* Posts by Claptrap314

2894 publicly visible posts • joined 23 Jan 2015

Scientists suggest possible solution to space-induced bone loss

Claptrap314 Silver badge

That's a huge point. If we are heading to Mars, we don't really need 1G in the ship. We still have to deal with low-G issues, but not microgravity.

Claptrap314 Silver badge

Re: ...treatment for brain changes and other detrimental health effects of space exposure...

Oh my word. That's enough to get me to actually turn on a TV.....

Judge sides with Meta and Google, puts California child privacy law on hold

Claptrap314 Silver badge


makes strange bedfellows...

Unity talks of price cap and fees for only largest games developers

Claptrap314 Silver badge

Re: the trust is gone though

That "late stage capitalism" garbage term might be new, but it is communism that quickly destroys every country that tries it.

GitHub Copilot, Amazon Code Whisperer sometimes emit other people's API keys

Claptrap314 Silver badge

Raise you hand...

if you were surprised by this at all.

Beuller? Beuller?

Former CIO accuses Penn State of faking cybersecurity compliance

Claptrap314 Silver badge

No fair!

You got to do unethical last time!

Australia to build six 'cyber shields' to defend its shores

Claptrap314 Silver badge


Everyone knows you need at least seven...

Britcoin or Britcon? Bank of England grilled on Digital Pound privacy concerns

Claptrap314 Silver badge

Put a CAP on it

Someone else already pointed this out over a year ago. The CAP theorem is a hard technical limitation on any form of coin.

No one wants to wait an hour to pay for dinner.

A proper technical discussion would kill this idea before privacy considerations began.

37 Signals says cloud repatriation plan has already saved it $1 million

Claptrap314 Silver badge

Re: Is it comparable?

As a SWE who had to learn WAY too much about Rails internals working around various *($#& problems, let me tell you that Rails code sucked rocks in the 1.x - 2.x days. And the early 3.x code was worse. I referred to one of his innovations (which is STILL polluting the ruby ecosystem) as a "typical DHH three-quarter baked solution". It solved his problem pretty well--and made the life of a LOT of other people miserable in the process.

So when it comes to DHH claiming that he's achieving some great success, history shows that he's particularly good at ignoring the larger consequences of his decisions. I think this is a classic case where someone is dramatically dropping uptime while not even noticing.

Google throws California $93M to make location tracking lawsuit disappear

Claptrap314 Silver badge

Time for RICO?

Seriously, if these statutes were marked in % of revenue, the numbers might well be enough to upset the stock holders.

Google exec: Microsoft Teams concession 'too little, too late'

Claptrap314 Silver badge

The fact that the complainers are doing the same or worse aside...

what century is this?

I really don't have a lot of sympathy for a large company going to m$ for anything. You have to ignore 40 years of continuous behavior of this sort.

Unity closes offices, cancels town hall after threat in wake of runtime fee restructure

Claptrap314 Silver badge

Re: If reloads were charged in Battlefield...

One shot, one kill: now we know why.

How to snoop on passwords with this one weird trick (involving public Wi-Fi signals)

Claptrap314 Silver badge

Re: Famous last words

Depends. Is their last name "Clinton"? "Trump"? I'm not remembering the others very well.

GitHub alienates developers by force feeding them AI recommendations

Claptrap314 Silver badge

Wondering again...

Is this on free accounts?

As in--is the product complaining about the shape of the chute?

My company is an org paying $4/seat/month. That's not a bad deal. Yes, it is an insult to the open source devs. But of all people, these are the ones that should be capable of voting with their feet.

Yes, this is crummy behavior--did you think that they are running a charity?

Unhappiness I can understand. But free accounts have to be paid for somehow.

Activist investor to GoDaddy: Cut costs, improve sales, or sell

Claptrap314 Silver badge

Hey! El' Reg!

Every time you have a story about an "activist investor", you need to take this icon & plaster it all over the page. ------------------>

Scientists spot startlingly close black holes in Hyades star cluster

Claptrap314 Silver badge

Be prepared to keep wondering. Since the detection method relates to the statistical behavior of the masses in the cluster, one would have to go back tens of millions of years, and then observer a discontinuity in the second derivative of the prediction of the locations, then map it to the excess accumulating to one part of the cluster....

Certainly, this is a worthy idea. Unfortunately, the threshold for a hypothesis is that it be "testable", and I'm not thinking that the chance of that is great.

Microsoft and GitHub are still trying to derail Copilot code copyright legal fight

Claptrap314 Silver badge


Am I not allowed to reference Jewish jokes here?

Hope for nerds! ChatGPT's still a below-average math student

Claptrap314 Silver badge

Re: Just wondering

Except they aren't remembering the text, merely some information _about_ the text. That's worlds different. If you want to argue that they function as a lossy compression function, that's a useful argument, but it's the lossiness it's that belies the claim of "remember".

Claptrap314 Silver badge

Re: Just wondering

These programs don't remember what they "read". They store statistical information about the relationship of words in the totality of their inputs.

What would happen if you ask, "What is the text of Act I, Scene I of Shakespeare's Romeo and Juliet"?

Not curious enough to make my own account...

The world seems so loopy. But at least someone's written a memory-safe sudo in Rust

Claptrap314 Silver badge

Re: C++ Template Worshipping

You mean like replace the quote characters with something that doesn`''t show up everywhere in your document?

m4 is explicitly Turning complete. Period.

Claptrap314 Silver badge

Re: C++ Template Worshipping

Well, he would, wouldn't he?

Oh, wait, the first C++ interpreters consisted of C macros, didn't they? Methinks he protests too much.

C++ was an abomination from it's inception. If you want an OO language, create an OO language. If you try to wrap a procedural language, you're going to create a Shoggoth and drive people using it mad. Just don't.

Claptrap314 Silver badge

Re: C++ Template Worshipping

m4 is Turing complete (and someone got a master's degree building it that way). QED.

Kremlin-backed Sandworm strikes Android devices with data-stealing Infamous Chisel

Claptrap314 Silver badge

Color me confused. (Or is it colour?)

There is a war on. It's an illegal war of aggression, okay. Do we refer to the soldiers of the aggressor generally as "goons"? I mean, some of them actually are trying to kill people, you know.

If it is true that this latest malware is only affecting Ukrainian military targets, then this would be a technical triumph and one of the most moral acts ever seen in war.

Yes, we don't like Putin. We don't like the generals & billionaires that are keeping him in power. But grunts, even those in offensive operations, don't deserve the same opprobrium as the folks at the top.

Right to repair advocates have a new opponent: Scientologists

Claptrap314 Silver badge

Join new group alt.talk.scientology?

The techies and Scientology have been at war for a LONG time.

Keep the popcorn handy.

Microsoft admits slim staff and broken automation contributed to Azure outage

Claptrap314 Silver badge

So...when was the last test of the redundant cooling systems, Microsoft? Hmm?

Total failure of reliability engineering.

Space junk targeted for cleanup mission was hit by different space junk, making more space junk

Claptrap314 Silver badge

Newton on line #2

Can someone explain to me how a hyper-velocity impact with a satellite fails, enough to break chunks off, does not result is a significant effect on the orbit?

ICANN warns UN may sideline tech community from future internet governance

Claptrap314 Silver badge

Re: There are layers here

I was with you until that last line. The UN represents the almost 200 governments. It pointedly does not, and has never, represented the people. If is did, El Salvador would not have the same number of votes as India.

This proposal is a power grab by the kleptocrats that the UN. It is being opposed by the existing kleptocrats.

Cisco's Duo Security suffers major authentication outage

Claptrap314 Silver badge

And yet...

it seems that every new client or partner wants me to use SSO.


Microsoft 365 guest accounts + Power Apps = security nightmare

Claptrap314 Silver badge

Who would have guest...

that a m$ product was insecure?

Epic snub by Supreme Court in battle to escape Apple App Store payment prison

Claptrap314 Silver badge

Re: Apple will allow sideloading

I don't owe anyone a business model. Nintendo, et. al. have been operating a very shady business for decades. If they get shut down incidentally, that's fine by me.

Google Chrome to shield encryption keys from promised quantum computers

Claptrap314 Silver badge

Re: The twelth of...

I volunteer to be your escrow...

There's a good chance your VPN is vulnerable to privacy-menacing TunnelCrack attack

Claptrap314 Silver badge

Re: Looks like I'm safe!

And how, pray tell, does it do that? That page has got to be the most spoofable page on the internet.

US Cyber Command boss says China's spooky cyber skills still behind

Claptrap314 Silver badge

What the actual #***?

"Remember what 2021 was like for us as a nation. ... It was the point in time – I think at least for myself and for our agency and command – cyber security [became] national security."

Well, I guess that explains the OBM leaking the ENTIRE database of security applications a few years earlier, ehh?

Let's see, by my memory, the NSA was created in 1947 with two missions. One of them involved securing our communications. And it took this joker 74 years before being jolted awake about this?

Get this amateur out of there.

Can 'Mad Libs for incident response' prevent the next MOVEit fiasco?

Claptrap314 Silver badge

Re: Obvious, simply, and unworkable

It's not the data providers per se. It's usually the IBM India subcontractors. If you've not had to work with them---be very, very, very glad...

Claptrap314 Silver badge

Obvious, simply, and unworkable

There is an obvious and simple solution: use sftp for everything. It is unworkable. I have first-hand knowledge. We're in the heal care space. It averages more than a month to get an sftp connection set up with a new data provider.

For crying in ---------------------------------------------------------------------------->

Shifting to two-factor auth is hard to do. GitHub recommends the long game

Claptrap314 Silver badge


on the rare occasion when Gmail requires me to do my 2FA thing, the "remember me on this device" box is checked by default...

What would sustainable security even look like?

Claptrap314 Silver badge

Re: One has to wonder

I know that we are in violent agreement here, but I'm going to prove our (mutual) point by thumping on you. Read again what I said: "proving that a given piece of code does what you want and nothing else". I did not say "code as complied", or "code as run in a particular (version) of an OS", or "on a particular machine". Just that one phrase, and you misread what I said enough to solicit a full explanation of a fact which I myself have written in these comments on multiple occasions.

I stand by what I said: a person brain-damaged in a way to be true mathematician, with proper training, is capable of demonstrating that a small-ish piece of code does exactly what it is supposed to do. If you want to handle many small-ish pieces, you need many mathematicians. And if you ask them to prove that these pieces fit together appropriately, you will receive a unanimous, if multi-valued, rude response of some kind.

Claptrap314 Silver badge

One has to wonder

if the editorial staff at El' Reg bothers to read the comments at all sometimes.

I keep pounding on this--the end consumer is getting exactly the security that they are willing to pay for. But with extremely limited ability to value and absolutely zero ability to evaluate security, how much is that?

That's a critical part of the problem, and yet this childish piece doesn't even hint at it. Here's the next, only hinted at in the comments: writing secure code is not hard. It is entirely beyond the capabilities of almost all dev organizations. Because almost no dev organizations have someone with at least a master's in mathematics from a tier-I or better institution, And proving that a given piece of code does what you want and nothing else is at least as hard as getting one of those. (And you need it for every code change.) Emergent complexity and the one-bit difference between secure and not-security make it thus.

In the meantime, the top-tier attackers a throwing around amounts of money that would get the notices of the FAANGs.

Maybe this guy is paid by the word or something.

Astronomers testing next-gen asteroid-hunting algorithm discover potentially hazardous object

Claptrap314 Silver badge

Ugly truth: for the foreseeable future, this mission does not care about a "very bad day locally". It's about "a very bad day globally". Sure, if we can spot and have time & money to deal with a smaller problem, we'll go for it. But even the loss of a hundred thousand souls just isn't big enough for this. Yet.

Crooks pwned your servers? You've got four days to tell us, SEC tells public companies

Claptrap314 Silver badge

Re: The Board's Role In Cyber Risk Management

Yes, but even that seems to be far to much to expect of many companies.

Claptrap314 Silver badge


If recent post-mortems are anything to go by, then it is not unusual for it to take more than four days to even stop an active attack. And certainly more to determine the scope of the damage. I am certainly a fan of full and early disclosure, but this feels...premature.

And yes, likely to make a stock choppy, which is really bad for average investors.

Sneaky Python package security fixes help no one – except miscreants

Claptrap314 Silver badge

Wrong end of the stick (for us, the profitable one for these folks)?

It seems to me that the identified problem is that OS devs find opening a CVE to be cumbersome. The obvious fix would be to simplify opening a CVE, not attempting to generate a new solution that (surprise!) the "researchers" just happen to have ready.

But CVE or know, I'm pretty certain that there is already a way (release notes / change log) to rather unambiguously mark a patch version as a security fix. Full points if the note also says how long the problem has been around.

So this really looks like a solution chasing a problem.

AMD Zenbleed chip bug leaks secrets fast and easy

Claptrap314 Silver badge

Re: Dumb Questions

You are quite close. The missing secret is that the values in the register files are not supposed to be read before they are written. In fact, "rolling back" the instruction in this context doesn't even mean what you think. The error is in clearing the zero bit! Rolling back in a register file is a matter of repointing the register in question and marking the file entry available. By "available", I mean "something can write to it". That zero bit has nothing to do at that point.

I was never a designer (I was a validator), and the hell of it is that I can understand why each of these decisions was made in isolation. I would like to think that if I can a chance to look at the design, I would have noticed this one, but uggh...

Claptrap314 Silver badge

Re: Parsing the data

In fact, 32-bit registers were being used in unnatural ways back in the '90s to accelerate strcpy, and especially strncpy, but also strlen, and other things. Bigger registers -> more bigger speedups.

Google's next big idea for browser security looks like another freedom grab to some

Claptrap314 Silver badge

Chrome is not IE 6. It is Flash--a constant source of security problems due to the addiction of the parent company to a data feed.

Kill it with fire.

Weird radio pulses could be coming from new type of stellar object

Claptrap314 Silver badge

Re: Old Data is still Good Data

Humph! That was NEVER a problem with the punchcards. Kids and their new-fangled toys...

US Air Force's Angry Kitten turns Reaper drone into fierce feline of electronic warfare

Claptrap314 Silver badge

Re: Defense of budget, not nation

You severely underestimate the level of corruption in the system. We were reasonably-focused during the cold war. That, sadly, was an aberration. The Continental Congress orders ships of the line--two ended up being delivered.

Myanmar's government in exile throws support behind launch of crypto-based bank

Claptrap314 Silver badge


will risk using said currency under the current junta?

I'll admit that this undertaking has the potential to actually skirt some of the inherent limitations of coin. 1) it's dealing with a small economy, so the CAP theorem might not destroy it's utility. 2) It's straight-up challenging a (mostly shunned) national government, so resistance to technical attacks (especially pump-and-dump) is going to have to be built in from the start.

However, it's not at all clear that 2) above can be satisfied without CAP meaning that you need an hour or more to clear.

Moreover, possession of the code to use such coin is prima facie evidence of rebellious behavior.

Yeah, I don't see this ending well.

Google Cloud shores up log permissions for builder bot

Claptrap314 Silver badge


at least the Feds are talking about a CTM. Horrible to implement, but it's something...

Investors give Salesforce a 4% slap on back for raising prices

Claptrap314 Silver badge


First off, Salesforce has already raised prices this year on Heroku, by eliminating a lot of free tier items, and raising prices on the lowest paid tier.

As for reducing costs...yeah that's come out of customer support.

Not that big of a deal, really--we're moving off Heroku.