection - these guys probably couldn't come up with a replay attack themselves. You'd have to understand BT a little, rather than just buy a chip and stick it in, and then use apis from a pre-written framework library for some app. The inner workings of such things may as well be magic to most people - even developers, though they don't like to admit it.

As to the hammer, well...(it's probably noisy)

Often the lock isn't even the thing you bypass. Deviant Olam..hinge pins, under door tools, and the rest of a long list.

I've seen massive locks on a chain link fence that a decent set of wire cutters would make a hole in. Or just pliers to untwist the twist ties holding the chain link to the posts..

Oracle customers clamor for its hardware. Yup, hardware. It can't build Exadata fast enough


Re: Entirely predicatble (and predicted):

Well said - I've said the same here, probably not as well.

I DID manage to retire awhile back.

From this perspective, it's (mostly) amusing.

Always remember how much is supported by the churn - which will always encourage further churn - those ad bucks, PR paychecks, even online tech sites. It might even produce employment that is noticeable in the same scale as the tech itself! And talking about stuff is generally less risky than actually doing it.

No, Kubernetes doesn’t make applications portable, say analysts. Good luck avoiding lock-in, too


Re: Tradeoffs are a constant, getting them right is the key

Yup. But given much of what I see reported here, as well as observe on my own, restating the obvious can easily be a positive service to many.

There are whole columns here on The Reg that are, roughly speaking, about "oops of the dumbest sort".

Common sense....isn't.

What price security? Well, for the US ban on Huawei/ZTE kit it's around $1.8bn, and you're going to pay most of it



FWIW, a couple billion might look big to some people who don't know the US 2020 fiscal budget was:

"The federal budget for the 2020 fiscal year was set at $4.79 trillion."


I don't know if that includes the extra couple trillion of stimulus recently spent. It doesn't include the underfunded medicare/SS, I believe.

At any rate, 1.8e9 / 4.79 e 12 = .0004, which times 100 is .04%.

Wow, that's a huge deal. /sarc

Snowden was right: US court deems NSA bulk phone-call snooping illegal, possibly unconstitutional, and probably pointless anyway


Re: What is the point of the court ruling ?

They've been at this quite awhile - it's not the current admin's fault at all, other than them letting it continue. They sure didn't start it.

Makes sense, this does, says US appeals court as it swats away Oracle's protests in $10bn JEDI contract spat


I feel safe not.

If our national security is going to depend on "enterprise grade cloud" service, we need not worry about foreign attacks, it'll fall over on its own, examples abound. All an adversary need do is watch and wait...

Physical locks are less hackable than digital locks, right? Maybe not: Boffins break in with a microphone


Re: LockPickingLawyer

Dilbert on the topic:


All too true.

Experian says it recovered and deleted data on 24 million South Africans after giving it to random 'marketing' person


Re: I think Experian has had enough chances

They do have too much power.

I've discovered that if you don't have a rating - you fall off their records after some years with no use of credit and always paying any bills (no strikes on that permanent record your mom warned you about) -

Then the US social security administration will not let you create the standard "MySSA" account online for dealing with the various issues one encounters with social security.

No big deal?

Well, with the paperwork reduction act, they no longer really have facilities to handle you any other way. Yes, there's a phone number - you wait for an hour after an insane - 45 minute tour of the system with a robot asking questions, to get to someone who doesn't normally deal with customers and doesn't know why their phone rang. This may be good, no one else gets through because they hang up during the 2 hour wait - or their battery runs down,, and the person is often nice as they aren't on a firing line all the time.

I've had doctors demand some info from the SSA "this week" for qualifying for a particular fee schedule - and the only way I can get that is ask via mail in writing - takes about a month.

I called SSA to find all this out - the rep said "well, if Experian or Equifax doesn't have you, we have to assume it's some kind of ID fraud, everyone legit is a debt slave".

The US government doesn't know their own citizenship. Let that sink in.

Virtue is therefore penalized, and a private agency has far too much power. There's less than a snowflake's chance in hell this will change - they also sell the governments of the world data on you that they couldn't get legally otherwise, and it's the kind of data that makes Google, MS and others look like they are selling catnip in the marijuana market.

The definition of Fascism used to be some sort of crony public-private partnership. Dunno why people are just now using that word again - it's been quite a few changes of political power and this kind of thing has been going on for all of them - not just the current objects of hate.

Aw, Snap! But you should see the other guy – they're in dire need of a good file system consistency check


Re: Rocket science or crash

So, a chrome failure (app) and a hard drive issue (hardware) are now blamed on the opsys?

Windows sour grapes.

Ed Snowden has raked in $1m+ from speeches – and Uncle Sam wants its cut, specifically, absolutely all of it


Re: Treason

Do you seriously believe that those other governments the 5 eyes spy on didn't know all of that stuff, down to details Ed didn't even know himself?

Sounds like misplaced pride in ones own demonstrated (lack of) competence to me.

It's surely fair for the US to get the money - after all, they did all the work to commit the crimes that Ed profited by explaining. Obviously finding them, putting one's life at risk to perform a public service in informing us how little our own governments follow the laws they punish us for coming near is a worthless non contribution.

As an aside, some of us find it hilarious how low-thought people are who _don't_ recoil at our narrative controlling masters blaming the Russians or other boogymen du jour for anything whatever negative. I thought we paid our own guys to protect us from such things - warn us before the fact at least, among other duties, so in effect, they're admitting that they are not competent or in collusion with enemies themselves and are taking our money and freedom for...look what we get in return...

Linux kernel maintainers tear Paragon a new one after firm submits read-write NTFS driver in 27,000 lines of code


Yeah, but...

20 years ago real NTFS support would have been worth a ton more, and perhaps justified a lot of effort to add it. Now it's borderline obsolete...

Some lucky web developer just scored $20k to scour Facebook out of Neil Young’s website


All social media

Seems to be attempting to "screw with the election" - haven't seen any exceptions. Actually, all media, period. Even tech sites have writers with obvious agendas who put spin on things.

Too bad we let schools do to much of raising kids, and that schools don't teach critical thinking - it's not part of making the easily manipulated citizens they want.

Now it's backfiring, depending on your view.

And that's the thing - I'd bet Neil thinks some other platform is fine, since it tickles his own biases. I see this all around - if they agree with out, they're telling truth, otherwise they're evil purveyors of propaganda.

Common sense isn't. Projection rules the day these days - and it's really obvious to anyone not caught up in it themselves. Seems so easy to notice and accuse "the other side" of whatever you're most familiar with - because you do it.

As if that whole 2 sides thing wasn't an utterly false dichotomy.

"Would you rather we controlled your very thoughts? The other guys just want all your money so you live in poverty".

Surely there are other possible choices, maybe not readily available - the big club is rigged, but those are unacceptable.

The future of signage is here, and it wants an update


Even Microsoft

Has become a linux fan! Not only are they trying to emulate it internally, and make it easy to develop for, but they're obviously

also giving users a not so gentle push to get off it for anything that matters.

Now why you'd want to develop for and run software for a reliable opsys on windows, instead of natively on the reliable one, I dunno. But MS never did make too much sense. WSL seems to be an example of that, at least to me. Hard to see why that even exists except to temporarily keep people on windows enough to collect fees for office licences.

Pay ransomware crooks, or restore the network? Guess which way this city chose after weighing up the costs


Re: I wonder if...

The selfish part was doing lousy security. Now the taxpayers pay, not the entity deciding to pay ransom - it's not their money, so yes, selfish in that sense.

By refusing to take a stitch in time, they let their constituents pay the nine.

If you can read this, your Windows 10 2004 PC really is connected to the internet no matter what the OS claims


It's a trend

Anyone else notice that if you click on the voice search (microphone) icon on google's home page that it works fine in chromium, but in any other browser, it reports "no internet connection"? As in, how did I get to that page without one.

You're testing them wrong: Whiteboard coding interviews are 'anti-women psychological stress examinations'


Re: I interview tecnical personnel occasionally

I like the way you think. That's pretty much the sort of thing I used to look at.


Re: but this can't be true

It's been awhile, but the last time I accepted applications for the good jobs I had, I was flooded, just overwhelmed with applications. So many that even though a huge majority weren't as good as they tried to claim - resume padding was already an art widely practiced, there were many excellent prospects that were plenty good.

Coding skill is not the only thing you need in a coder!

A procedure that ditches most all of them is fine, as long as the one that's going to do the outfit good makes it. It may accidentally toss out a few good ones, but I couldn't hire them all anyway.

And my killer question - hopefully not sexist or anything else-ist - was "what do you do in your spare time with this skill set - what do you love doing?". A blank stare, no hire. An enthusiastic response, hired - even if it wasn't something amazing. People who love what they do will become great at it regardless of where they are at now. People just looking for a sinecure, any job, in it for the money - they will cost more than they are worth.

We did really well as an outfit, and our customers often asked me "where did you find these people" and were jealous. It must not have been a stupid method. And we did make plenty of money, but we concentrated on being the best and the money followed. Our enthusiasm for solving customer problems made sales and made our promises stick.

Report: CIA runs secret cyberwar with little oversight after Trump gave the OK, say US government officials


Re: Twitter Hack

Meaningless for the numerate and informed. $100k for an election campaign? Are you thinking local dogcatcher?

Needs more work as a theory, even the flat earthers wouldn't go for that, would they?

FYI Russia is totally hacking the West's labs in search of COVID-19 vaccine files, say UK, US, Canada cyber-spies


Vaccines are not money makers, historically. Try again.


Re: Why?

Yeah, despite the downvotes you got, and I'll probably get, it seems hypocritical to claim you're all about saving lives, but then not just sharing what you know that might help.

Does everything have to be about war and hate?

Those things do help people in power justify their continued power, but it doesn't seem like they help us as much as simple, and traditional, scientific sharing of knowledge we can all build on - the shoulders of giants - does.

Why is it bad for someone else to possibly learn how to cure or prevent this nasty? In truth, even clutching a solution to your chest only buys you a little time before it gets reverse engineered anyway.

So short sighted and petty. Disgusting.

When a deleted primary device file only takes 20 mins out of your maintenance window, but a whole year off your lifespan


Re: Speaking about the f*ing manual...

I've had the same thing happen with a '66 chevy staton wagon, when it was around 4 years old (giving away my age) as a teenager.

Got half a mile in the wrong car, noticed some things weren't quite right, came back to the grocery store to see the other fellow trying to start my (dad's) car and failing....

At least back in the day in pastoral USA, it was only an occasion for some laughter.

Nowadays, it'd be charged as auto theft or something.

Fans of Deviant Olam (he uses that name on youtube and conferences) know that virtually all Ford crown victoria police cars, and hence taxis, are keyed the same....and you can buy that key on ebay.

Linux kernel coders propose inclusive terminology coding guidelines, note: 'Arguments about why people should not be offended do not scale'


Re: Loaded words replaced by euphemisms

When I architect and then code a "master-slave" protocol, my use of those words makes mere human slavery look like weak tea indeed.

My master might also be a the creator, controlling the very existence of the slave, and the universe in which it exists. More like a god than a mere owner.

The slave has an utterly abject existance. Unlke in human slavery, I don't have to feed it, I pay no penalty, even economic, for killing it. (oh, there's another word).

And I'm going to execute that master code, which will in turn cause the slave code to be executed. I might burn it into a memory device first.

Perhaps, as CS Lewis mentioned in his space trilogy, the problem is that some things are just too definite for words? It's the human use of master and slave that is crap, not the software one.

But I guess like the transformation of the meaning of "hacker" from someone who was good at creating or finding unexpected uses for things into "cracker" - essentially a trespasser - we'll have to suck it up, and oops, there's another phrase of questionable derivation.

It's only a flesh wound (M Python) and we can't win. Just being right isn't enough around the snowflakes, and appeasing them will work for us about as well as it did for Chamberlain

Those who destroy history just make it easier to repeat. IF you're too easily offended to even learn it, well, here we go again.

The Moon certainly ain't made of cheese but it may be made of more metal than previously thought, sensor shows


Water has a really high dielectric constant too. Hmmm. "assumptions"

Linux Mint 20 isn't exactly bursting with freshness but, hey, there's kernel 5.4 and it's a long-term support release


Re: Colour inheritance?

And huskies. But I can't see....


Re: Form or function?

"It just works" was the killer app for quite awhile for some fruity firm.

Now the rest of us can have it without the idiot tax.

I like Mint/Mate for that, and stability is tops.

Like a vehicle I own - reliably boring. Kind of a nice feature for a tool.

Doesn't make for exciting click-bait for reviewers, and as soon as they say it, someone will carp about incompatibility that occurred before most college students were born and deny it.

But for people who just need something that works so they can get on with productivity...it's kind of nice.

Adobe about to pull the plug on Creative Cloud freebie 'at-home' access for students


Sound like you're just too lazy to learn any alternatives . No one who had learned a few would make such blanket statements.

You overstepped and infringed British sovereignty, Court of Appeal tells US in software companies' copyright battle


Re: Before all the American bashing....

This american cheered when the judge in the DVD Jon case said "wait, DMCA isn't a law in Norway" - to the astonishment of our legal system....

Microsoft claims AWS has used new JEDI mind trick with secret contract objection filing


Could this be a demonstration that now the Military Industrial complex has more power then the military itself?

The military can't seem to write their own code and manage their own IT. That's sad enough, and it should be a priority to gain that competence, frankly.

I don't think our security interests are best served by various vendor shenanigans that both MS and AWS are known for.

Yes, I know that "national security" is often used on contexts that have nothing to do with the average citizen's security, and often means the job security of some bureaucrat or contractor - or a way to classify wrongdoing so no one pays consequences. I'm using the naive understanding that they actually care about us.

And now we see that they can't even contract the job out to he desired supplier, and this isn't the first time for that - IIRC there was a contract for Air Force tankers that got reversed awhile back, as the company that thought they were entitled to the work but didn't have the best bid, fought in court till they got the contract anyway - over the arguably better original selection. Citation here (without the gory details that perhaps show the corruption better): https://en.wikipedia.org/wiki/KC-X

'A' is for ad money oddly gone missing: Probe finds middlemen siphon off half of online advertising spend


Re: Well this is a step forward

Reminds me of an ex I'll call Zeno.

Half of what's yours is mine.

Half of what's left is mine.


Senior MP tells UK Defence Committee on 5G security: Russia could become China's cyber-attack dog


Re: Finally gone for broke

I'm reminded of this quote, the truth of which doesn't seem to be affected by who is in power, or the country - it's nearly the same everywhere and everywhen.

“The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by an endless series of hobgoblins, most of them imaginary.”

― H.L. Mencken, In Defense Of Women

It seems the MIC worldwide, that great self-licking ice cream cone, that almost always gets its way, is just doing the old money seeking behavior so prevalent these days, and not unique to them.

Baby Diesel? Little d'Artagnan? There is another child of Musk in the world


Joule or Max(well) seem appropriate.