* Posts by bombastic bob

10507 publicly visible posts • joined 1 May 2015

Dog with 'psychotic tendencies' escapes home to poop on his neighbours' pillows

bombastic bob Silver badge
Trollface

Re: Bah!

this dog may be a case for use of shock collars - go outside the boundary, *ZAP*

and don't let the puppy eyes fool ya - behind those eyes is a PSYCHOPATHIC POOPER!

It also has that irritating concept of "be nice to the bully and he will stop" ANTI-logic. And rewarding for bad behavior. And a host of OTHER complete misconceptions.

[The dog's experience in the neighbor yard should be as unpleasant as possible, if he's inclined to tear things up and/or crap on pillows to mark his new "territory". THEN he will STAY away']

I understand that being IGNORED is sometimes the worst punishment for a dog... even a NEGATIVE response is better [to them] than NO response. This sounds like a job for... a PORTABLE KENNEL!

Lenovo superdishes not-so-superdosh for Superfish superloss: $40 waiting for you if you bought adware laptop

bombastic bob Silver badge
Meh

"Did you get Win-10-nic with ADWARE on it?"

now waiting for THAT class action lawsuit...

*crickets*

Here are another 45,000 reasons to patch Windows systems against old NSA exploits

bombastic bob Silver badge
Meh

Re: how about

sometimes article details are easy to miss. benefit of doubt. Still good advice. Shut that BLANKING EXCRETION (aka UPnP) OFF!

(cannot say that enough times)

OneDrive is broken: Microsoft's cloudy storage drops from the sky for EU users

bombastic bob Silver badge
FAIL

" the little picture of a paper aeroplane with a snubbed nose well and truly made up for my inability to get to all my fecking files."

Is there a collection of these someplace? It might be fun to "share" it in a snarky manner around 'teh intarwebs'.

So, at Micro-shaft, do they have *ENOUGH* *TIME* to draw these 'cutesy' "ooops ME BAD" types of "excuse" pics? But NOT! ENOUGH! TIME! TO! MAKE! THEIR! SERVICES! RELIABLE!!!

I'd say they need to "re-think their priorities".

Oh my chord! Sennheiser hits bum note with major HTTPS certificate cock-up

bombastic bob Silver badge
Coat

Just 'A minor' setback. It will 'B sharp' soon enough. Enough to 'C major' improvements.

Q: what has 17 flats?

A: An 18-wheeler with one good tire

coat, please

bombastic bob Silver badge
Unhappy

Re: Sennheiser does other stuff too

their headphones are really good. But yeah, good at headphones. not so much at network security.

Huawei MateBook Pro X: PC makers look out, the phone guys are here

bombastic bob Silver badge
WTF?

that assumes the pixel ratio is 1:1 - so is it 4x3 dimensions, but 3:2 pixels?

bombastic bob Silver badge
Linux

if it ships with Win-10-nic pre-installed, I won't want it.

Does it come with Linux?

(I assume it's not an apple clone)

Question: How fast is the Windows 10 October 2018 Update rolling out? Answer: Not very

bombastic bob Silver badge
Unhappy

sad

just sad.

The antisocial network: 'Facebook has a black people problem,' claims staffer in exit salvo

bombastic bob Silver badge
Devil

Re: The problem with Minority voices...

heh - shoutout for Diamond and Silk

I have to wonder whether these 2 ladies, and how they have been treated, were a significant part of the reason for the disgruntled employee's allegations...

thanks for bringing it up.

bombastic bob Silver badge
Thumb Down

Re: Global underepresented influencer strategic partner manager voice

OK - if you say 'no. just no' to letting EVERYONE say what they want, even if YOU do not like it, then who is to be the arbiter of what is 'hate speech' and what is NOT? And right now, that is Fa[e]cebook.

The only reasonable alternative is to stop being offended at everything, let people say what they want online, and STOP TRYING TO CONTROL EVERYONE.

'Hate speech' is what it is, and may or not actually BE "hate" depending on who the audience is. I think it's time for overly-sensitive people to just "let it go" and stop it with the SILENCING (read: being a CONTROL FREAK).

bombastic bob Silver badge
Meh

Re: Global underepresented influencer strategic partner manager voice

"I should have thought you'd be glad to know that victimisation wasn't reserved solely for your group."

well, I happen to want EVERYONE to have more freedom. and I don't do the identity politics thing. In fact I think _MOST_ people don't do the identity politics thing. But there's a loud majority who do, and they end up making headlines...

bombastic bob Silver badge
Stop

Re: "it’s pretty disappointing to see you share our private messages"

well, then, if you see it on 'teh intarwebs', assume it's in the clear. That goes double for FB and other 'social media' because "they" are watching EVERYTHING.

(oh but I missed the IRL face-face conversation being posted - well that tells ya something about FB execs doesn't it?)

That's probably the safe way to go. But you also have to be careful what you call 'hate speech'. For example, in Hawaii the industrial farms are called 'Plantations'. Using the word 'plantation' (particularly in THAT context) has NOTHING to do with slavery. So it's not hate speech to use the word 'plantation', unless someone cherry picks every word you use and decides it is, then reports you, because it makes that person feel better or something.

And THAT kind of nit-picky political correctness is PROBABLY at the root of the controversy. You betcha!

bombastic bob Silver badge
Meh

Re: Global underepresented influencer strategic partner manager voice

"where he focused on underrepresented voices."

I can imagine the likely political views of someone having THAT job description...

"black people have had trouble discussing issues among themselves, because other people are reporting these discussions as hate speech"

That sort of thing seems to happen to CONSERVATIVES a lot, too. Recently, an Iraq war vet had his Twitter account closed on him, with no clear reason as to why [they SAID 'term of use' violations, but I guess JUST BEING A CONSERVATIVE ONLINE is worthy of such treatment, to them]. After appearing on the Tucker Carlson show on Fox News, *AMAZINGLY* Twitter realized their mistake and RE-INSTATED the guy's account!!!

But I say - do NOT ban them. Let them say what they want. And that goes for everyone else, too. Even if it *IS* "hate speech".

/me observes it could ALSO be a form of passive-aggressive harassment, flagging what they say as 'hate speech' in order to SILENCE them.

Microsoft readies the swatter as more bugs wriggle out of the Windows 10 woodwork

bombastic bob Silver badge
Megaphone

Re: Right.

"Move fast and break things"

yes, about that... the 'file associations' problem. BROKEN for (certain? only?) Win32 applications. It's getting attention around 'teh intarweb'.

IMPLICATIONS: Micro-shaft is SLOWLY trying to ELIMINATE non-UWP applications!!!

You know they want it. You know that "legacy" Win32 support HAS to be IRRITATING them. They've already SLAMMED THE DOOR on EVERY OS they've made that doesn't have UWP (anything prior to Win-10-nic, even when customers WANT the older ones). They've CRAMMED as much as they can cram and put UWP CRapps in our faces as PANELS in the 'Start Thing'. What MORE can they DO to FORCE everyone to CHANGE to UWP? [other than make it worth our while]

Rumors have 'mongered' that it is Micro-shaft's long-term plan to KILL OFF WIN32. This would mean that ALL future applications are CRapps sold through "The Store", _AND_ it would KILL! OFF! WINE! and _ANY_ sense of compatibility for OLDER APPLICATIONS [that do not spy on you].

So, aside from a conspiracy, WHY would the latest (broken) build of Win-10-nic NOT allow Win32 applications to do FILE ASSOCIATIONS??? That is a basic feature of Windows that has been around since FOREVER...

Linux and FreeBSD (and maybe OS/X) may become the ONLY alternative for small-time application builders [and custom applications built within a corporation for its own use] to be able to install and run an application of your own design, and make it available for OTHERS to do the same [from a binary or source], _WITHOUT_ having to go through some "Store" or "code signing" nonsense to DO it!!!

(I used to like windows because you could do all of that, and wrote some windows applications for company-only use a few of times - but NOW, it's becoming obvious that Micro-shaft does NOT want us to have THAT kind of freedom, unless THEY are "in the loop" - and get their 'piece of the action')

bombastic bob Silver badge
Thumb Up

Re: Also breaks Windows iCloud client

a simple technique to stop the forced updates? I love it!

bombastic bob Silver badge
Trollface

Re: I can hardly believe another MS issue

"As a long time 'Linux user, I've refrained from commenting on the many recent Windows update bug articles."

Hasn't stopped ME from snarking all over it. In fact, having an outstanding alternative OS available, I can be a bit SMUG about it, too. Heh.

When Micro-shaft started that ".Not" initiative back in the early noughties, I knew they were heading the wrong direction. C-pound and Passport confirmed it. Since then I only use windows when I have to [like testing an application I'm working on for cross-platform compatibility - write it on FreeBSD or Linux, make it cross-platform so Windows can run it, too]. That and if a customer wants me to do something on winders...

bombastic bob Silver badge
Unhappy

Re: someone should do a spreadsheet (in Excel of course)

Maybe they could get around all of this by JUST patching 7 so that it supports the latest hardware and has no more (known) security holes, then release it as a service pack for 7, and extend support for a few more years. I'd actually *PAY* for that! [I'd get my UI back the way I want it, mostly]

Micro-shaft, instead, focuses on the "feature creep" in Win-10-nic and therefore wastes their efforts, while simultaneously FAILING at the thing they're ACTUALLY supposed to be doing (a RELIABLE operating system).

It's all wrong, now. It's gone horribly, horribly wrong.

bombastic bob Silver badge
Unhappy

Re: snip

"Are there any guidelines for UI design left in windows?"

something including the word "FEEL" most likely.

2D FLATTY monochrome FLUGLY with no 3D effects and sharp rectangular corners, low-contrast bright blue on blinding white, too much wasted screen real estate, and ambiguous shapes that act like hot spots for mouse-clicking because they want your eyes to wander around while you GUESS what to do, based on the complete lack of REASONABLE cues from the UI design.

Next, they'll use fingerpaint and crayons to design it.

What ELSE can you expect from a generation of PARTICIPATION TROPHY RECIPIENTS that are CONSTANTLY needing their self-esteem re-affirmed, and who've OBVIOUSLY taken over the asylum (otherwise known as windows development). Because if *THEY* *FEEL*, then *WE* *MUST* *ACCEPT* it. Because, they're Micro-shaft, and we're just "the end users".

bombastic bob Silver badge
Meh

Re: Paint.

They broke MS Paint in Windows 7 by adding "the ribbon".

Worth pointing out, MS used to call a release candidate "release to manufacturing" once the BUG RATE got low enough. I wonder if the CURRENT bug rate is low enough based on their OLD standards for things like Windows '95 ???

3ve Offline: Countless Windows PCs using 1.7m IP addresses hacked to 'view' up to 12 billion adverts a day

bombastic bob Silver badge
Meh

Re: And of course...

miscreants are miscreants. you find criminals EVERYWHERE

bombastic bob Silver badge
Devil

Re: "3ve" (pronounced "Eve".)"

l33t sp33k lost its "popularity" in the mid-2000's I think...

still useful for passwords, though

I google'd for 'leet speak generators" and got a bunch of hits. Seems a lot of people like to keep 'l33t sp33k' alive.

Oh, and good article. I think it's informative enough to generally know what to look out for with respect to computer security.

Check your repos... Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week)

bombastic bob Silver badge
Meh

Re: Debian vetting & trust

"That didn't work for fucking systemd, which idiot let that shit in.."

Yeah, well, I use Devuan to avoid systemd, and it derives from Debian. This doesn't mean Debian's practice of "being stable" isn't a really good feature of their distro (or the ones derived from it, like Devuan). There's still a choice.

bombastic bob Silver badge
Thumb Up

Re: Debian vetting & trust

"You don't see very many stories about malicious Debian packages."

YES!!!

'The bleeding edge' is highly overrated. Production servers need stability, not 'bleeding edge'.

bombastic bob Silver badge
Devil

Re: No software can be trusted

"But we can't trust your code, and that's what they were getting at."

A reasonable compromise (what we've been doing all along except for Node.js):

a) open source

b) well-tested prior to release

c) well-defined source snapshot identifying the release version (or fork in the repo, depending)

d) lots and lots of peer review

e) wait until the dust settles before upgrading to 'latest version'

Seems to have worked for me outside of this insane method of 'dynamic continuous update to bleeding edge' method being used for Node.js .

Linus has managed this with Linux for a long time. Having such a project manager makes a BIG difference. Having an official test+release system (and actual QA) does, too.

bombastic bob Silver badge
Meh

Re: Javascript

"Why did we ever allow this cr@p on our webpages in the first place."

Or in the back-end of a server, for that matter (i.e. Node.js).

JQuery and Node.js - the MALIGNANT TUMORS of 'Teh Intarwebs'.

There are better ways of doing these things. And they don't come with the *KINDS* of problems we see with client-side scripting (viruses, tracking, side-channel attacks, bitcoin mining) and server-side scripting with Node.js (single dependency update creating fail or malware on MANY servers at once).

Time for some CHEMO-THERAPY I say. Kill the tumor BEFORE IT GETS BIGGER.

bombastic bob Silver badge
Stop

Re: Build time internet dependencies are garbage

"Others outside your repo should not be able to break your builds."

ack

From the article: "This vandalism is a stark reminder of the dangers of relying on deep and complex webs of dependencies in software"

This is reason to STOP THIS PRACTICE FORTHWITH! (see icon)

'Teh Cloud' is WAY overrated here. More like "underestimated" [with respect to the damage it can do].

I know that _I_ do not want to be the mid-level software guy being phoned up at zero-dark-thirty because some _IDIOT_ 'chose poorly' and updated a Node.JS dependency. Blame goes on the one at the other end of the phone. "Not my fault" won't fly, either. B.S. rolls down hill, and now it's hit the fan!

[it's also why I won't use shared runtime libs with windows applications - static link or not at all!!!]

Microsoft reveals terrible trio of bugs that knocked out Azure, Office 362.5 multi-factor auth logins for 14 hours

bombastic bob Silver badge
FAIL

DDoS'able logins - who'd a thunk it?

Seems to me that having a login system that is _SO_ inefficient, and SO reliant on a single "provider", that a 30 second timeout on a login token is sufficient [under the right conditions] to create RACE conditions and other 'token expiration' related problems, that maybe... JUST maybe... the entire design needs to be COMPLETELY re-thought.

All eggs: one basket. Yeah, THAT isn't a recipe for FAIL !!!

It's COMPLETELY DDoS'able, as it only took "everyone flushing at once" (more or less) to cause the system to 'overflow' heh heh heh. Must've been REALLY fun in the basement bathrooms.

MSDN has a somewhat 'paranoid' security model as well, one that expires a download link after about 4 hours. This means that very very large files over moderate connection speeds CAN NOT COMPLETE DOWNLOADING. When Micro-shaft's IIS servers did NOT follow the RFC's (a couple of years back), you couldn't even pick up where you left off - it was 'start from the beginning again' every time. Fortunately, they fixed that last part, eventually... [making it usable again with proper browser plugins or through-the-hoop jumping].

NOW they're "at it again" with their "all eggs, one basket" approach to logins, and unrealistically short timeout periods on the tokens, not allowing for very busy networks, slow connections, or DDoS attacks.

Wheeeee.

this reminds me of a computer back in the late 70's that had an old-style 12" floppy drive connected to a serial terminal (access via serial and control chars on a shared serial line at 1200 baud). A grad student wrote an application in BASIC that allowed you to store things on it [inefficiently]. But, if the mini-computer had more than a handful of users on, when you tried to retrieve your stored files, you'd get buffer overruns and lost data. Often it was COMPLETELY unusable. I re-wrote a new version in assembly language that had proper buffering [and an actual file system on the disk]. I'd ask the drive for ONLY a track at a time (not 'flood me with all at once'), which fit nicely into the mini-computer's serial buffer, and no data was lost, even if the system was THRASHING because of too many users.

Anyway...

Seeing as Bitcoin is going so, so well, Ohio becomes first US state to take biz taxes in BTC

bombastic bob Silver badge
Meh

Re: Made for money laundering?

I think your initial idea is plausible, but some of your examples, not so much.

Keep in mind that only Ohio residents will be able to do this. People outside of Ohio won't be paying taxes there [unless it's a business with a presence there, in which case 'Ohio resident' for that part of the business].

Business taxes [like license fees] usually aren't that much. It's not like income taxes which, for an S corp (or LLC, pretty sure), you pay with your personal taxes plus whatever your state demands of you [in the case of Cali-fornicate-you, a minimum $800 tax].

So the amount being paid with bitcoin is probably very small. And as it's taxes owed to a state, it's probably not practical to launder bitcoin income this way. And I really don't think they'll except gross overpayments. I've never thought much about it, but I'd guess that you would have to pay it as "extra withholding for next year" or something. There's ways to do THAT in lieu of a refund, for example. But getting a whopping tax refund because of a gross overpayment will probably get you an audit. Saying you owe the money when you don't is grounds for perjury, believe it or not. And if you're laundering bitcoin, you do NOT want an audit.

So yeah, actually making use of tax payments for money laundering, not practical. Probably just as well, right?

bombastic bob Silver badge
Devil

Re: Paying taxes on credit *can* be a good idea

actually for a payment plan, if I remember correctly, IRS interest is 7% [flat rate] per annum. It's really not that bad [they just want the money]. I think the interest rate the IRS charges is related directly to the payment on bonds and other such things, so you're basically paying the IRS to borrow money on your behalf and then paying them an interest on that borrowed money. Or something like that.

Using a credit card is convenient, though, and keeps the IRS off of your back. I've done it, then paid it off swiftly. If you don't have it "in the bank" at the time you do your tax payment, it works. But yeah, transaction fees normally paid by the party receiving the credit card payment are added on top of the payment, thereby [essentially] having YOU pay the transaction fees as well as the balance owed. Really, not that bad.

bombastic bob Silver badge
Meh

Re: Not a good idea, Ohio

yeah, having that 3rd party do the currency exchange changes the game a bit. But certainly no government entity should accept currency other than that of the government they're part of, in this case the U.S..

Bitcoin really is 'a foreign currency' as far as all things are considered, from taxation to banking regs. But I don't mind a dedicated 3rd party for exchanges. It simplifies the overall process that way. That's better than an actual gummint entity mucking with exchange rates and instability of the currency, at any rate.

Great Scott! Is nothing sacred? US movie-goers vote Back To The Future as most-wanted reboot

bombastic bob Silver badge
Devil

Re: Bah!

"new ideas on worthwhile subjects (eg First Man) are playing to almost empty theaters."

Apparently, they forgot the 'magic stuff' that was in 'The Right Stuff' and 'Apollo 13'. And 'The Martian'. Yeah, that too!

I suspect I know what it is, though I haven't actually SEEN that movie to confirm it. Maybe I'll get the DVD later, when it comes out. I usually like space movies. Hopefully I'll like 'First Man' too.

(pssst - it's RUGGED INDIVIDUALISM and/or PATRIOTISM - the controversy over saluting the flag and then removing that scene from the theatrical version - this may be driving the low turnout. As observed by someone who was *ALIVE* *IN* *1969* and watched EVERY launch and landing that was televised)

bombastic bob Silver badge
Meh

Re: 'Today's films are made to be "woke"'

not all films, obviously. just too many of them, In My Bombastic Opinion.

When I see a movie I want to be entertained, *NOT* guilted, manipulated, nor nauseated [unless it's really good 'bloody guts' special effects or something like it in a horror genre].

This is the first time I've heard the term 'woke'. 'Woke' from WHAT exactly? [no don't answer, it's rhetorical]

bombastic bob Silver badge
Devil

Re: Reboot Avatar? Yuck!

yes, the comparison between how American Indians were treated in the 1800's was painfully obvious in Avatar. However, the movie was still entertaining, and had a fairly standard plot of 'oppressed vs oppressor'.

When it's entertaining, I can overlook the underlying SJW'ness. Choke the bile a bit and wash it down with popcorn and soda. Or if I'm at home, pizza and beer. Or tequila.

bombastic bob Silver badge
Devil

forcing women into 'remake' character roles

"This time, 'Marty' will be a woman"

This would, after all, empower Holly-weird SJW-types to forcibly cram "this is how it was in the 1950's which is why we do not return to it" exaggerated 'misogyny' (their definition of it). As entertainment. And indoctrination.

and when THAT kind of thing happens, their ticket sales reflect audience desire to NOT have politics crammed at them when they go to the movies to ESCAPE it...

There seem to be a lot of crapsack-world post-apocalytpic movies, too. Where's the _ENTERTAINMENT_ in THAT kind of "doom/gloom" everywhere? I thought people went to the movies to have FUN? ['feeding the WRONG wolf', to quote another movie that's QUITE a bit more positive, something that was NOT a remake, either - it sets the doom/gloomers up as either the BAD guys, or those who've given up, and the young millenial protagonist as AN OPTIMIST, despite everything]

bombastic bob Silver badge
Devil

Re: Hmm.

"Bladerunner, Total Recall, Ghostbusters, all kinds of things have been ruined by re-makes."

Add 'The Day the Earth Stood Still'. A perfect example of why NOT to do a remake.

Klaatu. Barada. Nikto [mumble mumble mumble]. Heh.

(I hear "they" wanna do a remake of THAT movie, too - the one where the protagonist says that shoutout phrase like a magic incantation, improperly, and comedy ensues - I have the DVD but for those who haven't seen it, let them google for it, heh)

bombastic bob Silver badge
Devil

Re: what the people want

"but it's all too crude and/or violent."

And therefore, FUN (instead of 'saturday morning schlock for the widdle kiddies').

ESPECIALLY nauseating when the aforementioned SCHLOCK contains all of those 'parental lessons' embedded within them. [cartoons are supposed to be FUN, not an attempt at Disney doing parents' jobs for them].

/me fondly remembers Animaniacs, which I have the great fortune to have seen for the FIRST time as an adult [so I got all of the jokes].

bombastic bob Silver badge
Unhappy

Re: what the people want

the CGI version of 'Steamboat Willy' is probably on the table, someplace...

Office 365 Exchange enjoys a less than manic Monday. Users? Not so much

bombastic bob Silver badge
FAIL

All eggs, one basket.

everybody KNOWS that all eggs in one basket is a bad idea. It's just that the siren song of "The Cloud" drowns out the reality that it's still, one VERY LARGE basket.

And when that basket goes TITSUP and FUBAR, the eggs are broken. Ooops.

(captain obvious)

got Libre Office?

Groundhog Day comes early as Intel Display Drivers give Windows 10 the silent treatment

bombastic bob Silver badge
Trollface

Re: 24.20.100.6344

You STILL get sound? What ritual did you perform in order to get this to happen? It must have involved at least one rubber chicken and man wearing armor...

bombastic bob Silver badge
Linux

Re: Audio applications

I've heard good things about a couple of open source DAW's that run on Linux. You could dump windows ENTIRELY and NOT have to maintain 'bleeding edge' hardware because their OS demands it...

bombastic bob Silver badge
Devil

Re: Bombastic Bob...

one of my loving fans? THANK you!

bombastic bob Silver badge
Unhappy

"start afresh with a completely fresh slate"

Please... NO! Not with *THIS* group of "developers". Look what they did to 8 and 10, when they had a perfectly good 7 that they could've just MAINTAINED.

I can't imagine the horrors of a 'start from scratch' based on their current history...

bombastic bob Silver badge
Unhappy

Re: MS : From bad to worse to pathetic

Yes. After THIS many failures, it has stopped being funny, and has NOW graduated to PATHETIC. And, PITIFUL. And, SAD.

Micro-shaft, GET A CLUE, will ya? Stop 'majoring in the minors' and GET BACK TO BASICS.

You know, like it was with 7. And XP. All of that 'feature creep' in Win-10-nic, and you can't even get the BASIC FEATURES (intel drivers) right. *FACEPALM* "Ay,yay,yay,yay,yay..." (like Desi Arnaz used to do on 'I Love Lucy')

An updated version of 7 (just tweeks for new hardware), with an extended support period. That'd be worth purchasing. Hint.

Malware scum want to build a Linux botnet using Mirai

bombastic bob Silver badge
Linux

Re: It's 2018...

yeah, I think most people just recognize that Linux has NOT been a target because criminals go for the low hanging fruit, and don't want to do anything that requires actual work nor thinking to accomplish.

and I got my 'lame honeypot' listening on 8088 now (simple inetd invoke 'echo' to send back a "go away" message). I 'allegedly' did the same kind of thing for 'code red' back in the day. Perhaps I could study this a bit and have it [allegedly] do some kind of command/control back to the SENDER [assuming it to be exploited Hadoop server] and [allegedly] SHUT IT DOWN. But that might be considered *illegal* gray-hat activity so I wouldn't actually DO that, and (gutless disclaimer) you shouldn't either (nudge nudge, wink wink, know-what-I-mean). But then again _I_ lack the knowledge of how Hadoop works. Just finding the TCP port took a bit of time and search-fu, and if I'm right and it _IS_ tcp port 8088 then all is well and I'll just tie up the botnet trying to exploit my non-Hadoop server box and maybe log it if I'm in the mood...

bombastic bob Silver badge
Devil

using TCP port 8088?

something that can be looked at in logs...

according to THIS web site (a google cache of a web site that wouldn't load with noscript, because, nginx and scripty requirement) the telnet port 8088 is being used in the YARN exploit of Hadoop. Also apparent, this has been going on for a while and just recently had a nice big uptick in activity (the article was from 11/15).

Apparently they had some honeypots set up listening on this port, and were attempting to identify variants of the thing worming around 'teh intarwebs'.

ah well, there goes my "over 9000" lame meme joke

bombastic bob Silver badge
Facepalm

Hello the 90's called

and your Linux system has an insecure telnet server running???

icon for facepalm reaction

I google'd a bit, thinking that maybe there was something out there about telnet and hadoop, and I kept seeing something about port 9000 and not being able to connect to it. Seriously, what's up with the telnet anyway, or is this just being used as a troubleshooting tool (and now, attack vector)? I hope that it's not actually USING a telnet-based command/config thingy but who knows...

/me withholds the 'meme-worthy' reference regarding the number 9000 - dunno if it would actually really apply in this situation.

It might be interesting to know exactly what it is this vulnerability is dealing with, something I can't seem to find with a simple search [and I have no need/desire to install Hadoop in a VM just to see what's up with it].

Real talk: You're gonna have to get real about real-time analytics if you wanna make IoT work

bombastic bob Silver badge
Devil

high speed moving average

one way to accomplish a nice high speed moving average (using integers, even) would be to do something like this:

int accum = 0; // accumulator, in this case stores "impossible" value

...

void loop(void) { int value = read_data();

if(!accum) accum = value; else accum = (accum * 7 + value) / 8;

send_data_to_the_web(accum); time_delay(); }

that way you can respond quickly to changes, but also use a moving average to help get rid of noisy data. It's also simple enough (using integers) in a way that approximates a weighted moving average with an infinite period. [I've done things _like_ this for _years_, so it's nothing new, really]

That being said, it's a possible solution for the data 'noise' and averaging problem. The sensor would do the calculation and send the 'crunched' value to the server. If you need the raw value too, you can still send both. But this also makes scanning for 'alarm' conditions easier, because the 'crunched' value will already be stored on the server [well, ideally].

Did you hear? There's a critical security hole that lets web pages hijack computers. Of course it's Adobe Flash's fault

bombastic bob Silver badge
Trollface

Re: Type confusion and with-scope pointer caught exception

but I'm sure it INSTALLED UNWANTED CRAPWARE just fine, when you attempted to upgrade it...

(what part of "must you make me UN-tick those boxes EVERY! SINGLE! TIME! ???" did you guys NOT understand the LAST time I sent flame-mail over this???)

ok it's been a while since I actually INSTALLED (or upgraded) flash, maybe 5 years or more - it was still doing that, right?

bombastic bob Silver badge
Happy

Re: GOAT?

"I hope they end up open sourcing it just 4 teh lulz."

along with a full source control revision history, including uncensored programmer commit comments