Re: How?
Congratulations! You now have this certificate that you have more sense than about 70% of programmers currently employed.
As always, the beer is for crying in.
Posts by Claptrap314
1318 posts • joined 23 Jan 2015
7*7 = a simple equation for taking total control of multiple VMware-powered clouds
As anti-brutality protests fill streets of American cities, netizens cram police app with K-Pop, airwaves with NWA
Wednesday 3rd June 2020 03:18 GMT 
Re: some things to consider, commenting from your nice safe keyboard
I was completely with you until your called jujitsu the "thug's version" of judo. There are certainly thugs in both, but my first sensi in jujitsu bounce the one that showed up in a hurry. Yes, most forms of jujitsu are not sports. On the street, the rule that matters more than any other is that I survive. The next one is that I cause the minimum damage to the other person necessary to ensure my survival. That means that I am responsible to avoid even having a confrontation at all. Failing that, I am to avoid even embarrassing the guy. It also means that (in my form) unless I'm a third degree or higher black belt, I treat a knife attack like a mortal threat, and respond in kind.
If that makes me a "thug" in your book, then I don't want to get to know you.
Wednesday 3rd June 2020 03:06 GMT
Re: To scare .....
Then you weren't paying attention.
I heard about them in the early 2000's. "Oh, some bored folks beating up skinheads at concerts--whatever." But, you know--"everyone hates the Illinois Nazis"--let's drive a car through a bunch of idiots!
November of 2016, Antifa showed up in force with significant brownshirt tactics.
They've been popping up whenever there was a riot to be had ever since.
Wednesday 3rd June 2020 02:57 GMT
Re: "Yes, Anon activists are back."
You hear what you want. If those words came to your mind, that's on you. I downvoted the post, but not for the fact that he called out the sanctification of the name of an apparent career criminal. And he specifically stated that his history in no way justified his treatment.
Tuesday 2nd June 2020 23:02 GMT
Re: "Yes, Anon activists are back."
First, they are not. Second, any KKK or neo-Nazis in Seattle are truly hard to come by. I live just north of Seattle. There have been fliers out offering money to people to cause trouble. So rent-a-mob is accurate. Also, their communications are not secured, so word tends to get out a few hours before the start. So when they tried to hit Snohomish, the locals showed up prepared and in force. A friend of mine said he hadn't seen so many guns since the Gulf War. Antifa freaked out and ran when they saw what was waiting for them. No violence. Nothing.
And yeah, that cop better get the death penalty.
Publishers sue to shut down books-for-all Internet Archive for 'willful digital piracy on an industrial scale'
Tuesday 2nd June 2020 22:19 GMT
Re: Digital Era
My problem is not with DRM per se. My problem is that DRM slices and dices my rights until nothing at all is left. In particular, it is not possible to purchase books in the traditional sense. It has become impossible for me to use one of these systems (which I have NEVER done) without being tracked for everything I do. And oh, if Amazon (or whomever) decides, I lose any or all books I have paid to access permanently and without recourse.
Not to mention I cannot move the work to a different device without permission or a different format at all.
If I read trash novels, I might consider using DRM. But for a work that I actually want to study, no. Just entirely no.
Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues
Tuesday 2nd June 2020 21:50 GMT
Re: Yesterday (1st July), (3rd July)
You obviously don't know how to think like an attacker.
The bad guys are real. NO fortress is impenetrable. NO cypher is indefinitely secure. It is much, much safer to autoexpire a cert than to ensure that the secrets it protects have a short enough lifespan that it is actually useful.
The world being full of lazy idiots means that cert expiration screwups are going to be a thing. As another has said, the best solution is to make the periods short enough that updating become routine.
Except, the better idiot will figure out how to screw that up as well.
Snapping at Canonical's Snap: Linux Mint team says no to Ubuntu store 'backdoor'
Tuesday 2nd June 2020 21:40 GMT 
Bad neighbor
The fact that snap creates ~/snap by itself tells me that the developers are at best extremely arrogant. You do NOT get to claim subdirectories in MY homedir unless they start with a '.'. This has been true since.... Well, since I got onto a Unice in the early 90's, at least.
Now, I find out that this is being driven by Canonical? Again? I moved to Mint to get away from some of their garbage in the first place.
Hey, Mint, team! Switch your upstream to Devuan. Because every week, I'm thinking about switching directly there myself...
'Beyond stupid': Linus Torvalds trashes 5.8 Linux kernel patch over opt-in Intel CPU bug mitigation
Tuesday 2nd June 2020 21:30 GMT
And here I thought Amazon would do the right thing
Silly me.
To review:
1) Spectre-class bugs CANNOT be mitigated in current hardware.
2) The entire point of caches is to speed process execution. Therefore any process with fine-grained access to the clock is going to be able to derive information about the addresses of data held in the cache. With Spectre-class attacks, one can derive information about the contents of the data.
The only way around this is to ensure that all code running inside the same cache has the same security context.
So, for Amazon, you are sharing your data with everyone else on the box. Dedicated boxes are required for anything handling PII.
Nice wallpaper you've got there. It would be a shame if it bricked your phone
Pablo Escobar's big bro and former accountant sues Apple for $2.6bn over FaceTime bug
Thursday 28th May 2020 21:36 GMT
Bug-free software exists, for the same reason that mathematical proofs exit. Of course, if you can produce mathematical proofs, they tend to "give" you a PhD. And in my experience, bug-free code is harder than most theorems. (I was accepted into the PhD program in mathematics, and work as a programmer.)
But they are not cheap. That's the real problem. No one wants to pay for bug-free software.
Dude, where's my laser?
Galaxy S20 security is already old hat as Samsung launches new safety silicon
Das reboot: That's the only thing to do when the screenshot, er, freezes
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Thursday 21st May 2020 19:04 GMT
Re: conservatives and liberals ...
I had a (conservative) lawyer friend of my explain that a crime involves a criminal act and a criminal mind. So the state of mind of the defended at the time of the alleged crime really does matter.
Consider, for instance, that many statutes include phrases like "willing and knowingly..." In the case of murder, we distinguish premeditated from heat-of-the-moment from accidental killings
Friday 15th May 2020 20:23 GMT
A corporation is a group of people united by contract and recognized by the State as a separate entity. This entity can engage in further contracts, and we want those contracts to be enforced by the courts. In American jurisprudence, that means that they are "persons" under the law, as only legal persons appear before the courts. (If a dog attacks you and you get hurt, you cannot sue the dog, only the owner.)
There has been some back and forth as to which rights of the individual can survive incorporation. We has a strange situation for several decades where some corporations (labor unions, political parties) could incorporate the right of advocating politically, but not others. (This statute was created by a miffed politician after he faced more money in a campaign than he had expected.)
The Citizen's United case affirmed that political advocacy was a generally incorporatable right.
FCC boss pleads with Congress: Please stop me from auctioning off this spectrum for billions of dollars
Far-right leader walks free from court after conviction for refusing to hand his phone passcode over to police
Thursday 21st May 2020 18:47 GMT
Re: And the moral of this story is ...
It's really more complicated than that.
We need the police to hunt down murders & the like.
The police can only be effective in doing so if they have the faith and trust of the public.
The human brain being what it is, every public case of police corruption lowers the faith and trust of the public.
Therefore, during times of low trust, there is a strong motivation to only publicize the worst cases of corruption.
And what do we have? In the States, Antifa & BLM are large, explicitly anti-police organizations. (Antifa of course is anti-police among other things, while BLM is specifically targeting the police) Antifa is violent to the point of being considered a domestic terrorist group by some definitions. And while BLM might not be violent per se, their chants of "oink oink bang bang" are certainly advocating violence.
Which means that these movements are expected to increase the covering up of police abuses.
DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline
Thursday 21st May 2020 18:18 GMT
Re: Urgently patch your publicly available, recursive DNS server
You're missing the point of the attack. The resolver at badguy.com is "misconfigured" on purpose--that is the attack.
The issue is that a recursive resolve typically resolves all of the name servers listed in a response in preparation for load balancing. The fix is to only resolve one per query.
Houseparty denied it had been hacked... while miscreants were abusing its dot-com domain name infrastructure
Wednesday 20th May 2020 18:24 GMT
Re: Address recycling
I'm sorry, but no.
Certainly, it is easier (today) to grab of 2^48 or so addresses and not worry about proper address management. But sloppiness is what has gotten us into this mess.
Subdomain mismanagement is a major problem with Microsoft. Now we see that they are "industry leaders" instead of outliers.
If you properly manage things like DNS records, it's going to take a significant amount of effort.
If you don't properly manage things like DNS records, you are going to have a bad time.
IPv6 might (might) allow you to get by with pretending that you can orphan IP addresses for a while. But the pain you will be in when it all falls apart (and it will), will be orders of magnitude more severe than when you are stuck with 32 bits for the entire world to play with.
Microsoft gives Office 365 admins the heads-up: Some internal queries over weekend might have returned results from completely different orgs
Uber trials fixed-price hourly rentals for visits to the butcher, the baker and the candlestick-maker
Tuesday 12th May 2020 22:13 GMT
Re: The urban transport solution for coronavirus and afterwards
I had my walk/bike everywhere days. Even at the age of 19, they generally sucked. There is a real limit on how much you can carry on a bike. I learned hands-free biking just to be able to carry more.
And..rain happens.
And...I was 19. Not everyone lives your urban paradise. Necessary stores are often miles away, with serious hills between. People age.
If you can walk/bike it, by all means do. But don't demand that everyone does.
Heck, I don't use a rideshare every quarter. That doesn't mean I condemn those who do.
Incredible how you can steal data via Thunderbolt once you've taken the PC apart, attached a flash programmer, rewritten the firmware...
Wanna be a developer? Your coworkers want to learn Go and like to watch, er, Friends and Big Bang Theory
Microsoft claims AWS has used new JEDI mind trick with secret contract objection filing
Go on, hit Reply All. We dare you. We double dare you. Because Office 365 will defeat your server-slamming ways
What do you call megabucks Microsoft? No really, it's not a joke. El Reg needs you
Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers
Wednesday 6th May 2020 21:21 GMT
Software is not Deux Ex Machina
Software can only do what it is programmed to do. Before Captain Skully, would YOU have programmed your system to recognize a river as a viable emergency landing point?
You give a man the rest of his life to figure out a solution to a problem where he is an expert in the field, and you will be amazed at what he comes up with.
How do you program that?
Ex-Microsoft Office chief reflects on early malware and the 'global attack on the new Windows PC infrastructure'
It has been 20 years since cybercrims woke up to social engineering with an intriguing little email titled 'ILOVEYOU'
UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal
GoDaddy hack: Miscreant goes AWOL with 28,000 users' SSH login creds after vandalizing server-side file
Android trojan EventBot abuses accessibility services to clear out bank accounts – fortunately, it's 'in preview'
Friday 1st May 2020 22:48 GMT 
Here is your rouge user
In another thread, there was some b******* & moaning about worrying about "rouge users" inside an organization.
It's not the user, it's the user's device that matters.
Certainly, a user might try to do naughty things. But absolutely, if the user's device is compromised, naughty things have already occurred.
So, unless you can scan every website for every bit (heh) of malware that ever has or ever will exist, if you allow some access to the internet, than you must consider that machine, and every access coming off of it, compromised.
