Posts by bombastic bob 10283 publicly visible posts • joined 1 May 2015
After looking at the TLDR article (linked to from this one) I can see how a stack overflow was used to read the password file in 'etc' (if I type the path I get prompted with a captcha). A proof of concept exists, then. Yeah, not good.
But _I_ don't want to see Ghostscript go away any time soon, so _I_ am calling for it *NOT* to be 'dumped'! It's too useful. Just fix it.
"Should we disable all javascripts on unknown sites? I'm tempted to say yes, we should."
THAT should be "the default" in EVERY browser. imagine how much fixing would happen to 'teh intarwebs' if MOST people could see just how bad the script proliferation is (and DISABLED it)!
But yeah, NoJS and NoScript need to be installed, if not already, because browser makers didn't get the clue-memo
/me would make this a standard feature of ANY web browser, in addition to regex/glob URL blocking (anything with 'metrics' or 'ad' in its name, for example) and the blocking of sites that specify an IP address instead of a URL, cookie white-listing, and 'in memory only' cookies for everything else so they behave like session-only cookies.
sometimes you might have an elderly person (or someone with a bad hangover or drunken state, etc.) getting scammed in a moment of weakness, caused by disease or medications.
Some medications prescribed to elderly patients can affect their thinking and cognitive skills in ways that are actually frightening. Catch someone in 'that state' off guard, someone who would normally NOT be susceptible to being scammed, and that's no fault of the victim. Then again, I don't blame victims of crime anyway... (though it never hurts for them to be 'street smart' instead of victims).
whatever you do, it is necessary to directly tie-in their successful support (as measured by the client) to the length of their sentences, with automatic extensions as needed to fulfill the requirement.
(or would that be 'cruel and unusual'? I'm thinking Dante's Inferno here, the same kinds of poetic justice he imagined for various kinds of sinners)
"There must be an app for that, in our mobiles..."
I like it... I should do that, put in 'droid store for free. too bad it won't work on my land line, though.
I actually stopped answering my landline phone unless I recognize who it is on the answering machine speaker. No ringer either. Just goes to answering machine after FOUR RINGS (the maximum setting). The message starts off with an impersonation of 'The Big Bopper' saying "HELLoooo, BaaaayBY!". It's intended to flip the "hello" sensors in the robo dialers. Then it thanks friends/family for calling, please leave a message etc. and "For the rest of you, THIS NUMBER IS ON THE NATIONAL DO NOT CALL LIST". A lot of them hang up at exactly that point. And I'm glad if I wasted even a little of their time.
"In Ye Olden Dayes I used to keep a rape alarm next to the telephone for busting the eardums of scammers. Wish there was an Internet equivalent."
get an old modem, and hook up a microcontroller with a button that puts it into 'answer' mode. "that tone" is ear splitting.
I was getting harassment calls at one time, started doing that consistently (put modem into answer mode) from the command line on a computer. Calls stopped.
"There must be 100+ IP addresses committing crimes"
yeah there must be a zillion people committing OTHER kinds of crimes, too. I guess we should just let them get away with it... NOT.
Sorry, I don't buy that at ALL. I say, nuke 'em 'till they glow (then shoot 'em in the dark)
/me thought I heard a whiny voice saying 'law enforcement is TOO HARD'
I quote Charles Bronson from one of the 'Death Wish' movies, while he makes his own bullets: "Nothing is too good for our friends!". Along with Deadpool, excellent vigilante movies!
Did I say 'vigilante'? I sure did!
/me every once in a while goes over the 'Fail2ban' logs and reports one of the IP addresses, particularly if they show up more than once within the last day or 2.
keep in mind you can't *legally* back-hack someone. I know, it should be covered by "self defense" and "stand your ground", but there you go. Laws are usually written by idiots and people with agendas.
Although a bit of 'grey hat' hacking can be useful.
Example: back in the 'code red' days, the code red infected machine basically had a port open that went directoy to a CMD shell that would run in the background. You could, in theory, send a web request that would invoke CMD with commands of your choice [this was the big problem with code red, the big back door].
Any machine attempting to infect (your Linux box - ha ha ha ha ha) would have a particular signature. Using that IP address, you could (in theory) "back hack" it and shut down the web server. This would stop the infection in its tracks, as it was memory resident only unless someone altered the system after the fact. Of course, you could *ALSO* pop up a message box on the console saying "you are an idiot, patch your code-red infected IIS server" or similar, or maybe leave a text file on the desktop called "IDIOT.TXT" or similar. Heh. (it wasn't me, I just heard about it)
On a related note, 419 scammers have been trolled in similar ways. I really like that 'Africa' video that features photos of Nigerian 419 scammers holding up signs with lyrics from Toto's 'Africa'. Crowning moment of awesome! So why not troll the phishing scammers, too? Spectator sport, even!
"Deadpool is the greatest supah hero ever!"
I think so too, although, technically an ANTI-hero since he's not a boy scout type. Batman would _also_ be considered an 'anti-hero' in most cases.
This whole exchange reminds me of the background music from a particular fight scene in Deadpool 2 - "Fighting Dirty".
Fighting Dirty (repeat several times)
You can't stop him. He's the BOFH
You can't stop, this @#$%^*(
Holy $#!+balls (repeat)
ok I had a bit of artistic license with 'BOFH' but still, it applies in this case, right?
NOTE: I'd normally insert the real profanity, but sometimes it's funnier to use punctuation substitution, and it's also a bit more 'work safe'
how effective are non-google search engines? Well, 99% of the time I'm using 'duckduckgo' and only occasionally do I re-enter a query for google, and when I do, I don't log in with any kind of google login. So it's as anonymous as can be (and I assume they're watching everything I do).
Occasionally I'll pollute their metrics by making scripted requests of things that should cause red flags to appear someplace... heh heh heh
"Googles gives you:" (snip details) "all of that FOR FREE"
Not "for free". When our personal data and privacy are "the commodity", that's the cost of using their services.
Far from 'FREE'. Although, they DO give that particular perception of 'free', don't they? At least, on the surface...
"The truth.Switch to Firefox."
Until that, too, does the same thing. What happened in 57 is a case where plugins were deliberately broken. Once money is involved, it'll happen with FF, too.
"most websites are getting wise and are limiting access to content when you use a tool like No Script which will also block ads"
No, just certain hosters do this by putting the re-direct in a script when you first load "the thing". then you get that stupid 'Forbidden' error page instead of the content. So I'll either look at google's cached version, a web archive version, or "not at all" in response to their STUPIDITY.
If they want MY business, they need to stop PUTTING SCRIPT IN ADS, for starters. The problem is the PREVALENCE OF SCRIPTING in web pages. THAT needs to GO! AWAY! !!!
Let's put it all into perspective here....
Micro-shaft **RUINED** the Windows UI for their "One Windows, Everywhere!" campaign.
And now, the *ONLY* reason that a 2D FLATTY McFLATFACE FLATSO "The Metro" "Start Thing" CRAP INTERFACE exists AT ALL (in Windows) in the FIRST place, is being taken out to the woodshed and SHOT!!!
And, let the abominable horror of THAT little factoid sink in for a bit...
'WIMP' interface RULES. FLATTY FEELY interface *STINKS*. Except for phones and slabs. And they all run Android and iOS. And a WIMP interface needs 3D SKEUOMORPHIC THINGS on the desktop.
MICRO-SHAFT GET A FREAKING CLUE AND FIX WIn-10-nic's INTERFACE BACK TO LOOK LIKE 7!!!
with respect to "a free tool that it hopes will let devs prototype UWP XAML for user interfaces"
One more CLIPPY clone and I think I'll *EXPLODE* [ok maybe it's not clippy but still... did they NOT see that one scene from Salmon Days when the BOFH started wrestling with Clippy screaming "I AM NOT! WRITING! A @#$%ING! LETTER! YOU STUPID @#$%ING PAPERCLIP!"]
The tool would HAVE to be FREE, because NO self-respecting developer would EVAR *PAY* for such an abomination!!!
UWP needs to be killed to death by burning it with FIRE.
So-called 'global warming' (this cycle) stopped at around 2010. It's all cooling now, will continue for the remainder of the bottom half of the ~70 year cycle. Yeah, it's a cycle. Like most things in nature. And it's not created by humans. There's also a 500 year cycle in the northern hemisphere, and 2000 was at or near the peak of THAT one, too. You know, 1000 AD warm, 1250 AD cold, 1500AD warm, 1750 AD cold [the Thames froze, and 'Valley Forge' happened], 2000 WARM, etc. and also the 70 year cycle... 1900 cold, 1935 warm, 1970 cold, 2005 warm, 2040 cold...
That's right. No need to panic. Coffee will be around for as long as people grow it.
/me sips cappuccino and moves onto something that actually matters
"dinosaurs who refuse to evolve"
name ONE example (fine to do it in your own head, no need to dox anyone). In any case, I call "straw man" on THAT one
But I can cite SEVERAL recent examples of projects/products gone horribly wrong because the tech allegedly "evolved" but really went into a spiral pattern that encircled the drain... because, as far as I see it, too many of the experienced people LEFT and "the children" took over.
You know, like the cluster-blanks of:
* gnome 3
* Windows 8 and then 10
* Mozilla (post-Australis)
* systemd
[just for starters, anyway]
youthful arrogance, indeed. With plenty of 'enthusiasm' I'm sure. And degrees a-plenty. But a degree is only "proof of potential". *EXPERIENCE* is proof of CAPABILITY!!!
"Corporations are corrupt"
No, SOME people who RUN corporations are corrupt. The corporations themselves are just entities that exist on paper for accounting, tax, and liability purposes.
And it's highly likely that even YOU work for "a corporation", dontcha? So where would you get a job if not FOR "a corporation" ?
A small number of (apparently) evil+greedy+self-centered people slither up the power hierarchy in order to fulfill their evil goals and desires. It's been that way forever. This time it looks like they got caught engaging in age discrimination. Let's hope others will be motivated to NOT do such things in the future.
and in that alleged 'equal opportunity' list it conspicuously didn't include AGE... because, of course, <begin snark> _SOME_ people don't recognize the benefit of having done things "like that" before, aka experience is worth more than youth, because, 'cheaper' is not necessarily better. You get what you pay for.
And, most likely, some bean counter would say "how come this 50-something is earning twice what a 30-something earns?" (without regard to actual work output or quality, of course).
Obvious Answer: he's worth every dollar/GBP of the additional salary. Bean counters don't know this of course. They're too busy counting beans.
But yeah older people know what they're worth, too, so you won't get them to work for peanuts. Bean counters hate that, but they're (thankfully) NOT the hiring managers. And HR (and the bean counters) need to get out of the way of a company's success.
But on a lighter/snarkier note...
Q: How many HR people does it take to change a light bulb?
A: Irrelevant. HR never does any REAL work, even something as simple as changing a light bulb. But they'll happily "screen" hundreds of applications, spending WEEKS on filtering out anyone who doesn't have at least a Master's degree in a "relevant field", ignoring anyone who's been a light bulb changer for 50+ years, maybe even INVENTING the light bulbs that are replacing the old ones, because the application and/or resume/CV doesn't have the right "key words and tricky phrases" in it, because in HR they're all a bunch of anal retentive pencil-pushing un-creative types that fear going outside of the lines/box for ANY reason, at ANY time, even if it's common sense to do so, the type of people who would need to read a procedure and check off all of the rules and regulations in order to take a dump...
(OK I'm done venting)
Shoe Phone - that was Maxwell Smart's phone, from 'Get Smart'. And that show was created by Mel Brooks and Buck Henry as an obvious spoof on James Bond.
"Sorry about that, Chief!"
"They you make the prompt: 'Type the nth letter of the previous sentence to continue'."
Hell, make it like old school copy protection on a game, where they tell you to go to page 'N' in the printed manual and type the 4th word on the 2nd line of paragraph 2 and enter it to continue.
(yeah, that'll teach those users!)
Win-10-nic has that "cloudy" Microsoft Logon (a descendent of the old 'Passport' idea from the early noughties when they STARTED that ".Not" nonsense). The idea was "one logon to rule them all" etc. everywhere you go. It's probably tied to support requests, somehow....
Right now it's support tickets (allegedly with no identifying info) where "things" are leaking out. What's next? If everyone using a 'Microsfot' computer is being TRACKED via the "cloudy" login, are "partners" able to view that info in real time? Is that data going to be 'exposed' too? Today, support tickets. Tomorrow, ???
Truly Google wants to "make a buck" and their CUSTOMER (China) wants something specific. Can you blame them for wanting to do business?
Ethical questions regarding business choices aside, SOME businesses are ostracized and criticized and even SUED for sticking to THEIR "morality" (at least in the USA).
So which is it for Google - do the 'Dragonfly' for their customer, because they're NOT putting morality in front of business? Or do NOT do the 'special' search engine, thus "discriminating" against them?
Rock meet hard place. Damned [whether you do or do not].
the 'desire' paradigm is a good one. I was thinking about a way to have it mimic the behavior of something that's alive, whether human or pet or creature in nature... 'desire' covers that, I think.
It's a good idea, though, having a set of high level "instructions" that a 'desire' compiler can initiate to satisfy that 'desire'.
I haven't built a bot yet, but I envisioned one having a master control with lots of local controllers handling the load of peripheral control. So the master controller would tell the arm to "move to this spot" and the arm controller would work out the best way to do that. I suspect that a 'desire' compiler would be similar.
I expect that ANY kind of 'guarantee' of severance pay is going to be a hiring 'hurdle' and affects the bottom line, so it ALSO affects your pay level. I'd rather take the risky path, work as a contractor, and get paid better for it, with the occasional unpaid vacations that you can generally plan for.
keep in mind - taxing businesses, putting employment requirements on businesses (from requiring they pay for benefits, give certain levels of vacation, or pay you for severance) is ONLY going to increase the costs to employers, which affects the bottom line, and ALSO causes them to limit their hires accordingly [and then WORK YOU HARDER to compensate]. This same argument can be used to explain why a minimum wage is ALSO bad, because it fixes the cost of hiring at something HIGHER than what a job might be worth...
'lean' isn't necessarily a precursor to sell-off. It's more likely just standard operations.
a) you hire a boatload of people [usually as contractors] to perform a specific task, like product bring-up.
b) once their task is complete they're "let go" [unless you have some other task to do]
c) you enter 'maintenance mode' on this newly brought up "thing", which has a smaller staff focused on different *kinds* of things.
d) sometimes you bring back or laterally transfer laid off "development" engineers to do the "maintenance" phase but it's going to be a smaller number of people, regardless.
It's the way engineering works. I've dealt with this as a contractor for a very, very, long time. You have to plan for it and work with it, not against it. Sometimes a successful project looks SO good you're snagged up by the next guy very quickly.
However, in Cali-fornicate-you at this time, things aren't so good (I'm avoiding the explanation as to why, though it involves the 2018 election results, among other things). So it might mean "re-locate to Texas" for those guys. I'm actually looking at that possibility myself...
In any case, if you want the 'big bucks' being on the cutting edge of engineering (in this case, rocket science), it comes with short-term and long-term contracts and occasional layoffs.
/me points out, most specifically for the millenials, that a job is *NOT* an entitlement. It is an agreed upon fair exchange of work for money, and is NOT a guarantee. Competition determines who gets hired and who gets fired, like a form of 'natural selection'. You can call this 'social Darwinism' if you want to. Because it _IS_. And, it is as things SHOULD be.
looks like support of the oldie-but-goodie Python 2.7 breaks their usual "new, shiny only" paradigm.
Let's hope similar kinds of thinking will leak out into the OS section, such as SUPPORTING WINDOWS 7 BETTER. AND LONGER. Because CUSTOMERS WANT IT. And maybe let us BUY IT LEGALLY pre-installed on NEW computers with NEW architecture (in lieu of Win-10-nic). And so on.
I've used scp many times from "the outside world" into my local LAN, as well as conveniently moving files from one machine to another. sometimes it's faster to use scp than rsync, sometimes not. but yeah they both work.
I DL'd the 'manual patch' and did a test-apply to FreeBSD -CURRENT (which has 7.8) and it seems to apply without TOO much griping, but I didn't try to actually build it. However, I submitted a bug report with the article's URL (and the patch's) to get the devs' attention since it's apparenlty NOT patched in FBSD's version of openssh... (that and mentioned it a whole lot in a dev-related IRC channel, but everyone's apparently asleep right now so it'll be there when they wake up in the AM I guess)
Icon because, well, FreeBSD. And I would assume OS/X is affected as well, since it's based on the FBSD userland from a while back...
yeah, that's something that China's government needs to re-consider, whether "communistic practices" like trying to police and spy on everyone is actually 'a good thing'.
Perhaps they'd do so much better by providing quality goods and services at low, low prices? OK that's capitalistic, but still...
@lesession
"Presumably you're also still using a 14 inch CRT television, your telephone has a rotary dialler on it and a wire attaching it to the house, and your car has none of those new-fangled parking sensors and seatbelts and airbags"
This is PRECISELY the kind of ARROGANT attitude that WAY TOO MANY fanbois of Win-10-nic have...
Incidentally, those of us who REFUSE to EMBRACE the Win-10-nic are NOT luddites. We're actually SMARTER than the average Win-10-nic user.
/me withholds comment about Win-10-nic fanbois being "sheeple" and having no will of their own...
interesting, at this point in time the up-to-down-vote ratio of 'TheGriz's post is approximately 2:1 in favor of 'TheGriz's opinion [which I also agree with - see icon].
My unofficial estimates of the disapproval:approval ratio of various Win-10-nic "features" also shows about a 2:1 ratio of people who HATE them vs people who (apparently) LOVE them [and are also ARROGANTLY insisting that everybody ELSE love them, too, or just shut the hell up about them because, "modern"].
Unfortunately, it seems too many people are just willing to TOLERATE these features, anyway, because, effective MONOPOLY.
ack, he could've lit flaming dog poo on the doorstep of the doctors who DARED to overstep the civil rights of the teenager and her parents, or organize an irritating demonstration, or something similar [with cameras rolling, etc.] and had more effect without going to jail for it.
It was wrong what EVERYONE did. DDOSing a hospital isn't a "cure".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
