* Posts by YetAnotherJoeBlow

230 posts • joined 5 Apr 2015

Page:

Apple, it's OK. Seriously. You don't need to blind your iOS 15 engineers to prevent leaks

YetAnotherJoeBlow Bronze badge

If I worked at Apple, I would quit. No way in Hell I would develop sortware that way - that is insulting.

Code contributions to GCC no longer have to be assigned to FSF, says compiler body

YetAnotherJoeBlow Bronze badge

Re: Apple and GPL

Without Stallman, we would not have an objective C compiler.

As an aside, when companies say the license is too convoluted, or that the company wouldn't touch X with a ten foot pole, it usually means they could not rind a way to exploit it, and that is not necessarily a bad thing.

Deadline draws near to avoid auto-joining Amazon's mesh network Sidewalk

YetAnotherJoeBlow Bronze badge

If this was my idea...

I would put it on github and offer 10K for each 0-day or info disclosure found.

As such, security barely got a mention. It is an awkward grab of consumer data made by an envious and vain corporation.

Might this be one reason why Bezos stepped away so when this blows up, not to sully his reputation - if that is even possible.

This is really problematic. Who thought this up?

Oracle accused of eating software maker's lunch with hostile hiring, trade secret theft

YetAnotherJoeBlow Bronze badge

Oracle suprise

I mean really, does this article suprise anyone?

Arm freezes hiring until Nvidia takeover, cancels everyone's 'wellbeing' allowance

YetAnotherJoeBlow Bronze badge

Hmm

I wonder who green-lighted that? They obviously know something we do not.

The fix is in.

Freenode IRC staff resign en masse, unhappy about new management

YetAnotherJoeBlow Bronze badge

I still monitor my IRC account and still conduct some business with it. It is very good at what it was originally used for. I guess that makes me old..

Apple's macOS is sub-par for security, Apple exec Craig Federighi tells Epic trial

YetAnotherJoeBlow Bronze badge

Maybe it is just me, but reading what Federighi said sounds a bit desperate.

I have a feeling that Apple will regret some of the statements that Federighi was told to say.

Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away

YetAnotherJoeBlow Bronze badge

“It is just smoke and mirrors and highly immoral in my opinion”

Now thats the Microsoft we all know and love.

Korean app-maker Scatter Lab fined for using private data to create homophobic and lewd chatbot

YetAnotherJoeBlow Bronze badge

As usual...

The part I am always waiting for but it never happens is:

...And since your DB was obtained illegally, you must destroy the DB under on-site supervision.

FreedomFi's 5G gateways will mine HNT cryptocurrency for owners who dole out coverage to passing users, IoT devices

YetAnotherJoeBlow Bronze badge

Hmm 5g, crypto and mini base station - what could go wrong? All you need to add is a R PI for all sorts of fun.

39 Post Office convictions quashed after Fujitsu evidence about Horizon IT platform called into question

YetAnotherJoeBlow Bronze badge

Two words...

Malicious prosecution.

US aviation regulator warns of mid-air collision risk if Garmin TCAS boxes are not updated

YetAnotherJoeBlow Bronze badge

Very un-sexy

I rode in a Shorts 360 in Honduras a long time ago. We were heavy and as it rolled down the runway you could feel every crack - you could run over a dime and tell if it was heads or tails.

My seat for that adventure was a large cam shaft.

Exam-monitoring biz Proctorio tried to silence a critic using copyright law. Now EFF sues to put an end to this tactic

YetAnotherJoeBlow Bronze badge
Devil

bottom feeders...

Thats a nice business you have there - it would be a shame if something happened to it...

University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired

YetAnotherJoeBlow Bronze badge

"One last point worth raising, the kernel teams response should probably treat Uni researchers the same regardless of their nationality. Do we really want them setting a precedent that Uni's in China, Iran, and Russia can attempt unauthorized penetrations without sanctions?"

I imagine I would get the same treatment if I submitted the PRs - and I am not a citizen of any of those countries. A mammoth responsibility to police this.

The facts though cannot be ignored:

1) An accredited University actually approved the research. Is this the way research happens these days?

2) The commits made it to the queue. They did not make it to either staging or linus-next. My worries are for any APT crew or some other 3 letter agency - how easy is it to slip in a PR with SE?

It is disappointing on many levels to me.

We seem to have materialized in a universe in which Barney the Purple Dinosaur is designing iPhones for Apple

YetAnotherJoeBlow Bronze badge

That chair Tim is sitting in... Is he a pope?

'There was no one driving that vehicle': Texas cops suspect Autopilot involved after two men killed in Tesla crash

YetAnotherJoeBlow Bronze badge

El Reg

"Musk has tweeted to say recovered logs showed Autopilot was not enabled nor installed on the crashed car."

I wonder why the media has not mentioned the above - except for El Reg?

Brit authorities could legally do an FBI and scrub malware from compromised boxen without your knowledge

YetAnotherJoeBlow Bronze badge

Same old...

Does the Government need this tool? absolutely

Will the Government abuse this? absolutely

Will this end up a legal quagmire? absolutely

FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins

YetAnotherJoeBlow Bronze badge
Meh

Whew this is a tough crowd...

What is interesting is that after they removed the shell, a bot would redeploy the shell in minutes. The FBI of course knows this. What a great cover story.

Apple's pending privacy clampdown drives desperate marketers to overwhelm domain database

YetAnotherJoeBlow Bronze badge
FAIL

IMHO...

If the advertisers want to trespass on my phone, utilize my bandwidth, subsidize the cost of a new phone. If i want privacy, I will not get the subsidy.

UK terror law reviewer calls for expanded police powers to imprison people who refuse to hand over passwords

YetAnotherJoeBlow Bronze badge
Mushroom

Such a BS excuse too. Do they really think a terrorist will worry about a 5 year sentence? Of course not; but everyone else will have to expose their life to cops at airports, trains, buses, and ships.

This is blatent abuse.

PHP repository moved to GitHub after malicious code inserted under creator Rasmus Lerdorf's name

YetAnotherJoeBlow Bronze badge

The vulnerability that let in a bad actor needs to be found ASAP.

Red Hat pulls Free Software Foundation funding over Richard Stallman's return

YetAnotherJoeBlow Bronze badge
FAIL

troll

Did you sign up today just to troll and bash Stallman and Musk? Get a life.

Free Software Foundation urged to free itself of Richard Stallman by hundreds of developers and techies

YetAnotherJoeBlow Bronze badge

I wonder...

"Never mind that Minsky was over ~60 yrs old."

My wife is 20 years my junior - I wonder how many of those "orgs" despise me? Should I stop my contributions, my dollars?

In fact, in time, almost anyone can be pilloried - especially their enemies. I wonder when the woke will awaken?

Backblaze on the back foot after 'inadvertently' beaming customer data to Facebook

YetAnotherJoeBlow Bronze badge

Always the same...

They got caught.

1) feign ignorance (the easiest step)

2) waffle

3) cop it and do it a different way

4) get caught again

5) arrogance - tell everyone to read the TOCs

6) goto step 2

City of London Police warn against using ‘open science’ site Sci-Hub

YetAnotherJoeBlow Bronze badge

motive...

The very existence of sci-hub itself is a testament to the sorry state of affairs that academia, and by extension industry, has become.

Ministry of Defence tells contractors not to answer certain UK census questions over security fears

YetAnotherJoeBlow Bronze badge

What am I missing...

"urges them not to give full and complete answers to questions 41-42, 44, and 50."

Thank you for that tidbit of information. With some common sense, I can produce a list of all those folks that you do not want me to know about.

Why would the government publicly release those guidelines?

ZIPX files that aren't: Keep a weather eye out for disguised malware in email attachments

YetAnotherJoeBlow Bronze badge

Of course we all know that filename extensions mean absolutely nothing and that any file is hostile.

Another Windows 10 patch that breaks printers ups ante to full-on Blue Screen of Death

YetAnotherJoeBlow Bronze badge

Re: @Totally not a Cylon - "in some apps"?

Was the GA computer an IBM 1130 clone? I can still key in by memory the bootstrap on the front panel.

Microsoft's GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln

YetAnotherJoeBlow Bronze badge

Simple

If POCs were not published, vendors would not fix their products. Here I thought everyone knew that, silly me.

Talk about a Blue Monday: OVH outlines recovery plan as French data centres smoulder

YetAnotherJoeBlow Bronze badge

cooling

I wonder what OVH used for cooling - I hope it was not oil...

Intel CPU interconnects can be exploited by malware to leak encryption keys and other info, academic study finds

YetAnotherJoeBlow Bronze badge

Re: Another nail in the coffin of x86?

"Not if they examine ARM and find its worse."

Please enlighten me.

Excel-lent: Microsoft debuts low-code Power Fx language... but it is not really new

YetAnotherJoeBlow Bronze badge

great

Yet another source for 0-days and hostile links in emails.

SpaceX small print on Starlink insists no Earth government has authority or sovereignty over Martian activities

YetAnotherJoeBlow Bronze badge

Remember...

The earth still owns the garage - no permission to launch, you're not going anywhere.

France's cyber-agency says Centreon IT management software sabotaged by Russian Sandworm

YetAnotherJoeBlow Bronze badge

Eventually...

Until there is legislation with a true and meaningful penalty clause, this charade will never end - and it will get worse. It is like Google said; view every network and endpoint as an adversary.

I hate to think what the exploit will do that finally spurs action. All sorts of horrors come to mind. If we do not step up to the plate here, it is our fault to bear the burden of failure with the remedies that will follow.

SHAREit app for Android said to share way too much: Billion-download code with holes no one wants to fix

YetAnotherJoeBlow Bronze badge

A great tool

A fly on the wall told me that it originally started life as bloatware to push apps - now it is a handy app to check for if you are a malware developer and use its services. A real Swiss army knife so to speak - I do not think this is what was meant by reusable code...

Supermicro spy chips, the sequel: It really, really happened, and with bad BIOS and more, insists Bloomberg

YetAnotherJoeBlow Bronze badge

No silly, that is not Chinese espionage, that is just Intel's ME software...

EncroChat hack case: RAM, bam... what? Data in transit is data at rest, rules UK Court of Appeal

YetAnotherJoeBlow Bronze badge

Yet again...

Yet another fine example of police work demonstrating that a back door in the crypto is not needed for enforcement action. Every week I see such examples all over the world. By now there is no shortage of evidence indicating that said back door is needed at all - just good police work.

Severe bug in Libgcrypt – used by GPG and others – is a whole heap of trouble, prompts patch scramble

YetAnotherJoeBlow Bronze badge

Not best for every use...

In Rust there is "unsafe" code - just because it is all in one place does not really make it safer or necessarily easier. Rust is not the answer to everything and using Rust doesn't mean your code is OK. As in C, Rust has its share of bad coders too.

Maybe I just got a bad taste of Rust when I saw all these damn crates being assimilated when I built the project. I still have to verify all those crates when I certify my code. With the custom standard C library I have to use with some of my clients; that library has been already certified by the clients that use it. In some circles, Rust still has a ways to go yet.

We'd rather go down in Down Under, says Google: Search biz threatens to quit Australia if forced to pay for news

YetAnotherJoeBlow Bronze badge

runnaroo

Use runnaroo.com and optionally add these 2 filters to ublock:

www.runnaroo.com###pills-web > div.flex-md-row.flex-column-reverse.row > .col-md-10 > div

www.runnaroo.com##.col-md-10 > div

This makes for a very nice search page result. Try it. ymmv

FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion

YetAnotherJoeBlow Bronze badge

Yep

I agree. What corporate does not want to hear is that security is not just a product that you can order and install. Security is a tedious and full time job. The very best that I can provide is for tripwires to be set everywhere and I do mean everywhere (including black lists), combined with firewalls and something like snort. This setup is monitored 24 X 7 with dedicated personnel. No magic, just hard work.

Hollywood drone pilot admits he crashed gizmo into cop chopper, triggering emergency landing

YetAnotherJoeBlow Bronze badge

Yet again

The plod better be careful - yet another tech problem solved without any cyrpto backdoor in the drone. Warrants are not that painful to get.

Canadian uni blamed users after Workday HR switch, but some teaching assistants say they're still waiting to be paid

YetAnotherJoeBlow Bronze badge

Wondering...

Does nobody know how to cut a manual check anymore?

Unsecured Azure blob exposed 500,000+ highly confidential docs from UK firm's CRM customers

YetAnotherJoeBlow Bronze badge

Responsibility

If I exposed any data from my clients, they would rip up their contract with me - most assuredly I would loose my clearance for other contracts as well.

Like the OP points out, there needs to be some consequences for carelessness.

SolarWinds’ shares drop 22 per cent. But what’s this? $286m in stock sales just before hack announced?

YetAnotherJoeBlow Bronze badge

Status Quo

Every time this happens, I think that the investors would not be that stupid - yet here we are, again.

Exonerated: First subpostmasters cleared of criminal convictions in Post Office Horizon scandal

YetAnotherJoeBlow Bronze badge

A priest...

She is Anglican priest?! WTF? She needs to work at Google, the home of evil.

Google Chrome's crackdown on ad blockers and browser extensions, Manifest v3, is now available in beta

YetAnotherJoeBlow Bronze badge

What if...

If manifest 3.0 takes hold on Firefox, I would imagine Waterfox will have market share over Firefox.

Cybersecurity giant FireEye says it was hacked by govt-backed spies who stole its crown-jewels hacking tools

YetAnotherJoeBlow Bronze badge

Pondering...

I think that Fireeye was not the target. I would think the FBI would want to know which customer(s) data was exposed.

NEC to sell the accelerator cards it puts into supercomputers – for about $11,000 a pop

YetAnotherJoeBlow Bronze badge

Interconnects

It is the interconnects that is the secret sauce and co$t - if you can not pipe data in and out at speed from each at all times, they are not worth the cost.

UK Court of Appeal rebukes Home Office for exceeding its powers with bunkum 'national security' GSM gateway ban

YetAnotherJoeBlow Bronze badge

They forgot...

They forgot to add in the pedophiles with the terrorists.

Compsci guru wants 'right to be forgotten' for old email, urges Google and friends to expire, reveal crypto-keys

YetAnotherJoeBlow Bronze badge

Hmmm

That is who John Hopkins has as a professor in CS? Well now, that explains some.things concerning the quality of education. That is not computer science that is indoctrination.

When someone first brings up the statement "this is not partisan/political" it almost always is.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021