* Posts by Claptrap314

1500 posts • joined 23 Jan 2015

Chinese database details 2.4 million influential people, their kids, addresses, and how to press their buttons

Claptrap314 Silver badge

Re: How many does that database say read El-reg ?

Actually, check the actual whataboutism in the comments that ALWAYS come up whenever Chinas HR record is mentioned. Note that around 30% are AC.

It might not be high-value, but I've long assumed that the PLA is active here.

Claptrap314 Silver badge

Re: Good old propaganda

You summer's child. The article itself gave three-quarters of the answer.

DPL: Debian project has plenty of money but not enough developers

Claptrap314 Silver badge

Re: Finding more developers for Debian ?

I've long assumed that the role for the distribution teams is to 1) validate that the various packages play nice together at their released versions 2) on an insane number of hardware configurations 3) without blowing up security 4) in a way that's easy for admins to deploy.

Is this fair? If so, the who is managing 2? I've worked for a couple of companies (including AMD) where I was close enough to the relevant teams to appreciate just how mind-numbing that work is.

Claptrap314 Silver badge

You missed the Troll icon. +1 anyway.

Old and busted: Targeting servers and web bugs. New hotness: Pwning devs with targeted poisoned stacks

Claptrap314 Silver badge

Never trust a user's machine

ESPECIALLY if that use is a dev.

The build system needs to be logically isolated. All code pulled from repositories under the direct authority of the organization, and NOTHING goes into said repos without a security review. Of course, said review might be done (under contract) by outside companies for things like OS distributions.

Anything else is just Russian Roulette.

When classes are online, how do you get out of school? Florida teen cuffed, charged after crashing cyber-lessons

Claptrap314 Silver badge

Re: Whatever happend to

I was thinking about calling in a bomb threat, but yeah...

Help. The political process is corrupted, full of lies and state-sponsored deep fakes. Now Microsoft's to the rescue

Claptrap314 Silver badge

Re: Seriously?

If you think our education system today is attempting to teach students to think, you need to rethink what thinking is.

Education is always about inculcation. Always.

China trolls Trump with tech export rules changes that could imperil TikTok sale

Claptrap314 Silver badge

Re: The whole thing is a mess

Thank-you Christopher Robin

Claptrap314 Silver badge
Trollface

Re: Just a reminder

I'm pretty sure he's talking about this: https://www.truthandaction.org/trumps-30-year-record-of-rejecting-racism-and-promoting-equality/2/

Before you head off for the weekend, you have patched your Pulse Secure VPNs, right? Wouldn't want you to be pwned via a phishing link

Claptrap314 Silver badge
Paris Hilton

Re: You would hope

An IQ test as the first comment. Noice.

Google and Facebook abandon Hong Kong landing of new submarine cable

Claptrap314 Silver badge

There are fine lines when playing games with governments. Sanctions-busting is on the other side of just about all of them. FB & Goog are US-based entities. Every aspect of their activity is subject to US policies. I REALLY doubt they would try anything.

Relying on plain-text email is a 'barrier to entry' for kernel development, says Linux Foundation board member

Claptrap314 Silver badge

Re: "plain old ASCII text is a barrier to communications"

Which gets to the crux of the matter. As usual, an u$ employee is pushing a solution that works reasonably well for maybe 85% of the population as the mandatory fix for the 15% who were using superior tools DECADES ago.

The frustrations I had with elm & pine seem positively quaint when compared to the BS I am constantly faced with in newer email clients.

US election 2020: The disinfo operations have evolved, but so have state governments

Claptrap314 Silver badge

Re: Let's back up a bit

I've been an activist for 26 years. (US, Republican) That is so very, very true. I'm only in it because I feel compelled. It would be so *easy* to just walk away from it all.

Be very afraid! British Army might scrap battle tanks for keyboard warriors – report

Claptrap314 Silver badge

Re: Outdated?

You are about a hundred years early on that. Prior to WWI, the Smart People decided that there would never be another crossing of the T. The T was crossed during both WWI and WWII.

Likewise, the MBT is not going to go away anytime soon. Certainly, their utility in a US-China war will likely be limited, but we've got a long ways to go before the tech reaches the point that even the bulk of regional conflicts will catch up. Moreover, the anti-anti-tank technology is ALSO advancing rapidly.

Claptrap314 Silver badge

Re: Think of the complexity

The US Army has long relied on third-grade level manuals. Some of their most advanced system have interfaces that are even more simple.

It's a great story, but that's one thing that our war planners have consistently gotten right.

Impersonating users of 'protest' app Bridgefy was as simple as sniffing Bluetooth handshakes for identifiers

Claptrap314 Silver badge

"Appropriate for a startup"

1) Tin-can security is not appropriate for ANY business application.

2) Claiming to be secure while failing to implement some of the most basic security measures is fraud. Whether the legal system catches up to it or not, you are now tainted.

The Viking Snowden: Denmark spy chief 'relieved of duty' after whistleblower reveals illegal snooping on citizens

Claptrap314 Silver badge

Snowden, having God-like powers, knew that in America...

FTFY

Pew, pew, pew! Our galaxy is shooting cold, gaseous 'bullets' of high-speed matter. Boffins are baffled

Claptrap314 Silver badge
Alien

Different subject, but...

Of all of the galaxies we've observed, have we seen any evidence of a type 2.5 civilization?

Utes gotta be kidding me... University of Utah handed $457K to ransomware creeps

Claptrap314 Silver badge

Umm...

... guidance of a security expert who is an afilate of the ransomware group ...

FTFY

Worldwide Google services – from GCP to G Suite – hit with the outage stick

Claptrap314 Silver badge

Re: A clear case of all your eggs

And what is the bandwidth of that landline?

Higher bandwidth means narrower engineering tolerances.

And when I was a kid, the landline would go down for days at least once most years.

Nominet promises .uk owners it'll listen to feedback on plan to award itself millions... as long as it agrees with it

Claptrap314 Silver badge

Re: Nominet is copying ICANN

Because the Clintons are as pure as the wind-driven snow?

You just _had_ to make this political, didn't you? Endemic corruption is endemic. It's not a partisan thing on your side or on ours.

Marketing: Wow, that LD8 data centre outage was crazy bad. Still, can't get worse, can it? Finance: HOLD MY BEER

Claptrap314 Silver badge

"I'll take 'Reasons not to **** your customers' for $800, Alex."

Claptrap314 Silver badge

Re: The Cloud

Yes, when you control everything, then your #1 problem is the #1 problem for the guys responsible to fix the problem. But it also means that you have to fund & deliver the solution all by yourself.

And if you lack the space/electrical capacity/cooling capacity to hold the new servers your need to solve the problem?

I don't know what cloud contracts typically look like, but businesses MUST seriously examine the penalty clauses to ensure that they won't get hung out to dry when the counterparty fails to deliver. I continue to be astounded by the child-like faith that companies exhibit towards each other in that regard.

But believe me, when the estimates for server load for Pokemon Go! turned out to be wrong by a factor of four, Nianic was almost certainly thrilled that it was Google scrambling to get the resources in place instead of themselves.

They're 'clean': SoftBank gets thumbs-up from Uncle Sam for keeping Chinese gear off its Japanese 5G network

Claptrap314 Silver badge

Why not both?

Sloppy string sanitization sabotages system security of millions of Java-powered 3G IoT kit: Patch me if you can

Claptrap314 Silver badge
Paris Hilton

Isn't directory traversal on the OWASP list?

It's not like there are no published libraries to get this right.....

Don't strain yourself, Zuck, only democracy at stake... Facebook makes half-hearted effort to flag election lies by President Trump

Claptrap314 Silver badge

Re: Why no Internet voting?

Small time crims steal wallets. Those with vision steal banks. But the true wise guys steal elections.

There are orders of magnitude more at stake in an election than in any particular hack of a website, including a bank. The resources concentrated on such an attack are going to be correspondingly financed, staffed, and executed.

This is node joke. Tor battles to fend off swarm of Bitcoin-stealing evil exit relays making up about 25% of outgoing capacity at its height

Claptrap314 Silver badge

Re: Smaller fleas to bite 'em

I said "a primary concern", not "the only concern". Yes, the depoliticization of money was also a primary concern.

Claptrap314 Silver badge

Re: Smaller fleas to bite 'em

So--you think cash is bad, too?

The original ideas for digital currency on cypherpunks had privacy has a primary concern. Bitcoin does not deliver privacy. The mixers do.

Claptrap314 Silver badge

Re: Too stupid to care?

I'm pretty certain you've missed what I'm saying. Given that someone has taken all of the other steps in an attempt to achieve privacy--how do they justify NOT using https for the final step?

Certainly, TOR + Bitcoin + mixers is high overlap. TOR + Bitcoin + mixers + HTTP, though, ??????

Ever wonder how a pentest turns into felony charges? Coalfire duo explain Iowa courthouse arrest debacle

Claptrap314 Silver badge

Re: Authority to hire services

Do a recheck. Power flow from the states. Up to the Feds, and down to the counties. Whenever a state law is passed, the counties MUST comply.

Claptrap314 Silver badge

Re: Authority to hire services

I am not an expert in that quirk in the law, although I am aware of it. However, even if we accept that the sheriff has some sort of broad authority independent of the state which sets the physical boundaries of that authority, it remains that the courthouse county courthouse is the property of the county _as an administrative subunit of the state_. The sheriff is as free to assert his superior jurisdiction there as he is anything else, but that does not make it the truth. Moreover, whatever authority of the sheriff has in the face of state authority is about preventing abuse of the local population by state authorities. (And, if the "No More Wacos" Act passed, also the Feds.) Sheriffs who go around saying, "I am the Law" are themselves abusing whatever authority they have, not exercising it.

Claptrap314 Silver badge

Re: Authority to hire services

Certainly--as it is true everywhere. But the claim that "the state cannot tell the county what to do" is farcical. The counties exist as administrative subdivisions of the state. When I moved to Texas, it took approval by the people of the entire state to change the form of government in any county. That was 1994. Of course, the history of Texas is peculiar, but the principle remains. Off the Eastern seaboard, the states were created first, and these states created counties so that the locals could handle their local business locally. The powers granted to the counties were (and remain) whatever the state says, and the states can change that at any time.

Claptrap314 Silver badge

Re: Authority to hire services

You might want to study the evolution of law. He's correct in the facts that he states.

How do you solve a problem like Privacy Shield? US and EU policymakers kick off discussions

Claptrap314 Silver badge

Re: Where it is stored doesn't matter?

That IS what I said earlier in the post. Did you read that part? But these American companies are going to comply with American law. Kick them out, it's fine by me. Grow your own competition--I'm all for that. But use them & complain? Grow up.

Claptrap314 Silver badge

Where it is stored doesn't matter?

On which planet?

If you are a company domiciled in jurisdiction X, you will be compelled to complied with the the law in X on pain of having all "assets" in X seized--including personnel.

If you are a company doing business in jurisdiction X, you will be compelled to complied with the the law in X on pain of having all "assets" in X seized--including personnel.

If you are storing data in jurisdiction X, then you are certainly doing business with whomever owns the facility in X, at least.

If jurisdiction X and jurisdiction Y have incompatible laws you have a business decision to make. To the naive, the decision would seem to be, "Which jurisdiction do I limit all of my activities to?" The more savvy know that "Which palms do I grease?" offers more lucrative solutions.

But I really, REALLY tire of Europeans acting as if they have a right to the innovations of American businesses without the application of American law. Make your own **** Google / Apple / Facebook / whatever. The companies are too **** powerful anyway, and need their wings clipped.

Anti-5G-vaxx pressure group sues Zuckerberg, Facebook, fact checkers for daring to suggest it might be wrong

Claptrap314 Silver badge

Re: @Jamesit ... @Mark 85 Tossing their toys about

The purpose of the First Amendment is to ensure the free and open discussion of political speech in our society. Since the object of the constitution is the federal government, its provisions apply to the government. But the principle of free and open discussion is much more broad than what is statutorily permitted.

As for FB & friends, they are playing matters both ways. If they are a platform, that is, if they want the safe harbor provisions of the CDA to apply, they cannot favor some speech (barring other laws) over some other.

Today, they are talking over people I consider to be idiots. But who is the fool if I assume that I won't at some time be subjected to this same treatment?

FB is running a public accommodation. If they want safe harbor, they must permit all legal speech.

Pretty wild that a malicious mailto: link might attach your secret keys and files from your PC to an outgoing message

Claptrap314 Silver badge

I had this idea decades ago..

Around 1998. Each user id need to be an admin for sub-ids that they create, one per application.

Pain in the *** to administer. But cheaper than nuking the whole thing from orbit.

Feds seize 'largest ever' haul of crypto-dosh from terrorists – including coins from 'fake' pandemic mask web store

Claptrap314 Silver badge
Pint

Re: How is crypto currency seized?

Here we have the extremely rare subtle nod. Everyone should understand the reference. Therefore, there is no need to explicitly call it out.

Have one -->

Reply-All storm sparked by student smut sees school system shut down Google Classroom for up to a week

Claptrap314 Silver badge

Re: Clearly run by dummies

Because sometimes, the only way to make sure that fools learn their lesson is to teach them yourself.

I've seen things you people wouldn't believe. Winking red supergiants sneezing hot gas 650 light years away

Claptrap314 Silver badge

Betelgeuse! Betelgeuse! ...

Ten times on a page. Trying to start something? Or finish it?

Claptrap314 Silver badge

Re: we get the fart jokes - enough allready !

Not the rare earths...

Clarke's Third Law: Any sufficiently advanced techie is indistinguishable from magic

Claptrap314 Silver badge
Pint

Re: Light sensors!

Okay, this one impresses me.

Have one! ->

Claptrap314 Silver badge

Re: Does software have feelings?

I'm pretty sure that adequate logging would have been rather useful in this situation.

You're testing them wrong: Whiteboard coding interviews are 'anti-women psychological stress examinations'

Claptrap314 Silver badge

Re: That's stress?

Ever have to debug something in production?

Report: CIA runs secret cyberwar with little oversight after Trump gave the OK, say US government officials

Claptrap314 Silver badge

Re: Where it can be enforced

That's what I'm saying. It is much harder to spoof a missile launch than a cyber strike.

Black hole destroys corona

Claptrap314 Silver badge

What stops them?

Raytheon techie who took home radar secrets gets 18 months in the clink in surprise time fraud probe twist

Claptrap314 Silver badge

And Al Capone went to jail for tax fraud. There are funny compromises in the real world.

Infosec bod: I've found zero-day flaws in Tor's bridge relay defenses. Tor Project: Only the zero part is right

Claptrap314 Silver badge

Re: The problems continue

Except that the USSR was in fact never a superpower except in the minds of those who wanted to see us all reduced to the serfs of the socialist state.

Europe had exhausted itself after two devastating wars, leaving no European opposition to the USSR. But the USSR never had the resources or industrial capacity to act freely in opposition to the US. What they had was an established doctrine of deception and a closed society. Then, like the 50-man castle that held off a 1000-man siege for two years, they bluffed.

Until Reagan, the US was not certain enough of itself to fully confront the USSR. When we did, it collapsed like the house of cards it was.

USA decides to cleanse local networks of anything Chinese under new five-point national data security plan

Claptrap314 Silver badge

Re: Too little, too late?

And how do you detect the code that has a car perform differently when its being tested than when it's on the road? Even something as trivial as that is no mean feat to track down. There can be (and generally will be) any number of guards to limit when the "bad" code activates. Assume the attackers are smart, not stupid.

You weren't hacked because you lacked space-age network defenses. Nor because cyber-gurus picked on you. It's far simpler than that

Claptrap314 Silver badge

Re: Too hard, too frequent, too unreliable

Yeah, the SRE-educated burst into laughter at that point. They might have been SOLD five nines, but clearly only two were delivered.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020