Posts by bombastic bob

Re: erm isn't this what law enforcement is for?

Overall you come off very "kill 'em all and let god sort 'em out"

Well, not GOD, but you get the general idea. heh.

Re: erm isn't this what law enforcement is for?

"A large fraction of those who end up doing it in real life do require extensive psychological and psychiatric councelling later on - even when the person they killed has been trying to kill them."

not me - I'd make sure they stared right into my eyeballs as I stare into theirs, watching the life drain away. I'm the last thing they'd see on the way to HELL.

[THAT, by the way, makes me a *HARD* *TARGET* - meaning I'm in the house they avoid, or the person they avoid on the street or in a crowd - the one who FIGHTS BACK]

Sorry, I can't by into your "prey animal" kind of thinking. I think like a predator. A self-disciplined predator who doesn't kill without reason. And I spent time in the military, and have been prepared to take a life in self-defense [or defense of others] since then. No problem.

The point is *TO* fight back. Make it hard for the criminal. Even if you're passive-aggressive about it, it's still fighting back. I prefer "active aggressive". And *revenge* is a GOOD thing. enough people do it, and you see crime go WAY down, because their's now a PENALTY [potentially] for the bad behavior.

[this is not how SHEEPLE think. This is how men with BIG BALLS think.]

Re: stupider and stupider

"how in God's name is an individual or and other entity going to bring about a legitimate counter-hack result."

it's been done before [locating the perp]. An enterprising and intelligent operator of a router system did it once, back in the 90's. I can't recall his name, but he got the FBI involved because he was seeing some really unusual activity... and as it turned out, it was someone trying to crack into gummint computers, if I remember correctly.

Someone at an ISP could assist a company in doing the same thing, or if you have your own routers [that can display the right kind of info], you could do it yourself.

even WireShark can be very helpful.

auto-redirect routing to a honeypot server - even better. make it nice and sweet. download that trojan, yeah! let it phone home, and we'll see who you REALLY are! back-door THAT machine, looks for back doors already there, and keep digging until you find the perp. chances are, he's not protecting himself very well... thinking "TOR" will anonymize him. Uh, huh... and then you examine his facebook cookie, his twitter cookie, his microsoft login cookie, ...

Re: Whelp...

"time to figure out how to get Fail2ban to call Metasploit"

I call that "a good start" - heh. Unfortunately, con-grab wants gummint in the loop. DAMMIT.

Re: Cool!

"So we can all hack the US Government back now without worrying about getting extradited?"

you have MY permission, if they're invading your computer without probable cause, and without any kind of legal approval in the UK. They should get a UK warrant first. Then it would be _legal_ in the UK to do that. Or let the UK gummint do it on the US gummint's behalf. Then it's all above-board diplomatically.

But invading your computers? bad idea. hack 'em back. [if you don't mind the legal fees associated with defending yourself, anyway, and IANAL so my legal advice is probably worthless]

Re: Machine != Hacker

well, if you do things properly on YOUR end, researching the hack/crack, it becomes obvious when a web site is being used as a "pure re-director". A little research may lead you to the REAL web site (or person doing the shell access cracking, whichever), especially for things _LIKE_ when the POST transactions in a fake web page reveal exactly where that is [for getting your credit card info, for example]. If your server is the re-director, then you study the logs to see where everything is going, and go from there. That kind of thing. Or if it's someone else, you can often determine where it REALLY came from through various means.

From that point, the lazy coder's or incompetent script-kiddie's ass is YOURS. Just "follow the money" (or in this case, the IP address of the server doing the credit card stuff or intrusions). Notifying the credit card companies along the way is an extra added 'bonus'.

(I would normally expect crack attempts to come in via web site requests as a vector, unless you allow ssh access for more than 1 or two obscure user names with either proper pass-PHRASES or cert-only, or both)

Re: 150,000,000 americans plus several million others can hack Equifax?

"Perfect. I'll set my IoT borgs on the task right now. Oh, by the way, I'll spoof the headers to show it comes from the us congress."

works for me. thanks for the idea.

Re: Hacking back against forged attacks

most people understand the 'joe job' problem. I've been Joe-jobbed a couple of times. Fortunately the web service that handles domain e-mails added the ability to put the correct MX DNS info records in place to specify which servers are authorized to send e-mail for the domain, and I haven't seen it happen since.

in one joe-job case that I allegedly heard about, the alleged perps allegedly had an alleged server running in an alleged country that is well known for having compromised servers and NOT responding to alleged abuse reports because alleged mail service was filtering the abuse reports as "spam". Allegedly. And it allegedly had the usual "fake rolex" and "fake handbag" web sites on it. And it allegedly got flooded with specially crafted (not illegal) HTTP requests that shut it down for a significant amount of time (allegedly exploiting a bug in the way they were re-directing via the "probably compromised" web server), on multiple occasions, with "stop joe jobbing XXX" allegedly being PROMINENT in the logs, allegedly. Yeah, no retaliation THERE, right?

Re: Hacking back against forged attacks

"Bob announces that he will hack back against anybody who attacks him."

heh, I wouldn't announce it, just do it.

That's where the liability comes in - if you don't cover your ass and get the right target, you're as bad as the perp [and so YOU get in trouble]. Unless it becomes a ginormous free-for-all, in which case, popcorn please.

Re: erm isn't this what law enforcement is for?

(from the article>

"Before hacking back, the IT department would have to submit some homework to the FBI's National Cyber Investigative Joint Task Force so the Feds can make sure national boundaries are being respected and that any action wouldn't interfere with an ongoing investigation."

And I wanted to have a bot do it, automagically. DAMMIT!

This is like "the 2nd ammendment" for cyber-self-defense. Works for me.

A cop cannot be everywhere. Citizens have to take it upon themselves to report and stop crime. I don't know about the U.K. but here in the USA we have "citizen's arrest" laws, where if you catch someone "in the act" you have the right to arrest that person with REASONABLE FORCE [but criminals have black eyes, broken bones, missing teeth, and if he doesn't look like a criminal, the cops won't believe it, heh]. So yeah, if you witness someone stealing, raping, murdering, you have EVERY right to use deadly force in many cases, and that's the point. Citizens are as good as cops at stopping crime.

In this case, it's citizens with computers who could, in theory, do their OWN investigating. But seriously, if you detect an intrusion, putting up a shield may not be enough. You might have to do something to damage the other end, like trick them into downloading a trojan horse that wipes their hard drive or similar. If a bot kicks in a URL re-director that fakes them into going to the wrong web pages [for example], they end up downloading the trojan horse.

I'd be all for THAT. As an extra added bonus, the law contains liability insurance, so if you destroy some innocent person's computer, you have to pay for it. No biggee. It's the same if you shoot the wrong person. You're liable for that, too.

/me gets bumper sticker for PC: This Computer is Protected by Smith & Wesson

Re: Irony

Why can't Micro-shaft JUST COME CLEAN on what they're collecting on everyone?

/me hears crickets chirping in Redmond

I'm waiting for the news article

"Patch Tuesday completes flawlessly, Sysadmins able complete real work due to stress free day"

Better still, a news announcer that looks/sounds like Michael Palin. Or John Cleese.

And now, for something, completely different...

Re: Nice one, Microsft

to the tune of "I Dream of Jeannie"

Blue Screen!

Here comes another,

Blue Screen!

Wait, there's another,

Blue Screen!

Its a BLUE SCREEN of Death!

Re: Gif.

"how can G(raphics) be pronounced as JIF."

it could be worse - they might be pronouncing SQL as "Sequel".

Yeah, it's pronounced Es Queue El for those who didn't know. The other pronunciation, which is _REALLY_ IBM market-speak from the late 80's/early 90's, is like nails on a chalkboard in intelligent or technical conversation. Yes, I'm compelled to stop things and correct the error, and have done so on a few occasions...

And yeah, it's "GUIFF" with a hard 'G'. Soft-G fascists simply can't figure out what the G stands for...

[I'll continue to use PING and JAY-PEGG files anyway - they're better for my needs]

Windows 10 is helping business sales (?)

[deserves a topic heading]

The article said that. I say "_REALLY_???" Because I don't believe it.

Recently I was invited by Micro-shaft to engage in an on-line survey with respect to business-related computer usage and Win-10-nic features. There were several 'comment' areas in which I vented my spleen. I outlined, in detail, how they basically drove me, a long time customer, who USED to be a fan of Microsoft and Windows back in the 90's, AWAY from them, by things like the 2D FLATSO, adware, spyware, forced updates, "start thing", GWX, etc.. ( 'TLDR' and I don't remember it all, so just the summary.)

In any case, their "new,shiny" "business friendly features" aren't really helping business, from what I can see. But their marketing will SAY SO, and I think that trickled into the article.

I have a few legacy applications that require windows. If Micro-shaft continues circling the drain with Win-10-nic, I may be forced to fix WINE so that they'll all work. [some of them are multimedia applications, particularly Cakewalk, and that might take a bit of work, but if I can get XP to run on an old computer that has enough horsepower to do it, or get my W7 machine to work properly with respect to certain device drivers, I may not have to]

Re: haven't we been here before ?

"Ah yes, COBOL meant the PHB class and users write their own code, then SQL meant management could directly query business data followed by the great white hopes of VB and Delphi. "

don't forget "Forest and Trees". that was an interesting thing. It died, like similar things. I think MS Access may have killed it.

And one more point: SKYNET programmed itself, didn't it?

Icon, because, SKYNET mention.

Re: Worth repeating

while(1)

{

"if you have a problem and you use Microsoft to solve it, you now have a royal fuck load of problems."

}

how's that?

Re: New Feature

"There is this nifty new idea some are using."

yeah, and some of them set up DEVELOPMENT servers to test things on, before moving them to production. but you'll need TESTERS to evaluate it properly, or maybe make everyone at Micro-shaft use the DEVELOPMENT server to help work out the bugs...

'master' and 'develop' branches on github. do a merge when you know it works, cross your fingers, hold onto your ass, and hope you didn't break something. And do it at zero-dark-thirty when few people are actually using it [so you don't cause massive outages]. And then TEST the damn thing, to make sure you didn't break it.

yeah, "standard operating procedure" for competent IT people, right?

"Facepalm" icon for how dumb MS was for putting this on the production server without testing it properly, first.

Re: VS2017 Community Edition is a POS

and, "the cloud" is HIGHLY overrated.

If you want to clloud-collaborate, use github. It doesn't require a bloated IDE.

Re: Thank Allah, Thank Buddha, Thank Jehovah

"he language has lagged behind other languages such as C#."

that comparison to C-pound [the language that makes me want to VOMIT] earned you a DOWN vote.

Re: Android & Java

"vast majority of Android apps out there are written in either C# or C++"

C++ sounds fine, but C-pound? EEEEeeeeewwwwwwwwww!!!!!!!!!!

/me can't find a vomit icon. I'll use this instead.

Re: Who designed this then?

"How the hell did you design an OS that lets programmers embed code in a FONT?"

you stupidly make font files DLL's with an executable section that runs on load...

Re: The NeverEnding Story Continues...

"wonder if we’ll still be patching Windows security issues in the year 802,701 A.D."

WIn-10-nic, the Morlock version

Re: Old vs New Bugs

"I get the feeling that they do not test as thoroughly as they used to."

they don't test at all. they fired their testing staff 2 years ago, during the insider program for Win-10-nic. They're entirely relying on 'insiders' and people who get the first run of patches. that's why there are forced updates, to make SURE they get their patches tested by the unfortunate saps who risk bricking their new, shiny machines that came with Win-10-nic.

Re: 2XXX

"They survive on desktops on the strength of their ability to run programs from a decade or so ago"

for now. Until they decide to abandon Win32 support and go "UWP only".

just wait. they'll do it. they've got their foot targeted, and are ready to pull the trigger...

Re: How many times can Microsoft kill Mobile?

Yes. Micro-shaft should KILL windows phone TO DEATH. Except by then, it will become UNDEAD. Kinda like this:

https://allthetropes.org/wiki/Category:Undead_Horse_Trope

Re: Any hope, a silver lining

"I really, really doubt that MS will do a 'U' turn of such magnitude and get rid of METRO/Tiles etc."

It's probably too late to stop the Titanic from hitting the iceberg, yeah. "All back emergency" followed by 30 seconds of frantic propeller noise going "churn, churn, churn, churn" because momentum equals mass times velocity and kinetic energy equals velocity SQUARED times mass, and so it takes a SHIPload of energy to un-do all of that momentum by adding "negative kinetic energy" to stop a Titanic, freight train, or Micro-shaft...

Re: I disagree.

"The all-powerful Windows team wanted Windows everywhere, including places that it didn't belong"

And then, DUMB THE INTERFACE DOWN so that everyone is equally *MEDIOCRE*. Like certain political philosophies that demand "equal outcomes".

troll icon because, previous comment. heh.

Re: Nothing follows

"The only thing they could possibly have a go at is a UWP runner on iOS and Android, and that would fail too."

That's because UWP itself is _FAIL_.

Is _ANYONE_ *SERIOUSLY* targeting UWP these days? One, maybe two people that ARE NOT owned by Micro-shaft?

Either Micro-shaft will COMPLETELY nuke themselves into oblivion by ABANDONING Win32 API support (basically invalidating all 'other toolkits' and legacy applications), or they'll see the light and quietly let it die like they did with Silverlight and a few other things...

Re: Microsoft is trying very hard to kill itself.

Well, if Belfiore admits that WinPhone is essentially DYING, I wonder how long it will be before he admits THESE things [that he so proudly announced] will ALSO die:

a) spyware - " So the system is going to give us a 'smart suggestion' for an app in the store that is going to be one that's suitable for ~me~."

b) adware - "on the client we know which apps you're launching, and which apps you're installing, and so we're able to communicate with the store and bring down suggestions that are personalized for ~you~"

c) his focus on "universal windows platform" ==> UWP

(the quotes are from his (in)famous speech at a developer's conference during the insider program for win-10-nic, where he revealed the adware, spyware, and other plans as if they were *GOOD* things)

And - Mr. Belf**ck-you-all-e - how about getting rid of that 2D FLATSO FLUGLY THE METRO CRAP-INTERFACE too.

In other words, go back to 7, the way it was before "Ape" was released. Apply the back-end fixes and anything that makes the system faster, but LEAVE THE @#$% &$*# !}{% INTERFACE THE WAY IT WAS this time!

And _NO_ forced updates, either.

Re: get a foothold in the market - money talks

"Certainly the appstore did the platform no favours."

you mean CRAPPstore (and that's the point, yeah)