* Posts by Claptrap314

2445 posts • joined 23 Jan 2015

Student crashes Cloudflare beta party, redirects email, bags a bug bounty

Claptrap314 Silver badge

"And a job offer"

Seriously, why doesn't someone like this get an on-the-spot job offer? This kid has already demonstrated more subject mastery than 70% of professional programmers.

<sigh> We'll probably lose him to a stock trading company.

China-linked fake news site shows disinformation on the rise

Claptrap314 Silver badge

Re: SuperGoodDoublePlus Inc

Dude! Make me log in just to upboat. Well done, sir!

Software issues cost Volkswagen CEO Herbert Diess his job

Claptrap314 Silver badge

Re: deploy basically on a weekly basis and to be attractive for software talent

If people define Agile in such a way, yes. But for many companies, production deploys several times a day is actually good.

Claptrap314 Silver badge

Re: Agile, no?

"Agile", properly executed, is the continuous, deliberate search for better ways to do things. A proper agile process won't look the same for two different companies, and will be entirely different between different industries.

Meta proposes doing away with leap seconds

Claptrap314 Silver badge

"We have created a solution for our own systems. It is not at all clear how to make this work for other people's systems, since they lack primary NTP servers, and our solution depends on having them."

Seriously, evaluate each statement fairly.

Microsoft closes unfilled job openings in cloud and security

Claptrap314 Silver badge


a formal response to the Outlook.com suspicious login messages is expected in 10 years. 6 months. 5 years. 8 months. Never. 20 years. 6 years.

Outlook email users alerted to suspicious activity from Microsoft-owned IP address

Claptrap314 Silver badge

But not Fancy Bear or one of Pooh's friends? How very selective of you...

UK lays world's longest autonomous drone superhighway

Claptrap314 Silver badge

I'm certain

that is is done with the best of intentions...

Just because you failed doesn't mean you weren't right

Claptrap314 Silver badge

Re: I don't understand.

Incoming fire has the right of way!

Claptrap314 Silver badge

Re: " including the country they were in had it been 1945 or earlier!!"

Because they were able to leave?

What are server makers really doing to and for the climate?

Claptrap314 Silver badge

No Pooh. It's not.

Cruise self-driving cars stopped and clogged up San Francisco for hours

Claptrap314 Silver badge

What matters...

is intelligence of SOME form for detecting all the ********* **** ******* faked injuries.

Claptrap314 Silver badge

Re: Deadlock condition?


Improve Linux performance with this one weird trick

Claptrap314 Silver badge

I'm pretty sure

I mentioned this in my FIRST reply to the FIRST article that came out about SPECTRE. The drip, drip, drip of these exploits is precisely why NIST recommended (for twelve hours) turning speculative execution off. These partial mitigations add up, and in a big way.

I've interviewed with multiple companies who have gone this route for protected database servers and the like. The cost savings are enormous, and, as alluded to above, with proper least-access privileges implemented network-wide, quite safe.

What surprises me is that a mere kernel option can really do it. To really see the benefit, you need to turn off things like retpoline when you compile your applications and libraries. I would strongly urge something like Yggdrasil if a company I was advising was considering going this route.

Claptrap314 Silver badge

Re: Hmmm.

I interviewed with Sonos about 5 years ago. Their original security model was: "Don't connect to a computer."

What happens when end users ignore the spec is a closely-related matter.

Another tech giant changes course on hiring – this time it’s Google

Claptrap314 Silver badge


I coin flip will tell you as much as Gartner.

For the uneducated, a coin will tell you which side came up. Gartner will tell you who gave them money.

Oracle agrees to settle class action over cloud sales tactics for $17.5m

Claptrap314 Silver badge

Missing data point:

How much Oracle makes a year...

Mergers and acquisitions put zero trust to the ultimate test

Claptrap314 Silver badge

Nice job

Copy-pasting that presser. "Earned media" and all that.

US EV drivers won't be able to choose vehicle safety alert sounds

Claptrap314 Silver badge

This is not about you. This is about the blind. That there are also benefits for sighted people in some cases is simply a political argument.

SCOTUS judges 'doxxed' after overturning Roe v Wade

Claptrap314 Silver badge

We live in exceptionally dangerous times

when even the most conservative and originalist members of the USSC refer to our form of government as "democracy". It makes me wonder if they think in the back of their heads that they were elevated to the Court by some sort of plebiscite.

And as for everyone else, the US has never had, and hopefully will never have anything approaching democracy as its form of government. We are a constitutional republic. The very fact that laws are passed by congress, and that the Courts dare to occasionally dismiss such laws a unconstitutional should, I think, be a constant reminder of this fact, but apparently not.

Claptrap314 Silver badge

Re: Privacy is mentioned nowhere in the US Constitution.

I'm as much a conservative as you're likely to find, but I'm also an originalist, and you're not being honest in your reasoning.

1) The third amendment is very much, although not exclusively, about privacy. Pre-telephone, quartering is a VERY effective way of keeping an eye on "troublesome" people, and almost everyone involved in drafting and passing the constitution either themselves or their fathers would have qualified as "troublesome" not too much earlier.

2) The "and their papers" of the fourth amendment is, again, very much an issue of privacy. How would the "committees of correspondence" have fared if the government had driven very far against it? Or for that matter, what if a businessman happened to corrupt a government official & seize papers for competitive gain?

3) One of the objections that was raised against the Bill of Rights was that the inclusion of certain rights would result in the disparagement of others. The idea that these recent revolutionaries would have had _any_ truck with the "if you have nothing to hide, there should be no problem" bs that has occasionally been pressed by some faux-law-and-order types is laughable.

Privacy certainly _is_ one of the "unenumerated rights". That what has been done by prior courts at times under the banner of the privacy has been abominable does not affect this fact.

Defense contractor pays $9m to settle whistleblower's cybersecurity allegations

Claptrap314 Silver badge


Let's see. We can net $142M this year. Now, there is this _tiny_ security fix we need for our system. It costs $34.5M. And, if we don't, the worst we can expect is a $9M fine. Maybe.

What is our fiduciary responsibility?


Seriously, I'm more upset with the government here than anyone. NO WAY was the unclassified network 100% p0wned, but the classified secure. That company should be fined out of existence, and that CEO behind bars for a decade or so, and not at Club Fed.

Unless the government _wants_ more of this for some unfathomable reason.

US military contractor moves to buy Israeli spy-tech company NSO Group

Claptrap314 Silver badge

I had not thought this possibility through

but it is a natural consequence of my observation here some months ago that the NSO is a weapons manufacturer.

Interesting that this is an international acquisition, however...

HavanaCrypt ransomware sails in as a fake Google update

Claptrap314 Silver badge

"Lastly, the malware looks at the system's MAC address and compares it to organizationally unique identifier (OUI) prefixes usually used by virtual machines."

This is just nuts. There is NO reason for a VM to use predictable addresses like this, and this obvious route to identifying the presence of a VM should have been revealed by even a cursory security review. Certainly, the services are a "bigger" issue in this regard, but to not even bother with such a simple & obvious change...

This is why we can't have nice things.

Leaked Uber docs reveal frequent use of 'kill switch' to deactivate tech, thwart investigators

Claptrap314 Silver badge

Re: "Dawn Raid Manual"

If you want a retroactive law in the US, checkout the 1993 tax hike. Passed after president Clinton assumed office, it took effect 1/1. Of course, for some strange reason Her Royal Clinton just happened to have asked to be paid for some of her 1993 "work" for some law firm in 1992--a request that was granted.

Yes, our written constitution has a clause against that. Constitutions are only worth the people who enforce them.

Systemd supremo Lennart Poettering leaves Red Hat for Microsoft

Claptrap314 Silver badge

Re: Motive found.

I see you've understood the full point of the analogy.

Claptrap314 Silver badge

Would that be to ditch the whole thing & build a process 0 that did NOT start out with the notion that sysadmins are stupid?

This is the military – you can't just delete your history like you're 15

Claptrap314 Silver badge

Re: I believe the story

That really depends on what exactly was SUPPOSED to be going on with those computers. It seems likely that was a TS site, and if the Powers That Be decide it's time to make an example, it's not that hard to turn any security violation of TS into hard time.

We were ALL briefed (repeatedly) about the consequences of violating TS security. (Technically, a firing squad is possible.)

US floats framework for international crypto regulations that cement its power

Claptrap314 Silver badge

Another Angle

I realized that holding a cryptocoin is holding stock--in a company with no income, assets, sales, employees, or liabilities, and with novel rules regarding stock issuance and the structure of the board.

I really think that, from the standpoint of consumer protection, coin regulation ought to start there. There is absolutely NO reason for governments to take seriously the notion that this stock is a currency. It clearly is not, and anyone with any sense of history or politics knows that if it ever were to reach such status, it would be attacked and destroyed almost immediately.

Claptrap314 Silver badge

Re: OK but...

In a conflict where one side wields a theorem & the other wields a gun, bet on physics to win.

Claptrap314 Silver badge

A Ponzi scheme is a situation where the schemer promises guaranteed outsized returns in some other business with the intent to generate those returns primarily by attracting new investors. Ponzi himself claimed to generate money by investing in land deals.

Very few of these ventures meet that definition. In particular, there is not promise of any particular return & there is no other business involved.

Google said to be taking steps to keep political campaign emails out of Gmail spam bin

Claptrap314 Silver badge

"Never forget"?

In both the 2016, and 2020 elections, these pages reported research that Google was biasing search to favor the D nominee. And I was present at a TGIF (attended by a substantial % of G workers) in 2015 when a director bragged about changing the election results in a Central American country.

It takes a "Some animals are more equal than others" kind of brazenness to claim that concerns of Republicans that they are getting unequal treatment regarding these filters.

Without reading the details of the proposed bill (something which usually takes a JD & access to the Federal Register to decode anyway), the description sounds like they are wanting to require that campaign-related email requires an opt-out. An ugly, transparently self-serving bill? Certainly. But G in particular has no valid claim of neutrality, so these untraceable in-kind donations must be stopped if there is to be any hope of free and fair elections.

The question that I have is: will the opt out actually work? I've got one company whose emails come through no matter how many filters I try to slap on it. (And yes, I only use gmail for work.)

City-killing asteroid won't hit Earth in 2052 after all

Claptrap314 Silver badge

These guys need to up their game.

No one's going to take them seriously until they knock 40 of those off the list...

Arrogant, subtle, entitled: 'Toxic' open source GitHub discussions examined

Claptrap314 Silver badge

Re: Hoping they can publish a fix soon.

Your mask suggests you are being sarcastic (which I certainly hope), but this being the internet, it is impossible to tell without an explicit flag. So--no vote either way.

Hangouts hangs up: Google chat app shuts this year

Claptrap314 Silver badge


When I started at G in 2015, it was as an SRE for Hangouts. At that time, Hangouts had already passed two internally-announced shutdown announcements.

Kinda sad to see it go. Not putting bets as to when it _actually_ goes...

Soviet-era tech could change the geothermal industry

Claptrap314 Silver badge

Re: what if ...

Power supply is an issue.

Claptrap314 Silver badge

Re: How deep?

That's not the sort of scaling issue we usually discuss here, but okay...

More than $100m in cryptocurrency stolen from blockchain biz

Claptrap314 Silver badge

Re: Isn't it funny...

Oh? Who said what the value of coin is?

I'm a well-documented crypto-critic, but do educate yourself before opening your mouth.

US senators seek input on their cryptocurrency law via GitHub – and get some

Claptrap314 Silver badge

How conventient

For a legislator holding coin to propose legislation to increase the legitimacy of coin! Nice work, if you can get it.

Linus Torvalds says Rust is coming to the Linux kernel 'real soon now'

Claptrap314 Silver badge

Remember when Scala was going to solve this problem for higher level languages?

I'm not holding my breath.

And my complaint against C for something like an OS kernel is that you loose direct access to the flags register. Integer overflow error almost disappear when you have it.

Think about that.

Bounds-checking array accesses become MUCH cheaper.

Think about that.

Imagine (if you're old enough) writing C with that capability in place. NOW, explain how excited you are about Rust.

Again, I'm not saying that Rust is no good for the kernel. However, it strikes me that people seem to want to jump to entirely new tools when really, some minor tweaks to existing tools can get them much of what they need.

Florida's content-moderation law kept on ice, likely unconstitutional, court says

Claptrap314 Silver badge

Re: Oh, now sites are responsible for what's posted on them?

I'm pretty sure I get what you're trying to say, but in fact, US laws generally DO apply globally--to US persons. In fact, we have laws expressly against certain types of sex tourism, for instance. Of course, if you travel (or operate) outside the US, the locals are going to demand that you obey their laws. A fact that seems to elude many people. (And get me lots of downvotes when I phrase it a certain way here.)

Investors start betting against Bitcoin with short-trade products

Claptrap314 Silver badge

If you are calling the US a "tin pot country", I might, depending on my mood & the subject, agree. But in context, I would say that you are at best misleading.

FDR outlawed it. From what little reading I have done, it seems that it is a preparatory step to going off the gold standard, which is why I stretched a bit & called it "generally outlawed".

Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ

Claptrap314 Silver badge

I think I see a problem in the premise...

"secure the Windows operating system"

Totaled Tesla goes up in flames three weeks after crash

Claptrap314 Silver badge

Am I the only one

that REALLY doubt's that these electric cars are "good for the environment"?

Bipolar transistors made from organic materials for the first time

Claptrap314 Silver badge

Is this moving things forward?

I would like to know what kind of minimum feature size we are talking here. Also, switching speed. Also power consumption. Also MTBF (in several variants). Also, expected manufacturing complexity & stability...........

I'm not raining on conducting research, I just want to know what we really have here.

Claptrap314 Silver badge

Re: Just a small elephant...

I'll trust you on the Si side of things. Do we know this on the organic side?

Mega's unbreakable encryption proves to be anything but

Claptrap314 Silver badge

Re: repeat after me

You must trust someone. The problem is that few people even have the education to even understand WHY they should not trust themselves. (Most can be browbeaten into submission, but that's a separate matter.)

I was just talking about this to a friend. There are probably about 3000 people in the world today who I would trust to write a crypto library. I'm arrogant enough to include myself in that list. But because I _am_ properly trained, I also know that it would take me FAR longer to convince myself that I had not messed something up than would be worth it.

DARPA study challenges assumptions about distributed ledger (and Bitcoin) security

Claptrap314 Silver badge

What exactly is new here?

And by "new", I mean, "Not already discussed on the cyperpunks mailing list in the '90s?" Certainly, we did not call the pools by that name. But the concepts were all there.

The fact that this "report", or whatever they are styling it, doesn't even mention the 40% attack on Bitcoin means either someone needed to get something published, or that this paper is an attack on crypto. (This is coming from the US govt, of course.)

I was a cypto-skeptic in the '90s. I've never attempted to create an account. I've publically called BTC & friends "beenie babies" & "tulips" & worse. But this "report" contains less value than an airdrop in Somalia.

Cloudflare explains how it managed to break the internet

Claptrap314 Silver badge

Re: I'm curious

It's $200/mo for something that their competition does for free. You attacked their business model over this. And I'm doubling down here--you're demonstrating an utter lack of proper prioritization on this point.

You know (apparently first hand) that the monthly cost of building a resilient app runs at least 6 figures a year. Against that level of spending, you're going to weigh $2500 priced as an addon? What if the cost of the base contract is $5000 less?

Look, if you just don't like them, that's fine. But any evaluation of a solution has to be based on total cost, and you're talking about a rounding error.

CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure

Claptrap314 Silver badge

Re: Hmm

"safely" "connected network"--I'm not certain that you fully understand each of these terms...


Biting the hand that feeds IT © 1998–2022