Posts by bombastic bob

Re: Also breaks Windows iCloud client

a simple technique to stop the forced updates? I love it!

Re: I can hardly believe another MS issue

"As a long time 'Linux user, I've refrained from commenting on the many recent Windows update bug articles."

Hasn't stopped ME from snarking all over it. In fact, having an outstanding alternative OS available, I can be a bit SMUG about it, too. Heh.

When Micro-shaft started that ".Not" initiative back in the early noughties, I knew they were heading the wrong direction. C-pound and Passport confirmed it. Since then I only use windows when I have to [like testing an application I'm working on for cross-platform compatibility - write it on FreeBSD or Linux, make it cross-platform so Windows can run it, too]. That and if a customer wants me to do something on winders...

Re: someone should do a spreadsheet (in Excel of course)

Maybe they could get around all of this by JUST patching 7 so that it supports the latest hardware and has no more (known) security holes, then release it as a service pack for 7, and extend support for a few more years. I'd actually *PAY* for that! [I'd get my UI back the way I want it, mostly]

Micro-shaft, instead, focuses on the "feature creep" in Win-10-nic and therefore wastes their efforts, while simultaneously FAILING at the thing they're ACTUALLY supposed to be doing (a RELIABLE operating system).

It's all wrong, now. It's gone horribly, horribly wrong.

Re: snip

"Are there any guidelines for UI design left in windows?"

something including the word "FEEL" most likely.

2D FLATTY monochrome FLUGLY with no 3D effects and sharp rectangular corners, low-contrast bright blue on blinding white, too much wasted screen real estate, and ambiguous shapes that act like hot spots for mouse-clicking because they want your eyes to wander around while you GUESS what to do, based on the complete lack of REASONABLE cues from the UI design.

Next, they'll use fingerpaint and crayons to design it.

What ELSE can you expect from a generation of PARTICIPATION TROPHY RECIPIENTS that are CONSTANTLY needing their self-esteem re-affirmed, and who've OBVIOUSLY taken over the asylum (otherwise known as windows development). Because if *THEY* *FEEL*, then *WE* *MUST* *ACCEPT* it. Because, they're Micro-shaft, and we're just "the end users".

Re: Paint.

They broke MS Paint in Windows 7 by adding "the ribbon".

Worth pointing out, MS used to call a release candidate "release to manufacturing" once the BUG RATE got low enough. I wonder if the CURRENT bug rate is low enough based on their OLD standards for things like Windows '95 ???

Re: Global underepresented influencer strategic partner manager voice

"where he focused on underrepresented voices."

I can imagine the likely political views of someone having THAT job description...

"black people have had trouble discussing issues among themselves, because other people are reporting these discussions as hate speech"

That sort of thing seems to happen to CONSERVATIVES a lot, too. Recently, an Iraq war vet had his Twitter account closed on him, with no clear reason as to why [they SAID 'term of use' violations, but I guess JUST BEING A CONSERVATIVE ONLINE is worthy of such treatment, to them]. After appearing on the Tucker Carlson show on Fox News, *AMAZINGLY* Twitter realized their mistake and RE-INSTATED the guy's account!!!

But I say - do NOT ban them. Let them say what they want. And that goes for everyone else, too. Even if it *IS* "hate speech".

/me observes it could ALSO be a form of passive-aggressive harassment, flagging what they say as 'hate speech' in order to SILENCE them.

Re: "3ve" (pronounced "Eve".)"

l33t sp33k lost its "popularity" in the mid-2000's I think...

still useful for passwords, though

I google'd for 'leet speak generators" and got a bunch of hits. Seems a lot of people like to keep 'l33t sp33k' alive.

Oh, and good article. I think it's informative enough to generally know what to look out for with respect to computer security.

Re: No software can be trusted

"But we can't trust your code, and that's what they were getting at."

A reasonable compromise (what we've been doing all along except for Node.js):

a) open source

b) well-tested prior to release

c) well-defined source snapshot identifying the release version (or fork in the repo, depending)

d) lots and lots of peer review

e) wait until the dust settles before upgrading to 'latest version'

Seems to have worked for me outside of this insane method of 'dynamic continuous update to bleeding edge' method being used for Node.js .

Linus has managed this with Linux for a long time. Having such a project manager makes a BIG difference. Having an official test+release system (and actual QA) does, too.

Re: Javascript

"Why did we ever allow this cr@p on our webpages in the first place."

Or in the back-end of a server, for that matter (i.e. Node.js).

JQuery and Node.js - the MALIGNANT TUMORS of 'Teh Intarwebs'.

There are better ways of doing these things. And they don't come with the *KINDS* of problems we see with client-side scripting (viruses, tracking, side-channel attacks, bitcoin mining) and server-side scripting with Node.js (single dependency update creating fail or malware on MANY servers at once).

Time for some CHEMO-THERAPY I say. Kill the tumor BEFORE IT GETS BIGGER.

Re: Build time internet dependencies are garbage

"Others outside your repo should not be able to break your builds."

ack

From the article: "This vandalism is a stark reminder of the dangers of relying on deep and complex webs of dependencies in software"

This is reason to STOP THIS PRACTICE FORTHWITH! (see icon)

'Teh Cloud' is WAY overrated here. More like "underestimated" [with respect to the damage it can do].

I know that _I_ do not want to be the mid-level software guy being phoned up at zero-dark-thirty because some _IDIOT_ 'chose poorly' and updated a Node.JS dependency. Blame goes on the one at the other end of the phone. "Not my fault" won't fly, either. B.S. rolls down hill, and now it's hit the fan!

[it's also why I won't use shared runtime libs with windows applications - static link or not at all!!!]

Re: Paying taxes on credit *can* be a good idea

actually for a payment plan, if I remember correctly, IRS interest is 7% [flat rate] per annum. It's really not that bad [they just want the money]. I think the interest rate the IRS charges is related directly to the payment on bonds and other such things, so you're basically paying the IRS to borrow money on your behalf and then paying them an interest on that borrowed money. Or something like that.

Using a credit card is convenient, though, and keeps the IRS off of your back. I've done it, then paid it off swiftly. If you don't have it "in the bank" at the time you do your tax payment, it works. But yeah, transaction fees normally paid by the party receiving the credit card payment are added on top of the payment, thereby [essentially] having YOU pay the transaction fees as well as the balance owed. Really, not that bad.

Re: Not a good idea, Ohio

yeah, having that 3rd party do the currency exchange changes the game a bit. But certainly no government entity should accept currency other than that of the government they're part of, in this case the U.S..

Bitcoin really is 'a foreign currency' as far as all things are considered, from taxation to banking regs. But I don't mind a dedicated 3rd party for exchanges. It simplifies the overall process that way. That's better than an actual gummint entity mucking with exchange rates and instability of the currency, at any rate.

Re: 'Today's films are made to be "woke"'

not all films, obviously. just too many of them, In My Bombastic Opinion.

When I see a movie I want to be entertained, *NOT* guilted, manipulated, nor nauseated [unless it's really good 'bloody guts' special effects or something like it in a horror genre].

This is the first time I've heard the term 'woke'. 'Woke' from WHAT exactly? [no don't answer, it's rhetorical]

Re: Reboot Avatar? Yuck!

yes, the comparison between how American Indians were treated in the 1800's was painfully obvious in Avatar. However, the movie was still entertaining, and had a fairly standard plot of 'oppressed vs oppressor'.

When it's entertaining, I can overlook the underlying SJW'ness. Choke the bile a bit and wash it down with popcorn and soda. Or if I'm at home, pizza and beer. Or tequila.

forcing women into 'remake' character roles

"This time, 'Marty' will be a woman"

This would, after all, empower Holly-weird SJW-types to forcibly cram "this is how it was in the 1950's which is why we do not return to it" exaggerated 'misogyny' (their definition of it). As entertainment. And indoctrination.

and when THAT kind of thing happens, their ticket sales reflect audience desire to NOT have politics crammed at them when they go to the movies to ESCAPE it...

There seem to be a lot of crapsack-world post-apocalytpic movies, too. Where's the _ENTERTAINMENT_ in THAT kind of "doom/gloom" everywhere? I thought people went to the movies to have FUN? ['feeding the WRONG wolf', to quote another movie that's QUITE a bit more positive, something that was NOT a remake, either - it sets the doom/gloomers up as either the BAD guys, or those who've given up, and the young millenial protagonist as AN OPTIMIST, despite everything]

Re: Hmm.

"Bladerunner, Total Recall, Ghostbusters, all kinds of things have been ruined by re-makes."

Add 'The Day the Earth Stood Still'. A perfect example of why NOT to do a remake.

Klaatu. Barada. Nikto [mumble mumble mumble]. Heh.

(I hear "they" wanna do a remake of THAT movie, too - the one where the protagonist says that shoutout phrase like a magic incantation, improperly, and comedy ensues - I have the DVD but for those who haven't seen it, let them google for it, heh)

Re: what the people want

"but it's all too crude and/or violent."

And therefore, FUN (instead of 'saturday morning schlock for the widdle kiddies').

ESPECIALLY nauseating when the aforementioned SCHLOCK contains all of those 'parental lessons' embedded within them. [cartoons are supposed to be FUN, not an attempt at Disney doing parents' jobs for them].

/me fondly remembers Animaniacs, which I have the great fortune to have seen for the FIRST time as an adult [so I got all of the jokes].

Re: what the people want

the CGI version of 'Steamboat Willy' is probably on the table, someplace...

Re: Audio applications

I've heard good things about a couple of open source DAW's that run on Linux. You could dump windows ENTIRELY and NOT have to maintain 'bleeding edge' hardware because their OS demands it...

Re: Bombastic Bob...

one of my loving fans? THANK you!

"start afresh with a completely fresh slate"

Please... NO! Not with *THIS* group of "developers". Look what they did to 8 and 10, when they had a perfectly good 7 that they could've just MAINTAINED.

I can't imagine the horrors of a 'start from scratch' based on their current history...

Re: MS : From bad to worse to pathetic

Yes. After THIS many failures, it has stopped being funny, and has NOW graduated to PATHETIC. And, PITIFUL. And, SAD.

Micro-shaft, GET A CLUE, will ya? Stop 'majoring in the minors' and GET BACK TO BASICS.

You know, like it was with 7. And XP. All of that 'feature creep' in Win-10-nic, and you can't even get the BASIC FEATURES (intel drivers) right. *FACEPALM* "Ay,yay,yay,yay,yay..." (like Desi Arnaz used to do on 'I Love Lucy')

An updated version of 7 (just tweeks for new hardware), with an extended support period. That'd be worth purchasing. Hint.

Hello the 90's called

and your Linux system has an insecure telnet server running???

icon for facepalm reaction

I google'd a bit, thinking that maybe there was something out there about telnet and hadoop, and I kept seeing something about port 9000 and not being able to connect to it. Seriously, what's up with the telnet anyway, or is this just being used as a troubleshooting tool (and now, attack vector)? I hope that it's not actually USING a telnet-based command/config thingy but who knows...

/me withholds the 'meme-worthy' reference regarding the number 9000 - dunno if it would actually really apply in this situation.

It might be interesting to know exactly what it is this vulnerability is dealing with, something I can't seem to find with a simple search [and I have no need/desire to install Hadoop in a VM just to see what's up with it].

Re: GOAT?

"I hope they end up open sourcing it just 4 teh lulz."

along with a full source control revision history, including uncensored programmer commit comments

Re: Accuracy

think of it this way: 70% accuracy, and 30% of the tweets were deemed "untrue".

If the statistics are correct, then the 30% "untrue" on a list of 100 perfectly truthful tweets would be "about right" for an algorithm that is 70% accurate.

Just doing the maths...

(and yes, I _DID_ imply that 100% of Trump's tweets are true, just to poke the hornets' nests)

Re: Lock her up Lock her up!!!

I beg your pardon?

coat, please...

Re: "Succumbing to 'gotcha' headlines."

I know - let's just hold EVERYONE to the SAME standards. works for me.

So if Mrs. Clinton stays out of jail and isn't prosecuted for 'just that part', ok I'm good. Let's treat Ivanka exactly the SAME way as Mrs. Clinton gets treated. Hell, Ivanka could RUN FOR OFFICE in a couple of decades, or be SECRETARY OF STATE - why not!

Now about all of the 'hammer-smashing of devices' and not coughing up the 30,000 e-mails and pretending KNOWN classified e-mails weren't because "I did not know what ' C' meant"... (I don't think Ivanka did THAT now did she?)

so, in summary:

* use of private e-mail for non-classified yet gummint-related things: hand slap

* trying to hide everything, use private e-mail for classified things, and obstruct justice by physically destroying the evidence: lock up and throw away the key!

Re: They're not knocking ECC

"I would think the odds are significantly higher that the whole computer would be stolen"

As a matter of fact...

At a used-to-company, miscreants threw a heavy object through the front window of the office building, ran in, cut cables with wire cutters, grabbed the CPU boxen, and took off with the alarm blaring.

Then they did it again 2-3 weeks later, after the company got "all new computers". [I did the majority of the work from home and therefore had plenty of backups for my stuff and related projects].

Snatch-n-grab using low tech "steal a manhole cover and throw it through the window" and "cut all of the cables with wire cutters and run with the CPU boxen" is difficult to stop, but you CAN slow them down by using these lock & cable things [which I recommended after the 2nd theft, and bought some for myself].

That being said, thieves and miscreants will ALWAYS come up with a brute force and/or low tech way of defeating the highest tech security that you can possibly think up, like chaining up an ATM machine to a stolen towtruck and yanking it out of the bank office's wall.

The best security plan is to make sure that you slow them down as much as possible so that you're no longer "an easy mark".

ECC RAM apparently slows them down.

Re: The obvious message here is...

doesn't rowhammer require really good knowledge of the kernel internals to make use of it, at least for bypassing security? You'd need to hammer permission bits, for example, to access things that are normally not accessible, and for that you'd need to know where the bits are located (etc.) as well as a good idea about the RAM architecture is set up. I'd say that ECC still (at least) makes that harder to do, though obviously NOT impossible, like the lock on your door just slows 'them' down if 'they' REALLY want to get in, but of course I'm not going to be leaving my door UNlocked any time soon...

Re: Practising Safe Hex

I've been calling it "Safe Surfing" for a while. It includes things like:

a) don't use internet explorer or Edge or MS Outlook [aka virus outbreak]

b) don't be logged in with admin credentials for e-mail or web surfing

c) if possible, don't use windows to surf the web or read e-mail

d) run noscript or its equivalent

e) only (pre)view e-mail in plain text, NEVER with attachments inline

f) always save attachments to disk, then open with "the application" (not double-click) by running the application FIRST and then using 'file open', and have SCRIPTING TURNED OFF when you do it.

etc.

Re: JS - just for a change

"do a search for 'cache: $URL' to get a plain text version of the page & read the content anyway."

see icon

Re: JS - just for a change

"Back to Web 1.0"

preferable to the bandwidth wasting script intensive bell-whistle-new-shiny market-platform track-via-ads bright blue on blinding white 2D FLATTY "shit show" we're exposed to on a daily basis.

yeah, been here a LONG time. You can make things look good without cat video ads playing in every corner of the page.