* Posts by Claptrap314

1318 posts • joined 23 Jan 2015

Page:

7*7 = a simple equation for taking total control of multiple VMware-powered clouds

Claptrap314 Silver badge
Pint

Re: How?

Congratulations! You now have this certificate that you have more sense than about 70% of programmers currently employed.

As always, the beer is for crying in.

As anti-brutality protests fill streets of American cities, netizens cram police app with K-Pop, airwaves with NWA

Claptrap314 Silver badge

Re: 8 minutes 46 seconds

And... I have a new hero. What a beautiful woman.

Claptrap314 Silver badge

Re: some things to consider, commenting from your nice safe keyboard

I was completely with you until your called jujitsu the "thug's version" of judo. There are certainly thugs in both, but my first sensi in jujitsu bounce the one that showed up in a hurry. Yes, most forms of jujitsu are not sports. On the street, the rule that matters more than any other is that I survive. The next one is that I cause the minimum damage to the other person necessary to ensure my survival. That means that I am responsible to avoid even having a confrontation at all. Failing that, I am to avoid even embarrassing the guy. It also means that (in my form) unless I'm a third degree or higher black belt, I treat a knife attack like a mortal threat, and respond in kind.

If that makes me a "thug" in your book, then I don't want to get to know you.

Claptrap314 Silver badge

Re: To scare .....

Then you weren't paying attention.

I heard about them in the early 2000's. "Oh, some bored folks beating up skinheads at concerts--whatever." But, you know--"everyone hates the Illinois Nazis"--let's drive a car through a bunch of idiots!

November of 2016, Antifa showed up in force with significant brownshirt tactics.

They've been popping up whenever there was a riot to be had ever since.

Claptrap314 Silver badge

Re: "Yes, Anon activists are back."

So you say anyone who commits a crime should be given a life sentence, subject to the determination that they no longer pose a threat to society?

Interesting idea. Let me think about it. Umm, no.

Claptrap314 Silver badge

Re: "Yes, Anon activists are back."

You hear what you want. If those words came to your mind, that's on you. I downvoted the post, but not for the fact that he called out the sanctification of the name of an apparent career criminal. And he specifically stated that his history in no way justified his treatment.

Claptrap314 Silver badge

Re: "Yes, Anon activists are back."

First, they are not. Second, any KKK or neo-Nazis in Seattle are truly hard to come by. I live just north of Seattle. There have been fliers out offering money to people to cause trouble. So rent-a-mob is accurate. Also, their communications are not secured, so word tends to get out a few hours before the start. So when they tried to hit Snohomish, the locals showed up prepared and in force. A friend of mine said he hadn't seen so many guns since the Gulf War. Antifa freaked out and ran when they saw what was waiting for them. No violence. Nothing.

And yeah, that cop better get the death penalty.

Publishers sue to shut down books-for-all Internet Archive for 'willful digital piracy on an industrial scale'

Claptrap314 Silver badge

Re: Out of print isn't tough, it's negligence.

Except for that small bit in the constitution about the _limited time_. The law says that these works enter the public domain after a period. Publishers are claiming all the profits and dodging the responsibilities.

Claptrap314 Silver badge

Re: It's really quite simple

Amazing, cool, and just.

Claptrap314 Silver badge

Re: Digital Era

My problem is not with DRM per se. My problem is that DRM slices and dices my rights until nothing at all is left. In particular, it is not possible to purchase books in the traditional sense. It has become impossible for me to use one of these systems (which I have NEVER done) without being tracked for everything I do. And oh, if Amazon (or whomever) decides, I lose any or all books I have paid to access permanently and without recourse.

Not to mention I cannot move the work to a different device without permission or a different format at all.

If I read trash novels, I might consider using DRM. But for a work that I actually want to study, no. Just entirely no.

Claptrap314 Silver badge

Re: But what about...

Would you say that the estate is a non-practicing entity? A copyright troll perhaps?

Same fundamental legal principle enabling. Same societal failing in response.

Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues

Claptrap314 Silver badge

Re: Yesterday (1st July), (3rd July)

You obviously don't know how to think like an attacker.

The bad guys are real. NO fortress is impenetrable. NO cypher is indefinitely secure. It is much, much safer to autoexpire a cert than to ensure that the secrets it protects have a short enough lifespan that it is actually useful.

The world being full of lazy idiots means that cert expiration screwups are going to be a thing. As another has said, the best solution is to make the periods short enough that updating become routine.

Except, the better idiot will figure out how to screw that up as well.

Snapping at Canonical's Snap: Linux Mint team says no to Ubuntu store 'backdoor'

Claptrap314 Silver badge
Stop

Bad neighbor

The fact that snap creates ~/snap by itself tells me that the developers are at best extremely arrogant. You do NOT get to claim subdirectories in MY homedir unless they start with a '.'. This has been true since.... Well, since I got onto a Unice in the early 90's, at least.

Now, I find out that this is being driven by Canonical? Again? I moved to Mint to get away from some of their garbage in the first place.

Hey, Mint, team! Switch your upstream to Devuan. Because every week, I'm thinking about switching directly there myself...

'Beyond stupid': Linus Torvalds trashes 5.8 Linux kernel patch over opt-in Intel CPU bug mitigation

Claptrap314 Silver badge

And here I thought Amazon would do the right thing

Silly me.

To review:

1) Spectre-class bugs CANNOT be mitigated in current hardware.

2) The entire point of caches is to speed process execution. Therefore any process with fine-grained access to the clock is going to be able to derive information about the addresses of data held in the cache. With Spectre-class attacks, one can derive information about the contents of the data.

The only way around this is to ensure that all code running inside the same cache has the same security context.

So, for Amazon, you are sharing your data with everyone else on the box. Dedicated boxes are required for anything handling PII.

Claptrap314 Silver badge

Re: There must be a simpler fix...

Cheaper, faster, easier, and more secure to just turn the cache off.

Encrypting is THAT slow.

Claptrap314 Silver badge

Re: git broke English

No, it was never good in the first place. That's the point!

Nice wallpaper you've got there. It would be a shame if it bricked your phone

Claptrap314 Silver badge

Let's break this down

1) Android uses a format for the background for which not all strings are valid.

2) Android fails to validate inputs for the background.

3) ????

4) Profit!

Yeah, Google's claim to hire the best programmers has gotten super-thin.

Pablo Escobar's big bro and former accountant sues Apple for $2.6bn over FaceTime bug

Claptrap314 Silver badge

Bug-free software exists, for the same reason that mathematical proofs exit. Of course, if you can produce mathematical proofs, they tend to "give" you a PhD. And in my experience, bug-free code is harder than most theorems. (I was accepted into the PhD program in mathematics, and work as a programmer.)

But they are not cheap. That's the real problem. No one wants to pay for bug-free software.

Dude, where's my laser?

Claptrap314 Silver badge

Re: ACME Corporation

As demonstrated in the court of law, the device works perfectly when used as directed.

Galaxy S20 security is already old hat as Samsung launches new safety silicon

Claptrap314 Silver badge

Re: The question is...

Not just "5 eyes". There's the China-required anti-terrorism module and the Russia-recommended doctrinal purity code. The EU-approved module will be coming once the spec is agreed to some time in 2030.

Das reboot: That's the only thing to do when the screenshot, er, freezes

Claptrap314 Silver badge

Re: Funny that

Ah, those innocent days, long before the features facilitating such japes became _recognized as_ security risks...

FIFY

Vint Cerf suggests GDPR could hurt coronavirus vaccine development

Claptrap314 Silver badge

Re: @Claptrap314

I assume you are talking about elections for political office. That right is not incorporatable. We don't allow proxies there--votes are for natural persons in their own capacity only.

Claptrap314 Silver badge

This is the point. If "Black Letter Law" is an abomination, then what is the need for legislators? And how can a man know that his actions are legal?

Oh, I know: hire enough expensive lawyers.

It's that professor who is advocating abominations.

Claptrap314 Silver badge

Re: conservatives and liberals ...

I had a (conservative) lawyer friend of my explain that a crime involves a criminal act and a criminal mind. So the state of mind of the defended at the time of the alleged crime really does matter.

Consider, for instance, that many statutes include phrases like "willing and knowingly..." In the case of murder, we distinguish premeditated from heat-of-the-moment from accidental killings

Claptrap314 Silver badge

A corporation is a group of people united by contract and recognized by the State as a separate entity. This entity can engage in further contracts, and we want those contracts to be enforced by the courts. In American jurisprudence, that means that they are "persons" under the law, as only legal persons appear before the courts. (If a dog attacks you and you get hurt, you cannot sue the dog, only the owner.)

There has been some back and forth as to which rights of the individual can survive incorporation. We has a strange situation for several decades where some corporations (labor unions, political parties) could incorporate the right of advocating politically, but not others. (This statute was created by a miffed politician after he faced more money in a campaign than he had expected.)

The Citizen's United case affirmed that political advocacy was a generally incorporatable right.

Claptrap314 Silver badge

Re: conservatives and liberals ...

See: the last one hundred years of American case law.

FCC boss pleads with Congress: Please stop me from auctioning off this spectrum for billions of dollars

Claptrap314 Silver badge

Re: No real danger

Oh, I agree that we already have it. You just REALLY don't want it. (Neither do I.)

Claptrap314 Silver badge

Re: No real danger

Think carefully about what you are suggesting. You REALLY don't want bureaucrats to become completely untethered from the law.

Far-right leader walks free from court after conviction for refusing to hand his phone passcode over to police

Claptrap314 Silver badge

Re: British Rule of Law

So you applaud every law on the books in your county? I'm amazed. I take it you are a member of both Labour and the Conservative parties?

Claptrap314 Silver badge

Re: And the moral of this story is ...

It's really more complicated than that.

We need the police to hunt down murders & the like.

The police can only be effective in doing so if they have the faith and trust of the public.

The human brain being what it is, every public case of police corruption lowers the faith and trust of the public.

Therefore, during times of low trust, there is a strong motivation to only publicize the worst cases of corruption.

And what do we have? In the States, Antifa & BLM are large, explicitly anti-police organizations. (Antifa of course is anti-police among other things, while BLM is specifically targeting the police) Antifa is violent to the point of being considered a domestic terrorist group by some definitions. And while BLM might not be violent per se, their chants of "oink oink bang bang" are certainly advocating violence.

Which means that these movements are expected to increase the covering up of police abuses.

DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline

Claptrap314 Silver badge

Re: Urgently patch your publicly available, recursive DNS server

You're missing the point of the attack. The resolver at badguy.com is "misconfigured" on purpose--that is the attack.

The issue is that a recursive resolve typically resolves all of the name servers listed in a response in preparation for load balancing. The fix is to only resolve one per query.

Houseparty denied it had been hacked... while miscreants were abusing its dot-com domain name infrastructure

Claptrap314 Silver badge
FAIL

Re: Address recycling

I'm sorry, but no.

Certainly, it is easier (today) to grab of 2^48 or so addresses and not worry about proper address management. But sloppiness is what has gotten us into this mess.

Subdomain mismanagement is a major problem with Microsoft. Now we see that they are "industry leaders" instead of outliers.

If you properly manage things like DNS records, it's going to take a significant amount of effort.

If you don't properly manage things like DNS records, you are going to have a bad time.

IPv6 might (might) allow you to get by with pretending that you can orphan IP addresses for a while. But the pain you will be in when it all falls apart (and it will), will be orders of magnitude more severe than when you are stuck with 32 bits for the entire world to play with.

Microsoft gives Office 365 admins the heads-up: Some internal queries over weekend might have returned results from completely different orgs

Claptrap314 Silver badge

How?

Did they misplace a session id? Did cosmic rays interfere with a post-auth-check user id? Sun spots?

Uber trials fixed-price hourly rentals for visits to the butcher, the baker and the candlestick-maker

Claptrap314 Silver badge

Re: The urban transport solution for coronavirus and afterwards

I had my walk/bike everywhere days. Even at the age of 19, they generally sucked. There is a real limit on how much you can carry on a bike. I learned hands-free biking just to be able to carry more.

And..rain happens.

And...I was 19. Not everyone lives your urban paradise. Necessary stores are often miles away, with serious hills between. People age.

If you can walk/bike it, by all means do. But don't demand that everyone does.

Heck, I don't use a rideshare every quarter. That doesn't mean I condemn those who do.

Claptrap314 Silver badge

Re: The urban transport solution for coronavirus and afterwards

You might try reading the article for comprehension.

Incredible how you can steal data via Thunderbolt once you've taken the PC apart, attached a flash programmer, rewritten the firmware...

Claptrap314 Silver badge

Re: Most people wouldn't be surprised by this

Shall we play a game?

Wanna be a developer? Your coworkers want to learn Go and like to watch, er, Friends and Big Bang Theory

Claptrap314 Silver badge

Re: Funny that is

I'm beginning to suspect that Go was released on the world to make it easier for Google to sort though applicants.

Microsoft claims AWS has used new JEDI mind trick with secret contract objection filing

Claptrap314 Silver badge

You mention two separate issues. I think that the following list neatly responds to both:

https://en.wikipedia.org/wiki/List_of_ships_of_the_line_of_the_United_States_Navy

Claptrap314 Silver badge

Re: WTF?

Well, they ran out of Bab5 pics to use, so what are you gonna do?

Go on, hit Reply All. We dare you. We double dare you. Because Office 365 will defeat your server-slamming ways

Claptrap314 Silver badge
Trollface

Amazing!

And here, it's only been 23 years since my company's mail server was brought to its knees by an r-a storm.

That some serious responsiveness there. You can really tell what u$'s priorities are, that's for sure.

What do you call megabucks Microsoft? No really, it's not a joke. El Reg needs you

Claptrap314 Silver badge

u$

See, I'm too lazy to figure out how to get a micron character. And MS -> micron$ is a reasonable thing. And their products are not good enough for them to rate a capital letter.

Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers

Claptrap314 Silver badge

Software is not Deux Ex Machina

Software can only do what it is programmed to do. Before Captain Skully, would YOU have programmed your system to recognize a river as a viable emergency landing point?

You give a man the rest of his life to figure out a solution to a problem where he is an expert in the field, and you will be amazed at what he comes up with.

How do you program that?

Claptrap314 Silver badge

Re: Obvious flaw not in article

If those three are expendable drones?

Claptrap314 Silver badge

"Have I got this straight, Jonesy? A forty million dollar computer tells you you're chasing an earthquake, but you don't believe it? And you come up with this on your own?"

Ex-Microsoft Office chief reflects on early malware and the 'global attack on the new Windows PC infrastructure'

Claptrap314 Silver badge

Re: Not that early

u$ was not ignoring security lessons from UNIX. They were refusing to learn lessons from the plethora of DOS viruses.

u$ -- the world's worst industrial polluter.

It has been 20 years since cybercrims woke up to social engineering with an intriguing little email titled 'ILOVEYOU'

Claptrap314 Silver badge

Re: can't be 20 years can it?

They hiring?

UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal

Claptrap314 Silver badge

And here I am

Without a phone that runs apps. Or has bluetooth. Huh.

Claptrap314 Silver badge

Re: Of course, being centrally controlled

I'm hoping you're not from the States.

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin

GoDaddy hack: Miscreant goes AWOL with 28,000 users' SSH login creds after vandalizing server-side file

Claptrap314 Silver badge

Re: From the U.S. perspective...

Did you see their original ad?

Android trojan EventBot abuses accessibility services to clear out bank accounts – fortunately, it's 'in preview'

Claptrap314 Silver badge
Happy

Here is your rouge user

In another thread, there was some b******* & moaning about worrying about "rouge users" inside an organization.

It's not the user, it's the user's device that matters.

Certainly, a user might try to do naughty things. But absolutely, if the user's device is compromised, naughty things have already occurred.

So, unless you can scan every website for every bit (heh) of malware that ever has or ever will exist, if you allow some access to the internet, than you must consider that machine, and every access coming off of it, compromised.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020