* Posts by YetAnotherJoeBlow

147 posts • joined 5 Apr 2015


Network sniffers find COVID-19 did not break the internet – though it was behind a massive jump in outages


I live in the Philippines and internet has just been shite. My net at home can only muster 14KB uplink! I am extremely lucky to get 900kb/s download. Globe is the worst but Smart is not much better.

University of Cambridge to decommission its homegrown email service Hermes in favour of Microsoft Exchange Online


Re: change for sake of change

"And I hope you have a bloody good lawyer as you're implying Microsoft bribed Cambridge."

Of course we all know that Microsoft would never condone such circumstances.


Re: But It's Shiny!

"to be seen to be running an off-the-shelf system or a bunch of homebrewed stuff?"

Like Linux?

Who was behind that stunning Twitter hack? State spies? Probably this Florida kid, say US prosecutors


Overheard at Twitter...

"Damn, we cannot hire FireEye Securty and pay them to announce to world + Dog that this hack was done by State Actors and that nobody could have defended against those nation/state actors."

Japan starts work on global quantum crypto network



What I do not know of quantum cryptography could fill a book - but I do know it must be secure because I know several groups trying diligently to subvert it. My question is can an old dog learn new tricks as it looks fascinating. I am reasonbly certain my math will hold.

GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system


Re: Install your own boot loader

It is a savings account for when the rent gets raised.

Intel couldn't shrink to 7nm on time – but it was able to reduce one thing: Its chief engineer's employment


Mean while...

In other news, Venkata "Murthy" Renduchintala has accepted a position with TSMC as lead architect for 3nm. A smiling Murphy quipped "you just can't make this shite up."

Garmin staggers back to its feet: Aviation systems seem to be lagging, though. Here's why



I spend all week hacking on a program and I get a nice paycheck - they spend a week hacking on a program and get millions. It just makes you think does it not? My arsehole is too tight for prison work though.

Raytheon techie who took home radar secrets gets 18 months in the clink in surprise time fraud probe twist


Re: "he had downloaded documents to an external drive against company policy"

"Add to that the fact that he probably had access to a lot more documents than he should have (c'mon, you know it has to be true), and it's blindingly obvious that he could export the data."

"I find it interesting that they had logs of his activity, but no alerts on the logs. They had to go digging to find that out. Why wasn't there an alert when something classified is loaded onto an external drive"

That is why he got a VERY light sentence. Both sides agreed he needed to be punished so he got what he did. Defense told the prosecutor discovery will be a bitch and do you really want world+dog to know how bad both the gov. and Raytheon no more no less are at security - and of course exactly how much this all cost? Oh by the way Raytheon, GAO is on the line for you. I'll bet he had some very bad things on that drive.

Every job I ever worked as a gov. sub, security was tight, very tight. I never saw Laurel & Hardy once. Had he not cheated payroll and not lied, this probably would have been treated a lot different.

Cabinet Office takes over control of UK government data: Mundane machinery or Machiavellian manoeuvrings?


A bit lost here...

I take it that Dominic Cummings is a less than stellar choice?

It's a Meow-nixed system, I know this: Purr-fect storm of 3,000+ insecure databases – and a data-wiping bot


Just the beginning

Over the years I have come in after the fact (damage over 1200-2400 baud modems - about the time when kids started war dialing numbers to get a modem instead of a fax) and watch some mom and pop businesses shut down having lost everything - their customer list, inventory, orders and custom logic. It is easy to say "you did not have a backup?" as they are watching their business self destructing. Some of these acts influenced my then future career decisions.

I think we are going to be inundated with these type of things. Of course there will be some good out of it - business will half to start hardening their silos. We will probably see Indian corporations form like they did for the year 2000 stuff. Small businesses are rather easy to secure.

From Accompli to Microsoft to Google: G Suite chief Javier Soltero chases the 'complete collaborative experience'



What I usually observe (this is not my bread & butter,) Is the lack of finesse. Current solutions are about from 80 - 90 percent. Then products are sold with the caveat "oh that feature will be in the next release;" but by the time the customer really needs that feature - it is still vaporware. If the developers of these office products actually saw how their work is used, I mean really used by pro's, the developers could then finish that last mile.

That feedback used to come from marketers - "if you develop (insert feature here,) I could sell a million of them!" Now the strategy is one size fits all, but it does not fit.

VMware to stop describing hardware as ‘male’ and ‘female’ in new terminology guide


Some perspective

I have a driver I maintain for a specific piece of hardware (QOS and routing) that I share with others (customers and associates.) Near the end of last year I got a pull request to update some terminology in it. Briefly the following PM, PS, SM, SS, TM, TS, QM, QS, ...(primary, secondary, ..., master, slave - egress lanes.) At first I thought it was a joke - it was not. They were not my customer but my friends. Briefly, I said no. Customer told me that was unacceptable. I told the customer to stop using the driver then. Customer again told me that was unacceptable. I almost revoked the customers license, but I did not. The customer then told me he was going to get me fired (I'm freelance.) I told my friend to deal with it. The next day the pull request was rescinded.

I was going to change PM to primary/master etc. but I did not, I just let it go.

What the hell is the matter here? Things are very broken. Thank God I'm so very close to retiring. I can just imagine what it would be like just starting out. What is being taught in the Universities?

Privacy Shield binned after EU court rules transatlantic data protection arrangements 'inadequate'


In the end...

This is all just theater anyways. I mean really, do you think our respective countries will ever play by the rules? If you are a crook, you will just exchange encrypted binary blobs using a dead drop (either digital or physical.) In the end if the government wants to read all your goodies, they of course will.

I have often wondered what would happen to Google et al if I prevented scraping - it is not that hard to do really (I mean physically - not robots.txt.) What would Google do? Start paying you maybe? Or, how about on Facebook, just posting armored ASCII between all your contacts?

Don't want AWS training its AI systems from your pics, text, audio, code? It's now easier to opt out of the slurp


Opt out

That is how Facebook et al word the T&C so they can slurp with impunity. Personally I think that is shady. I would put a notice like:

If you sign in with _____________, they will retain your data and that ACME App has no say whatsoever how _____________ retains and uses that data. It is your responsibility to opt out with them, not ACME.

Motorbike ride-share app CEO taken to pieces in grisly New York dismemberment


Who dunnit?

My first thought was that he took someone home to party with which was a setup. Of course it was very personal; a spurned love interest - or a failed business deal. Pictures will tell a lot more.

Linus Torvalds banishes masters, slaves and blacklists from the Linux kernel, starting now


When I push the next driver change I have, I will raise an eyebrow or two when the maintainers say they are busy; despite the commit log being sparse - except for all those censoring commits.

Google Cloud cancels planned Chinese venture


"The company is not considering offering Google Cloud in China, the spokesperson added."

Not now.

Capita Consulting ditching more than a quarter of its workforce 45 days after consultations with consultants



Every time my eyes see Capita, my brain still sees Crapita.

"EasyJet confirmed it is laying off 1,300 crew and 727 pilots"

727 pilots or, seven hundred twenty seven airplane pilots... :?

GitHub redesign goes mobile-friendly – to chagrin of devs who shockingly do a lot of work on proper computers



I substantially automate Github. Something broke a few weeks ago and my automation fails. I am in the process of locally hosting all my clients except certain secure repos. I have done this a lot lately for other services as well. It appears that I am not groking continuous delivery as it constantly breaks needed features. I rather dislike dumbbing down features to be more inclusive.

Talk about the fox guarding the hen house. Comcast to handle DNS-over-HTTPS for Firefox-using subscribers


...but it is DOH!

"Comcast has moved quickly to adopt DNS encryption technology and we’re excited to have them join the TRR program," Firefox CTO Eric Rescorla said on Thursday.

Eric, you need to stop drinking the Kool-aid. Really.

Machine-learning models trained on pre-COVID data are now completely out of whack, says Gartner



So... their models are not AI - they are just matching patterns. If it was AI, the systems would adapt themselves to work with the new data stream. In the mid-eighties scientists could do pattern matching like this, but the hardware was not up to snuff to scale with PDP-11's with 1MB RAM or even the mighty VAX.

While some of the math has changed (more optimized), the end result is the same. It is all hardware driven. Now the problem will shift back to software since we no longer have exponential growth in CPU speed - proving yet again that our industry needs to do better than just software bloat and feature creep.

I am very fortunate that I got my degree when I did. What I learned then is still very much applicable to my work today, and that trait is sound judgement.

Chrome extensions are 'the new rootkit' say researchers linking surveillance campaign to Israeli registrar Galcomm



I know some guys that - lets just say they are very flexible on who they work with - tell me that it has never been easier to pwn networks, phones, IOT, or any endpoints for that matter. While I work in embedded and know what a crap shoot it is, if people actually saw what these guys do, they would never bank or pay with a phone. I don;t. Once they have your phone, they are into everything you are into. The sky isn't falling, it already fell.

Google’s Fitbit lift strains competition laws says Australian regulator



"Google has promised Fitbit data won’t be used to fuel ads, that promise is not binding."

Well then, that pretty much sums it all up for the tech industry.

The girl with the dragnet tattoo: How a TV news clip, Insta snaps, a glimpse of a tat and a T-shirt sold on Etsy led FBI to alleged cop car arsonist



No hacking needed, no cell phone needed, and no browser history needed. Just police work. So... you want my phone? Get a warrant.

Facebook boffins bake robo-code converter to take the pain out of shifting between C++, Java, Python


Even better

Now for something really useful - Java to C. Ditch all the frameworks.

Whatsapp blamed own users for failure to keep phone number repo off Google searches


I wonder

I find it unbelievably depressing everytime freshman year mistakes are now the rule of thumb. Have they ever heard of format preserving encryption - or even a simple hash?

Computer Science has been dumbed down to the extent of being equivalent to a trade school. You can learn how to write PC program comments but not writing good code itself. Pathetic.

Moore's Law is deader than corduroy bell bottoms. But with a bit of smart coding it's not the end of the road


Re: DEC Fortran

So, back full circle. It's nice to know that the way I was taught in the 70's and 80's is back in vogue again. I never lost sight of that and continue to this day writing fail-safe code.

I have fond memories of DEC FORTRAN. Both F IV and F77. I used to burn EPROMS under RT11 and RSX.

Global bean-counting behemoth PWC tells vendors: Now would be a great time to audit your customers



I remember when MS$ was using the BSA as a weapon. I technically successfully defended several companies from their extortion attempts, including to sue MS$ in small claims court (no lawyers.)

Sophos puts 100 at risk of redundancy as future of Naked Security blog hangs in balance


Re: AV vendor needed

I use ESET endpoint protection along with Snort. I also use tripwires and other assorted goodies.

IBM to power down Power-powered virtual private cloud, GPU-accelerated options


Re: AS400 ?

I had a System/38 mod 8 a long time ago - It was rock solid. Strangest OS I have ever seen. I hated RPG 3, but man could you implement systems quickly.


As usual

Yet again we subject ourselves to problems we already solved in the nineties. I just love all things cloudy.

What the hell is IBM smoking? Why shit on your paying customers? Nothing like manufacturing a problem where there is none.

Microsoft's carefully crafted Surfaces are having trouble with its carefully crafted Windows 10 May 2020 Update


All of which shows...

None of their testing volunteers could afford a MS Surface.

Nice wallpaper you've got there. It would be a shame if it bricked your phone


Re: So, a simple JPG can crash Android?

That is precisely why patches need to be taken away from the carriers and pushed by Google instead.

Wow, that statement really pains me.

AppGet 'really helped us,' Microsoft says, but offers no apology to dev for killing open-source package manager


Re: Mandatory...


While you are being a bit more charitable than I am, you are spot on about package mirror support. Anything short of that, M$ will have laid their cards down face up.

They've only gone and bloody done it! NASA, SpaceX send two fellas off to the International Space Station


Lift off

Was it just me or did the rocket take off much faster than normal? Almost like an ICBM.

Danger zone! Brit research supercomputer ARCHER's login nodes exploited in cyber-attack, admins reset passwords and SSH keys



The most important process in China at the moment is to be first with the vacine at all costs. Failing this, I would not want to be anyone connected with that effort. Their families, their homes, their livlihood, and their liberty all depend on being first.

As Brit cyber-spies drop 'whitelist' and 'blacklist', tech boss says: If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother


"If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother."

Sorry, I am not a sheep. This is political correctness gone mad.

We're all stuck indoors, virtual reality tech should be hot. So why is Magic Leap chopping half its workforce?


Targeted change

“To better prepare Magic Leap for the future, we have taken a close look at our business and are making targeted changes to how we operate and manage costs,”

A "targeted" change is to fire half of your workforce?

Bad news: Cognizant hit by ransomware gang. Worse: It's Maze, which leaks victims' data online after non-payment



My wife does work for Cognizant. Three weeks ago, they sent her a new computer; they were supposed to be online for the better part of two weeks now. Now I know why they have not communicated with her. Her Cognizant email address still works though.

So how do the coronavirus smartphone tracking apps actually work and should you download one to help?


False sence of security.

Once an app is made, I will bet money it has the normal analytics and crashlytics SDKs in the phone as well. It would be trivial to uniquely identify all the Bluetooth tags.

Google tests hiding Chrome extension icons by default, developers definitely not amused by the change


This sums it up...

"Be prepared for your extension to not have the host permissions you expect"

What that hell kind of statement is that? This is not a game of hide and seek. Jesus Google moderate the greed. F'ing control freaks.

Not only is Zoom's strong end-to-end encryption not actually end-to-end, its encryption isn't even that strong



I read an article in the WSJ app today (UTC +8) about Mr. Yuan. Mr Yuan gave a good interview - he almost had me - then he finishes with the insinuation that "someone" has targeted his company.

It's game over for me - even if someone has targeted the company. This sentiment taken together with past statements Mr. Yuan has made paints a bad picture.

Epic Games floats $1m bounty to ID source of 'commercial smear' claiming Houseparty chat app has been hacked



Thanks for the link to the pdf - I have never seen it before.

Hey, China. Maybe you should have held your hackers off for a bit while COVID-19 ravaged the planet. Just a suggestion



"For the love of dog"

There are quite a few public vpn's that are operated by three letter type agencies world wide. You go through one of those, the gig is up. Personally I do not even use TOR (even worse.)

AMD, boffins clash over chip data-leak claims: New side-channel holes in decades of cores, CPU maker disagrees


Re: @ including Javascript

On reason for client side processing is that PWAs need to have persistence locally to save state. IF the js code is trusted, this is a more secure process.

Personally, I'm afraid I'm biased. I do not download non-trusted code and run it - if that can be prevented; and if not, only run in a sandbox (ie a browser.)

IT services sector faces armageddon as COVID-19 lockdown forces project cancellations – analysts



I have a couple of government contracts - one in the US and and another in Asia. I sent an email to my contact in Asia saying I understand their situation and offered them an out. " Na - you can continue - we are still setting sail." I also have several active contracts in the US and elsewhere that are business as usual. Life will still continue.

Got your number? Maybe. 118 118 Money shutters website after spotting an intruder


Re: The personal loans business...

That is the way it is supposed to work.

Former Googler Anthony Levandowski ‘fesses up to pinching trade secrets about self-driving cars


he was able to download...

"... and that he accessed the document after his resignation from Google."

You can do that at Google? At all of my clients when they fire a person or when someone resigns, they are locked out before they ever even leave the office they quit or were fired in. By the time the interview is over, there is a list of what needs to be returned and also what the person has downloaded recently (about 1 yr.)

In fact a few of my clients have key people when hired agree to submit to a whole body scan on entrance and exit. This always includes me too although I never need to bring in anything.

Surge in home working highlights Microsoft licensing issue: If you are not on subscription, working remotely is a premium feature


For a minute...

For a minute there, I thought aManfromMars changed his nick to Long John Silver.



Biting the hand that feeds IT © 1998–2020