* Posts by el_oscuro

389 publicly visible posts • joined 14 May 2014

Page:

Auto manufacturers are asleep at the wheel when it comes to security

el_oscuro
FAIL

I was looking at getting a new car my 2008 pickup, but didn't want to deal with dealerships. And why do I need a new car anyway? I'm starting to need a little more maintenance, but that is nothing compared to a new car payment. And how is my old truck out of date? Really, just the stereo. I would like to have something that can bluetooth with my phone so I can get spotify, hear waze alerts, etc. So I got one of these:

https://www.crutchfield.com/p_130S600BS/Pioneer-MVH-S600BS.html

It has exactly the same connection to your car as the ones we used to get in the 1980's at Radio Shack - power, antenna, and the speakers. Nothing else. I know this because I will be installing it myself.

My PC is broken, said user typing in white on a white background

el_oscuro

Re: Pah!

With Windows, there is fun with Unicodes. Left-to-Right Override (U+202e) is your friend.

el_oscuro

I did that once back in the WFW 3.1 days. Except before making the screenshot the background, I turned it upside down.

Later when I took the computer in for repair, the shop thought they had installed the video card backwards.

Ubuntu wants to slurp PCs' vital statistics – even location – with new desktop installs

el_oscuro

Re: User needs

My Dad is almost 80 and a great grandad. Besides Linux, he also has a Mac and Windows 7 (safely disconnected from the network of course). His old system76 was about to give up the ghost, so I ordered him a new bare bones and gave him a link to the Ubuntu ISO. Not wanting to fuss with BIOS settings and such, he went to Fry's to get a teenager to install it for him for $50. Afterwards, I had him install the full development toolkit:

sudo apt-get install build-essential dos2unix unix2dos

With that he is in full business

UK ICO, USCourts.gov... Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned

el_oscuro
Boffin

Content-security-policy

Modern browsers all support content-security-policy, an HTML header which allows websites to white list JavaScript sources. But that would require them to *actually* know where their JavaScript comes from. That would totally break their shitty ad model.

Secret weekend office bonk came within inch of killing sysadmin

el_oscuro

Re: Live Steam - *seriously* dangerous

I would agree. My dad used to work at a place that had steam pipes like that, and when inspecting them, they had a simple test.

They would walk along side the pipe with a broom stick. Leaks were identified when the broomstick was sawed in half.

A Hughes failure: Flat Earther rocketeer can't get it up yet again

el_oscuro

Re: 1,800 feet

..Or he doesn't even have to leave San Bernardino county. Just drive about an hour west to the Rim of the World Highway. Some of those passes are above 8,000 feet.

Next; tech; meltdown..? Mandatory; semicolons; in; JavaScript; mulled;

el_oscuro

Re: Anyone seen a single line C program ?

I actually wrote a 1 line C program. And that code is still running in production.

I had a simple requirement: Run a shell script at a regular interval like every 15 minutes, and log the stdout/stderr to a log file. In Unix I would just put it in the crontab and be done with it. But I had Windows NT 4. The original AT scheduler was very limited but at least it worked. The installation of IE6 completely replaced it with a GUI which I could never get to work. And we couldn't use it as we didn't have RDP anyway.

So my program was basically:

int main(int argc,char *argv[])

{

system(argv[1]);

}

Why would I need this? We couldn't use cygwin or something like that for cron scheduling but we did have the Windows NT resource kit which included the SRVANY utility. This utility allows a command to be run as a service. But that command has to be an EXE and not a .BAT file. I also tried CMD /C but that didn't work either.

The scripts themselves handled all of the scheduling and logging, similar to Unix cron scripts that configure the environment.

10 years ago, we were 100% Windows and these scripts ran *everywhere*. Now we have migrated much to Linux but there are still production applications that use this 1 line program.

el_oscuro

Re: Tabs v spaces

Don't get me started excessive use of parentheses. Whoever came up with Oracle's tnsnames format should be shot.

el_oscuro

Re: Alternatively...

You also forgot the trailing; --

Hold on to your aaSes: Yup, Windows 10 'as a service' is incoming

el_oscuro

Re: It's an OS not an Ecosystem

I don't even have that. Dying Light, Kerbal Space Program, and FTL are my biggest time wasters, and they all run on Linux. And I have at least a dozen games I haven't even really started.

If Microsoft would sell me a legit VM image, I would probably buy it. Professionally it is useful to keep my Windows skills current. But other than that, Windows is completely over.

el_oscuro

Re: "sending activity history to Microsoft's servers"

Dude, get an intercepting proxy like Burp Suite and set your browser to use it. While Burp Suite is primarily intended for pentesters, you can use it to see how much shit phones home.

The results will probably surprise you. If used it to disable shitty extensions, disable default home pages, etc. All browsers are guilty.

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

el_oscuro

Re: no news

https://www.reuters.com/article/us-cyber-intel/intel-working-to-fix-security-flaw-in-its-chips-without-slowing-computers-idUSKBN1ES1BO

So you're 'agile', huh? I do not think it means what you think it means

el_oscuro

Re: Successful implementations?

**** Crickets ****

Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters

el_oscuro

You can also send your El Reg password too. It is totally safe. Mine is *********.

'Break up Google and Facebook if you ever want innovation again'

el_oscuro

Re: They just store what you give them

Unless you have this in your /etc/hosts:

# Blocking facebook

# https://winbeginner.com/block-facebook-hosts-file-windows-pc/

#127.0.0.1 facebook.com

#127.0.0.1 www.facebook.com

#127.0.0.1 login.facebook.com

#127.0.0.1 www.login.facebook.com

#127.0.0.1 fbcdn.net

#127.0.0.1 www.fbcdn.net

#127.0.0.1 fbcdn.com

#127.0.0.1 www.fbcdn.com

#127.0.0.1 static.ak.fbcdn.net

#127.0.0.1 static.ak.connect.facebook.com

#127.0.0.1 connect.facebook.net

#127.0.0.1 www.connect.facebook.net

#127.0.0.1 apps.facebook.com

127.0.0.1 searchincognito.com

127.0.0.1 www.searchincognito.com

# Block Facebook IPv6

#fe80::1%lo0 localhost

#::1 facebook.com

#::1 www.facebook.com

#::1 login.facebook.com

#::1 www.login.facebook.com

#::1 fbcdn.net

#::1 www.fbcdn.net

#::1 fbcdn.com

#::1 www.fbcdn.com

#::1 static.ak.fbcdn.net

#::1 static.ak.connect.facebook.com

#::1 connect.facebook.net

#::1 www.connect.facebook.net

#::1 apps.facebook.com

#::1 edge-star6-shv-02-ams2.facebook.com

Pi-holing facebook.com would work too.

Hey girl, what's that behind your Windows task bar? Looks like a hidden crypto-miner...

el_oscuro
WTF?

How does this even work?

Every browser I have used in the last decade has had a pop-up blocker enabled by default. I have seen sites that get around this by implementing a pop-up within the same window, but that is not what this is. I don't really use IE anymore, but it has a pop-up blocker too. Is it not enabled by default?

User asked help desk to debug a Post-it Note that survived a reboot

el_oscuro

Re: PBKAC

Back in 2008, working a new project, I encountered Office 2007 for the first time. I wanted to print the database upgrade plan and I couldn't figure out to do it with the stupid ribbon thing. So I asked the system admin how to print. He admitted he didn't know either, but the old DOS shortcut (control/P) still worked. So I used it, and continue to use it today. Those old DOS shortcuts still work in almost every program, regardless of OS or platform, so I can safely ignore shitty new UI's even today!

Alexa, please cause the cops to raid my home

el_oscuro

Re: So is Alexa now the.....

I have a mis-remembered quote too. In Blue Thunder, the original quote was "Come on, you tub of shit". But I misremembered to "Come on, you piece of shit". Give that I work in IT, it is something I've uttered daily for 30 years and is now a full blown office meme.

Fresh bit o' Linux to spruce up that ancient Windows Vista box? Why not, we say...

el_oscuro

Re: Um....

I always thought that 87% of all statistics are actually pulled out of ones arse.

New phishing campaign uses 30-year-old Microsoft mess as bait

el_oscuro
FAIL

What is one of the first things you might want to do with a document that you receive? Print it maybe? Well you can't do that from the sandbox/preview mode, so you have to "enable editing" just to print.

So yes, that sandbox mode is totally useless, except for training users to click on everything,

Bombastic boss gave insane instructions to sensible sysadmin, with client on speakerphone

el_oscuro
WTF?

Re: When it hit that limit... everything stopped until we could free up some space

I'm utterly baffled about these limits. My Oracle database hit 1TB - back in 2001 on Windows NT 4, and with no sign of getting anywhere a limit. Doesn't Outlook use SQL server as it's backend? I'm pretty sure that even back then, SQL server could go over 2TB.

And in 2012, we still had that Oracle database running on Windows 2003, then over 200TB and growing by at least 2TB a month.

Pre-order your early-bird pre-sale product today! (Oh did we mention the shipping date has slipped AGAIN?)

el_oscuro

Re: I want unicorns!

You can order them now, and they are actually in stock:

http://www.thinkgeek.com/product/e5a7/?pfm=Search&t=canned%20unicorn%20meat

User filed fake trouble tickets to take helpful sysadmin to lunches

el_oscuro
Pint

Re: Has a customer ever apologised to you?

You mean like beer? And you are right. Hate will fuck you up big time.

Sorry to burst your bubble, but Microsoft's 'Ms Pac-Man beating AI' is more Automatic Idiot

el_oscuro

From the other side

Did that once, about 1981. My dad had a computer with 9.6 modem and VT100/NCURSES. So being a teenager, I had to make a pacman game. The 9.6 baud imposed severe speed limitations and I had to only have 2 monsters. I was doing this in assembly as the shitty BASIC on the computer didn't have event handlers for keystrokes.

Once I got the movement and controls sorted out, I had to do a good chase algorithm. If I just programmed the monsters to go towards the player, they could become trapped in the maze. Even if they reversed and went around, they were utterally predictable.

So with the help of my dad, I coded an RNG in assembly to make a monster take a random path every 5 moves or so. With that change, those monsters were downright nasty!

Forget robot overlords, humankind will get finished off by IoT

el_oscuro
Mushroom

Re: Something less conspicuous and deniable

I think they have already weaponized it.

Squirrel sinks teeth into SAN cabling, drives Netadmin nuts

el_oscuro

Re: Best traps

Another way is to use one way traps. You have to rodent proof the place anyway, and that means finding out where they are getting in. The one way trap is some sort of pipe that they can fit in that leads down and out, but doesn't allow them back in.

The contractor that cleared up my bat infestation did this and it worked perfectly.

el_oscuro

Re: Best traps

I had a bat infestation in the attic and called the county for advice. Nothing like having a bat fly into your bedroom at 3am!

Any the contractor devised some ingenious one-way traps to get rid of the bats - a small pipe attached to the vents which led downward and away from the house. When the bats left to go search for food, they would be able to make it out through the trap, but couldn't get back in. No more bats!

Why do GUIs jump around like a demented terrier while starting up? Am I on my own?

el_oscuro

Re: Microsoft time

It wasn't a progress bar, but an older POS that probably ran Windows XP. Buying about $30 dollars of stuff, and it rang up to $2,147,483,618.

User jams up PC. Literally. No, we don't know which flavour

el_oscuro

Re: Jammed...

Literally the first thing I thought about when I read the title:

https://www.youtube.com/watch?v=FcArnepkhv0

el_oscuro

Re: Back in the 1990's...

I still have a model M from one of those ancient PS/2s. A good soaking of denture cleaner removed 20 years of gunk from it.

I used to think that if the zombie apocalypse comes, my model M would be a good weapon for fighting off imps. However a co-worker recently got an anodized aluminium case for a mechanical keyboard. Thing weighs 10 pounds and would be about as effective as Gordon Freeman's crowbar.

el_oscuro
Boffin

Re: jam

You do know you can actually get those, right?

SpaceX yoinks $96m GPS launch deal from under ULA's nose

el_oscuro
WTF?

Supposed to launch in 2024?

SpaceX is doing it now. By 2024, they will probably strap 5 Falcon 9's around a centre one, call it the "Falcon 42" and have single stage to moon. :)

Even if ULA does launch, I would hate to be that helicopter pilot who tries to catch it. I mean what could possibly go wrong?

FBI boss: 'Memories are not absolutely private in America'

el_oscuro

Re: failing at your job

"It’s the wild colour scheme that freaks me out. Every time you try and operate these weird black controls that are labeled in black on a black background, a little black light lights up in black to let you know you’ve done it."

User rats out IT team for playing games at work, gets them all fired

el_oscuro

Re: Yes. He was.

While on shift, we used to play Axis and Allies (the original Milton Bradley one), with full battle sets, little plastic planes taking off from little plastic aircraft carries, lots of die to roll to determine battle results, etc. If we didn't set up the board that day, you better believe a good game of Spades or Bid Whist was in action. But our backups were always good, our jobs checked, and everything was dress-right-dress. When it wasn't nobody was even thinking about a game. The shit had to be done.

Finally proof that Apple copies Samsung: iPhone 7 Plus halts, catches fire like a Galaxy Note 7

el_oscuro
Mushroom

GTA mod

I wonder if they have come out with a GTA mod for it yet?

https://www.youtube.com/watch?v=_GhODn4FRoE

Blundering Boeing bod blabbed spreadsheet of 36,000 coworkers' personal details in email

el_oscuro

It's all shitty. Besides the obvious WTF that this employee had all this info, why the fuck is Boeing even selling an IT security product (that they didn't even use), when their business is making aeroplanes? Who thinks of Boeing when evaluating IT security products?

Brilliant phishing attack probes sent mail, sends fake attachments

el_oscuro

Re: Hide extensions for known file types

The dangers of this option have been known for at least 20 years. Why it is still even a thing is beyond me.

Folders return to Windows 10's Start Thing

el_oscuro

Re: Windows 10 can F*CK right off...

1984 called. DOS 3.1 wants its folders back

How Rogue One's Imperial stormtroopers SAVED Star Wars and restored order

el_oscuro
Unhappy

I found out about an hour before seeing the movie. I didn't even realize the scene at the end was CG.

Dear hackers, Ubuntu's app crash reporter will happily execute your evil code on a victim's box

el_oscuro
FAIL

Apport

That shit has been such a pain in the ass that removing it is the very first thing I do with a new ubuntu installation for years:

$ sudo apt-get remove apport

Doesn't everyone else do this? How can they actually live with the system if they don't?

Microsoft's cmd.exe deposed by PowerShell in Windows 10 preview

el_oscuro

Re: TCC

TCC == Take Command (4NT/4DOS)

http://www.jpsoft.com

el_oscuro

Re: Yet another Windows 10 annoyance

CMD.EXE is also quite powerful if somewhat kludgey. It even has excellent man pages with detailed usage examples that can be accessed by typing in "help"

el_oscuro

Re: "a script that will output the IP of the current machine"

4NT has a lot of builtin environment variables for stuff like this, i.e: %_IPADDRESS

BOFH: The Idiot-ware Project and the Meaningless Acronym

el_oscuro

Re: I generally prefer hand tools,

Sometimes if you don't have access to wolves, standard office supplies like security forms and HVAC systems will do the job:

http://dilbert.com/strip/2010-02-03

Lethal 4-hour-erection-causing spiders spill out of bunch of ASDA bananas

el_oscuro

Re: OK time for some fact-based info

Over here in northern VA, the local Dicks sporting goods has a complete section with hunting rifles and shotguns. They are behind the counter but not locked.

Half! a! billion! Yahoo! email! accounts! raided! by! 'state! hackers!'

el_oscuro

Re: An observation - it is possible the passwords have been cracked

Most websites handle websites wrong. Unless they are using a correct password has with a random per record salt, they can be cracked. If they are using any type of encryption or an unsalted hash, they might as well be plaintext.

So if a website you use is breached, consider everything (passwords, email, security questions, etc) you used there compromised.

el_oscuro

Re: A bit elitist aren't you El Reg?

Gmail has full imap support too. I use it with thunderbird. Instructions for setting up most clients can be found here:

https://support.google.com/mail/answer/78892?hl=en

You call it 'hacking.' I call it 'investigation'

el_oscuro
Alert

Re: Security questions

Those "security questions" aren't. They are really just passwords that are usually stored in the database in clear text. Hackers don't look your mums name from public records, as they probably don't know who you actually are. They just get SQLi on some crappy website and dump the database. Then they know what answers you use for those questions and can pwn you on other websites.

For anything important,, I use keepassx to manage my passwords and have a script to generate answers for those questions from /dev/random. I store the answers in keepass along with the questions so I never have to remember anything.

el_oscuro

"I can't recall the last time my bank called me, it has been at least a decade."

I get calls all the time - one from "Dept of Justice" with the guy being very threatening, saying I could be prosecuted if I didn't pay the fine. Official looking caller ID and all, scary as shit. I looked up the number and it was a Majic Jack number from San Bernadino. Somehow I didn't think it was the real DOJ.

The government doesn't call you anyway, they send mail. And if it is really nasty, the summons is delivered by the sheriff. But scammers use mail too. I once got something official from the "Department of Commerce" with a return address of 2000 Pennsylvania Ave, Washington DC NW, about 4 blocks from the White House. So I looked it up and it was a shopping center.

Page: