* Posts by Claptrap314

2972 publicly visible posts • joined 23 Jan 2015

Yes, I did just crash that critical app. And you should thank me for having done so

Claptrap314 Silver badge

Re: Dicks are Dasdardly

I must disagree. Being Dasdardly is not enough. You ever hear this one?

QA walks into a bar. Orders a beer. Orders two beers. Orders 0 beers. Orders -1 beers. Orders 1/5 beers. Orders 2^0.5 beers. Orders pi beers. Orders i beers.

The customer walks in, orders a scotch. The bar burns down.

Proper QA isn't merely about being evil (or insane). You have to be completely thorough.

That's also how you get into a PhD program in mathematics.

My calculus students hated me as a TA.

If I knew then what I knew now, I would have been much tougher.

Linux for older phones postmarketOS changes its init system

Claptrap314 Silver badge

Re: They get WONTFIXed and rejected

You missed the troll icon.

Claptrap314 Silver badge

Re: Systemd dosen't even do some of that reliably.

When a system is fundamentally flawed in what it is trying to do, what is the point in patching it?

Intern with superuser access 'promoted' himself to CEO

Claptrap314 Silver badge
FAIL

When I started at Google, there was a strong culture of embarrassment-enforced screen locking. Apparently, it had been this way for some time. A couple of months later, some self-important VP or the other got stung, and this "unprofessional" behavior was squashed. Screen unlocking became a much more common problem almost immediately.

The S in IoT stands for security. You'll never secure all the Things

Claptrap314 Silver badge

That's not entirely fair. The average consumer has NO way to measure security. They might feel vaguely uneasy about the state of things, but where do they turn?

And why should they pay 20-25% more for a product feature they don't understand?

Air National Guardsman Teixeira to admit he was Pentagon files leaker

Claptrap314 Silver badge

Know the rules

If you are going to mishandle state secrets without consequence in the US, you must be one of the following: Secretary of State, Vice President, President, or former of any of the former.

Claptrap314 Silver badge

Was it Mark Twain that observed that politicians are the only native criminal class in the US?

Claptrap314 Silver badge

Re: lets move forward

Believe it or not, turning actual spies is actually a thing. Super-dangerous for the spy, but the turning power often "has ways" to make it worthwhile--at least at first.

Cruise's valuation halved after its driverless car hit and dragged a woman

Claptrap314 Silver badge

A tall order

Google is endemically woke. That they would build an AI that is _not_ systematically biased is not a realistic expectation.

Claptrap314 Silver badge

Re: Almost nothing would be allowed...

A week? How long do you think it took to ox cart grain from Rus to Paris? Yeah, they were actually doing that pre-plague.

Ransomware ban backers insist thugs must be cut off from payday

Claptrap314 Silver badge

Re: They answer is Psyops

Not as horrible an idea as paying ransoms, sure. But it will only be marginally effective.

Texas judge turns out the lights on federal survey of cryptominers' energy consumption

Claptrap314 Silver badge

Wow. That's some high-grade stupid right there.

Okay, time to play-pretend. Suppose you own a bit-barn just full of the latest mining gear for a particular currency. Your goal is to maximize profits. The the first order, how do you decide to run or not run your gear? Let pc be the the spot price for one unit of your currency. Let e the the number of kWh expected to mine one coin. Let pe be the spot price of one kWh. When pe times e is less than pc, you run your rigs. When its is more, you don't.

And, yes, I do mean spot price. The miners want to use the spot market because they want to take advantage of the dips in the price of electricity. If you do the above, you are absolutely guaranteed to pay below-"average" costs for your electricity unless the price of coin is so high that the spot cost of mining a coin never exceeds it.

In fact, their price is so low exactly because they are "playing nice" with the grid and only consuming while demand remains relatively low. They are self-load-shedding, and they are doing it precisely out of pure self-interest.

If we accept at face value the claim that they are consuming 2% of the US grid energy, then the fact that their costs are so low is absolute proof that the 2% that they are using is not affecting the stability of the grid in any negative way. Quite the opposite.

As always, I was a coin skeptic on the cypherpunks email list in the '90s, and my doubts have only been confirmed. But these attacks on the trainspotters are deeply unjust.

Plans to heat districts with datacenters may prove too hot to handle

Claptrap314 Silver badge

Re: Locally it can work

Just like the Cobra Bounty program in India...

ALPHV/BlackCat claims responsibility for Change Healthcare attack

Claptrap314 Silver badge

Seriously, El Reg?

I don't think repasting the exact same quote every few hours counts as "updating" their status page.

Also, please include a link to their status page in every article. It's not the easiest thing to find.

Claptrap314 Silver badge

Re: 'claims responsibility'

Umm...no extradition treaty between the US & USSRRussia...

Trident missile test a damp squib after rocket goes 'plop,' fails to ignite

Claptrap314 Silver badge

Re: Grant Shapps was on board..

Now I have to hunt down all of "Yes, Minister" to see if they did an episode like that...

India to make its digital currency programmable

Claptrap314 Silver badge

Re: CAP theorem

No, P has be a core problem for the physical banking system since the Knights Templar. That's how people scam banks.

And seriously, read up on the duality between databases & the list of transactions. And observer that this correlates EXACTLY with the blockchain and the persistent state derived from it. Then understand the CAP theorem.

THIS. CANNOT. SCALE.

Claptrap314 Silver badge

CAP theorem

Applies in India as well. This cannot fully scale. Which, as has been pointed out repeated by others just now, is a really REALLY good thing.

Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC

Claptrap314 Silver badge

Re: Rule #1 of network implementation....

A thousand times, no! Postel's law is an absolute failure. Clear communication is an absolute requirement if correct function is desired, and Posel's entire premise is to be fuzzy. Postel's law gets implicated in major bugs more than once a year. This is not an accident.

Document your expectations fully, and then loudly reject non-compliant access.

In this case, you drop any and all packets that don't make spec. You should also grey list them and if a second one comes in, black list the sender (and don't respond). Full stop. Otherwise, you are opening up timing attacks, as documented here recently.

Venus has a quasi-moon and it's just been named 'Zoozve' for a sweet reason

Claptrap314 Silver badge
Boffin

Re: I'm waiting for the obligatory...

Guys, you need to keep the form properly. It's got to be a single-syllable base. I give you:

Rocky McRockFace

Fortinet's week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim

Claptrap314 Silver badge
Megaphone

Never argue with someone who buys ink by the barrel.

That, now rather old, adage about the press sprang to mind one day as I was leaving the offices of a local rag (having given an interview). What I observed was a tanker truck pulling up to the building. On it's side was the word, "Red".

Work to resolve binary babble from Voyager 1 is ongoing

Claptrap314 Silver badge
Black Helicopters

No! It's obviously going to pass the boundary on Jan 19th, 2038.

Developer's default setting created turbulence in the flight simulator

Claptrap314 Silver badge

Re: getting into trouble with cron

As long as you don't reboot your laptop, ehh?

Claptrap314 Silver badge

Re: manually dragged a PDP system

The one's I worked on (USAF--classified), 1988-1990 were most definitely still functional.

Although, one DID stop working when one id10t decided it was a good idea to insert the bit of a styrofoam cup under one of the cards & screw it back in.

After I showed that to my supervisor, removed the card, picked out the styrofoam, and put things back, however it worked fine.

And yeah, said id10t, who had already lost a star & a stripe then received an entirely new rank and a controlled tour to a base in NE Kansas...

Claptrap314 Silver badge

Re: manually dragged a PDP system

Ehh. The 5 1/4" were plenty floppy...

US starts 'emergency' checks on cryptocurrency power use, citing winter power demands

Claptrap314 Silver badge

Re: Here we go again...

Wow. It wasn't until I read that that it hit me--I've been a direct victim of load-shedding. Well, technically, it was my family's farm.

We were required to install devices to allow our wells to be turned off remotely. The ones that put water on our crops. Were we informed when this was done? No. When the power came back, was there any way to get water to the bottom of the field, which did not get it because the water was shut off, without overwatering the top, which had already been watered? No.

I understand what was going on, but classifying food production as "industrial" in that fashion is a REALLY ****** way to do business.

Of course, it was needed--but why? Because those government regulators you're talking about failed to required the producers to meet projected power usage--and we're talking late 70's here. Funny, we're having exactly the same issues again, except the government regulators are being even more accommodating to the (existing) power providers.

Yeah, we've got a power problem--the supply is being held back.

And no, I'm not such a communitarian to support things like pricing "home" and "business" uses of power differently. Lowering the price that I pay to run a mixer doesn't need to come at the cost of charging me more to produce it in the first place. Such market distortions echo downrange to hilarity.

And nope, I'm really bothered by the sin taxes on tobacco & alcohol. And I've gotten more so as I have aged. The tax code is an entirely unjust place to attempt to mold society.

Claptrap314 Silver badge

Here we go again...

1) I was a skeptic of coin on the cypherpunks mailing list in the 90's. While I laud the goal of ensuring personal autonomy in our financial transactions, the real-world political blowback was always the fatal weakness.

2) In 1998 the CAP Theorem was proven. Embarrassingly, I did not realize until it was pointed out here that the CAP theorem puts a hard limit on what can be achieved with coin. That limit is far too low to ever allow it to function as a broad currency.

3) I don't know when the idea of "proof of stake" came out. I finally read up on it. If you think that coin is generally a scam, then this should be your ultimate proof. Any coin using this system is violating the very basis of a decentralized "currency".

Having said all of that, this study is extraordinarily problematic. I hope the cryptobros sue to stop it--and win. Why? Because I really don't want the government telling me what I can use electricity to do. Please think carefully about just what that means.

Since Netflix came up, let's talk about that. That's 93 billion hours in the first six months of 2023 (per Forbes). So let's say 186 billion a year. Accepting the 17,000-to-1 conversion claimed above, that's just shy of 11 million entries on the blockchain (Not transactions--there are multiple transactions per entry). Or 30000 per day. Or 1250 an hour. So Netflix is absolutely dwarfing Bitcoin for power usage. And producing what? Overweight viewers. If your goal is to cut back on electricity consumption, you should target the entertainment industry.

Or, we could be more closely aligned and talk about the horror show that is the lightning trading system in the stock and commodities markets. That industry is not only consuming boatloads of power, it is also attracting many of our brightest brains and rewarding them simply for stealing from each other anyone foolish enough to try to be a day trader.

If we're going to outlaw something based on its ill effects, I would go after Vegas & casinos generally--they are destroying far more lives than coin will ever touch.

But I don't. I don't because I have my hobbies, and I demand that the government leave me free to pursue them.

You might think about how things might go if yours becomes the disfavored hobby.

Claptrap314 Silver badge

Re: Pay as you go

And _that_ is the issue here. I've been a documented coin skeptic since the Cypherpunks mailing list (in the 90's). And I've become more dubious of the idea almost every year since. But you REALLY do not want the government deciding what you can and cannot use electricity to do. This sort of activity should trigger everyone's conspiracy alerts.

The FCC wants to criminalize AI robocall spam

Claptrap314 Silver badge

I get six calls a day

Every day. Each from a different number with the same first 6 digits--the last four appear to be random from a set of 2000 or so.

Oracle is hiring two new teams to build its cloud faster and stronger

Claptrap314 Silver badge

A few years ago...

when Oracle was starting to set up their cloud, I had an interview with the team that was to build it. I mentioned the importance of testing, and asked about their testing culture.

I've never had an interview turn so cold or so fast.

So--not looking for work there...

FBI confirms it issued remote kill command to blow out Volt Typhoon's botnet

Claptrap314 Silver badge
Mushroom

Explain again to me

Why CRITICAL INFRASTRUCTURE is ON THE ******* INTERNET AT ALL?

You small words.

Dems and Repubs agree on something – a law to tackle unauthorized NSFW deepfakes

Claptrap314 Silver badge
Unhappy

I really don't see how

A bill with enough teeth to be meaningful is going to survive 1st amendment review. We've already had fake porn for more than a generation--guess why?

I'm not even a little bit happy about the situation. People have already taken the law into their own hands a few times on things like this. The pressure is going to keep growing, and when things blow, it's going to be really bad.

Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns

Claptrap314 Silver badge
Facepalm

Aieeee!

A year ago, a VC we were courting hired an amature-hour pentester to look at our systems. They reported 15 critical vulnerabilities & 50 high. I remarked later that when I found out, I spent a couple of hours to "figure out if I needed to take our servers down or not". My C-level gave me a raised eyebrow over that. "You thought you hired me to keep your systems up? You hired me to protect patient data." And, you know, keep him out of jail.

For the sysadmins out there with these borked products--I feel some of your pain. Hopefully, shutting the **** thing down is an option.

Tiny asteroid's earthly fireworks predicted with pinpoint accuracy by NASA

Claptrap314 Silver badge

Yes, we are the richest country. We are also, by design, one of the least well-organized.

“The reason that the American Navy does so well in wartime is that war is chaos, and the Americans practice chaos on a daily basis.”

― Karl Dönitz

One of the serious problems in planning the fight against American doctrine, is that the Americans do not read their manuals, nor do they feel any obligation to follow their doctrine…

– From a Soviet Junior Lt’s Notebook

Of course, this went rather horribly for us during COVID, but you take the bad with the good.

And I would argue that a major reason we are the richest is _because_ we are so poorly organized. Central planning performs extremely poorly under almost all circumstances. Of course, for most of our history, we've been a haven for non-conformists as wel...

AI political disinformation is a huge problem – but harder to fight than ever

Claptrap314 Silver badge

Re: Disinformation? We Don't Need Technology!!

"I did not have sex with that woman..."

Your list seems a bit one-sided, there. Lying to the general public is practically a prerequisite for being a successful politician. This has been true for a _very_ long time. Check out the origins of the story of Cleopatra's beauty. Or ask yourself why the custom in Middle Egypt was to whack off the heads of statues & replace them with new ones when there was a new Pharaoh...

What's worse than paying an extortion bot that auto-pwned your database?

Claptrap314 Silver badge
Mushroom

Excuse me?

""It's not surprising to see many open database services in the public cloud," the researchers said. "If you run your database in say DigitalOcean or even AWS, then these cloud providers don't always make it easy to access your database from your desktop, or even a workload running in a different region or provider. You may have no other option than to open it from anywhere. And so, while bad practice, it's not all that surprising that there are that many open databases."

That assertion is not a little bit wrong, it's dead wrong.

I'm no AWS freak, but setting up a lambda to update a security group or IP set to permit access from the IP address of the caller of some sort of SAML'ed or OAUTH'ed user is NOT a major project. Yes, there are some "quirks" to work through, but it is NOT hard.

It does require some dedication to the basics, however.

Researchers confirm what we already knew: Google results really are getting worse

Claptrap314 Silver badge

Re: The Singer not the Song

I can go one better. When I was at Google (2015-6), the most common search term was... "google". Yeah. I doubt that has changed.

Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats

Claptrap314 Silver badge

The old story...

Speed vs security. What feels strange is that the folks writing the GPU drivers ignored half a century of experience to create this bug.

Having said that, I feel like this is being overhyped. The LLM folks clearly don't care about anyone else's security, why should they care about their own?

How 'sleeper agent' AI assistants can sabotage your code without you realizing

Claptrap314 Silver badge

Re: Do not train on random garbage Tolerance and profit

Don't trust your LLM on that. amanfromMars1 has substantially different output.

Drivers: We'll take that plain dumb car over a flashy data-spilling internet one, thanks

Claptrap314 Silver badge

Re: ransomware

"Electrical connection integrity check failed. Auto start prevented."

Patch now: Critical VMware, Atlassian flaws found

Claptrap314 Silver badge
Devil

Re: What does Confluence Data Center even do ?

With this bug, I would say, "Whatever an attacker wants"...

So, are we going to talk about how GitHub is an absolute boon for malware, or nah?

Claptrap314 Silver badge

Re: Recorded Future...now there is an interesting rabbit hole..

Yes, but a slow one...

Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in

Claptrap314 Silver badge

Huh

The behavior describe actually meets my definition of "sophisticated". Weird.

Postgres pioneer Michael Stonebraker promises to upend the database once more

Claptrap314 Silver badge
Trollface

"Guaranteed to increase business"

A tale of 2 casino ransomware attacks: One paid out, one did not

Claptrap314 Silver badge

FIFY

"simply administrative malpractice"

SSH shaken, not stirred by Terrapin vulnerability

Claptrap314 Silver badge

I am so confused...

Why, oh why are the messages being sent not numbered? Even if there is not an upper bound on the total number of messages, a one-byte prefix would require that some multiple of 256 messages be dropped in order for this attack to be effective.

Alternatively, why, oh is the signature not over all of the effective message contents?

I've never looked at the ssh protocol, but this just doesn't add up.

Google Groups ditches links to Usenet, the OG social network

Claptrap314 Silver badge

Subscribe to new group

alt.talk.scientology?

One of my fondest memories...

PLACEHOLDER ONLY Someone please write witty headline here

Claptrap314 Silver badge

Re: Please speak to George

You sure it wasn't FILENOTFOUND ?

You're so worried about AWS reliability, the cloud giant now lets you simulate major outages

Claptrap314 Silver badge

Re: Simulate? Why?

Go home Bill--no body care about you any more.