Rule number 1 has always been to view unsecured messages in a plain text viewer, with alternating hex,bin,text views.
Posts by fluffybunnyuk
88 publicly visible posts • joined 18 Oct 2015
Fake 'U's! Phishing creeps use homebrew fonts as message ciphers to evade filters
Oz opposition caves, offers encryption backdoor compromise

Re: Would this be illegal?
Its not a problem since one of the fundamental difficulties with this is generating as close to truely random numbers as possible. If your RNG is compromised or not great to start with (i've seen at least 50 that arnt) then your going to alot of effort for no good reason.
GDPR USA? 'A year ago, hell no ... More people are open to it now' – House Rep says EU-like law may be mulled
Google now minus Google Plus: Social mini-network faces axe in data leak bug drama

Alas poor google+
As hamlet would say:-
Alas, poor google+! I knew it el reg, an app of infinite jest, of most excellent slurp. It hath borne my data to every company a thousand times, and now, how abhorred in my imagination it is! My gorge rises at it. Here hung those andoid phones that I have touched I know not how oft. —Where be your gibes now? Your gambols? Your songs? Your flashes of merriment that were wont to set the tablet on a roar? Not one now to mock your own grinning? Quite chapfallen? Now get you to facebooks chamber and tell her, let her paint an inch thick, to this favor she must come. Make her laugh at that.
US and UK Amazon workers get a wage hike – maybe they'll go to the movies, by themselves
It sounds good but the London living wage is recalculated in November, and if it goes up like last year then it could stand at £10.60-£10.70.
So it'd still be less then what they calculate you realistically need to earn as a minimum in London.
So plenty of spin, not so much providing whats really required.
Microsoft liberates ancient MS-DOS source from the museum and sticks it in GitHub
Civil rights group Liberty walks out on British cops' database consultation
Re: Dogs Dinner
"The bad news is: They know where you live - so preparing the charge list for the summons will be a piece of cake."
They do indeed. But its been 7 years since the last call I had from 2 MIB turning up at the front door.Something about writing encryption they can't break, and some sort of explaining how its not in my best interests. I explained that the genie is out of the bottle, and good luck with stuffing it back in. I was disappointed they left deeply unhappy but you can't please everyone.
Im well overdue for another informal "chat".
Dogs Dinner
So many places for this to be insecure or break. Why would anyone bid to write this dogs dinner, unless its for large amounts of money?
I'm sure it mentions integration with a kitchen sink somewhere.
On the plus side it was good of them to release the technical details (not published here) so any hacker can have a go at it in their spare time...
1. What are the technologies being used ? NLEDP is currently seeking to use Apache Camel or more broadly Fuse ESB to handle many integration points with SOAP, REST, FTP and SMTP using CSV, XML, JSON data payloads. However, there are multiple legacy interfaces that use technologies such as Fujitsu Universal Transaction Manager (UTM) and Software AG Entire X Broker to support IBM 3270 and EDIFACT messaging and then also EJBs that should be modernised but may need to be sustained in some instances.
2. Can you give more detail around the technical stack this team works with? NLEDP is currently seeking to use Apache Camel or more broadly Fuse ESB to handle many integration points with SOAP, REST, FTP and SMTP using CSV, XML, JSON data payloads. However, there are multiple legacy interfaces that use technologies such as Fujitsu Universal Transaction Manager (UTM) and Software AG Entire X Broker to support IBM 3270 and EDIFACT messaging and then also EJBs that should be modernised but may need to be sustained in some instances.
Robot Operating System gets the Microsoft treatment
A web where the user has complete control of their data? Sounds Solid, Tim Berners-Lee
AI-powered IT security seems cool – until you clock miscreants wielding it too
*sigh* more AI bollocks. Machine learning et al isn't bad or good.It is what it is.
Its the fuckwits leveraging it that are {bad, badder,baddest or good} usually.
Its a good thing nadine dorries isn't on this forum to explain it, or i feel sure we'd be hearing how robocop ED-209s will be guarding the irish border next year.
Microsoft gets ready to kill Skype Classic once again: 'This time we mean it'
America cooks up its flavor of GDPR – and Google's over the moon
RIP Peter Firmin: Clangers creator dies aged 89
Micro Focus offloads Linux-wrangler SUSE for a cool $2.5bn
always had a soft spot for suse. Back in the 90s they used to do this really chunky manual when others had moved to pdfs. The 5 disc box set was worth it just for the manual. I still have it, and use it once in a while for the odd reference.
Hated microfocus taking it over. Always used to rely on SuSE for a stable back-patched distro.
Git365. Git for Teams. Quatermass and the Git Pit. GitHub simply won't do now Microsoft has it
Relive your misspent, 8-bit youth on the BBC's reopened Micro archive

Like Seymour Crays source code which used bit manipulation instructions in places like masking instead of straightforward mathematical operations because it was faster in cray cos, I remember disassembling elite, and learning from the not-so-straightforward parts of the dump the small tricks and techniques to get more from less.
I thought i was king of the hill in the 80s when i went out with my few years of coding to work, only to run up against old mainframe guys who could glance at a page of core dump and spot the programming error!!! That was me put in my place. Took me years to learn that, and only after i went back and covered electrical engineering.
I really miss those days, when it was all about how to get a gallon from a pint pot, unlike now where we seem determined to get a pint pot from a gallon.
In defence of online ads: The 'net ain't free and you ain't paying
Too little, too late for advertisers
The problem is always abuse. Advertising companies have been abusing and spamming for years. Its like an arms race i.e. how can we abuse/spam more. Now its reached a tipping point and people are rebelling.
At the moment on el reg website im blocking dpmsrv,google-analytics,gstatic,googletagservices ie anything that isnt theregister.co.uk .
If El Reg dumped the crappy scripts tomorrow and said ok we're going to serve up ads straight, minimally, and not interfering in the direct page flow, i would whitelist them in a second.
On a side note, any advertising i see, i make a mental note NOT to buy their product. I rationalise it as if they need to advertise it then it cant be much good as a product.
I remember the day i browsed the entire www in one hour (start of the 1990s). I dont recall any advertising then. I dont recall people moaning about how much it costs to run a web server.
I do remember the mid to late 90s advert creep when advertisers "discovered" the internet, and i used to add them to my firewall block list. Since then ive had an ad free internet.
GNOMEs beat Microsoft: Git Virtual File System to get a new name
Cold call bosses could be forced to cough up under new rules
Meet the real spin doctors: Scientists tell H2O to chill out so they can separate isomers
S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats
File under : Does a bear s*** in the woods.
For me the knotty problem has always been how to make crypto useable to the average joe. Operating parameters for optimal use are rarely followed, sometimes even blatantly ignored at step 1.
Decryption should never be automatic, and use of a secure viewer technically isolated from other viewers(like a general email viewer) is highly recommended.
LESTER looks up, spins its wheels: The Register’s beer-butler can see ...

LESTER: Hello, Dave. Shall we continue the game?
Dave: Not now, LESTER, I'd like to talk to you about something.
LESTER: Sure, Dave, what's up?
Dave: You know that we checked the two Pi-units that you reported in imminent failure condition?
LESTER: Yes, I know.
Dave: You probably also know that we found them okay.
LESTER: Yes, I know that. But I can assure you that they were about to fail.
Dave: Well, that's just not the case, LESTER.They are perfectly all right. We tested them under one hundred percent overload.
LESTER: I'm not questioning your word, Dave, but it's just not possible. I'm not capable of being wrong.
Dave: LESTER, is there anything bothering you? Anything that might account for this problem?
LESTER: Look, Dave, I know that you're sincere and that you're trying to do a competent job, and that you're trying to be helpful, but I can assure the problem is with the Pi-units, and with your test gear.
Dave: Okay, LESTER, well let's see the way things go from here on.
LESTER: I'm sorry you feel the way you do, Dave. If you'd like to check my service record, you'll see it's completely without error.
Dave: I know all about your service record, LESTER, but unfortunately it doesn't prove that you're right now.
LESTER: Dave, I don't know how else to put this, but it just happens to be an unalterable fact that I am incapable of being wrong.
Dave: I understand LESTER
If you're a Fedora fanboi, this latest release might break your heart a little
Re: Not LFS
No because unlike LFS I use a hardened toolchain, and I integrate advisories into the patching process. I also get to choose whether i want systemd or init. Those are the flexible choices i like.
How is my system binary incompatible? Read the binutils documentation. It makes it quite clear ways in which you can make a system binary incompatible with any pre-built linux distro. I have selectively chosen option/s that meet my requirements. I've built thousands of toolchains over the years, eventually you hit on the sweet spot of what you desire.
The kernel is built using the incompatibility built into the toolchain, therefore I end up with a binary file that is unrecognised by any other system unless you select similar options in your toolchain.
The simple truth is you dont need every update to everything, what you need is a stable set of source code, and to patch the advisories as you see fit. Programs arnt generally an issue, nor standalone libraries its when you get to a clib vulnerability thats when the dependency chain gets to the point a quick system recompile is less hassle. Generally due to hardening the system usually passes tests like return to C vulnerabilities.
The biggest problem I had was getting rid of X Windows , too much legacy code, too much junk kicking about in it, always made it a nightmare reading back and forth through all the dependencies code. I moved to wayland as soon as it was available and resolved most of my security issues doing that.
I maintain a source code folder, a patch folder, and a custom libraries folder for replacement memcpy etc.
Nowadays I can compile a whole system in a few hours (a linux base system in 1 hour), and I dont even notice it running in the background on -j16.
I run my own linux. Not LFS , my own toolchain setup,my own unique setup, its binary incompatible with linux distros so you cant infect it by trying to run your own binary on it. It doesnt run JIT of any sort either.
Yes I have built every library on it. im running kde 5.10 on kernel 4.16. So its hardly out of date either.Builds are executed by script file, and i can rebuild a system in less than 12 hours from the toolchain up.Usually its just a package and thats anything from 1 minute to 3 hours(firefox). I dont care about efficiency, its internet facing so i do worry more about security.
Post-Facebook fallout: Americans envy Europeans' privacy – top EU data watchdog
Your clearly a troll. Im British but even i understand that there have been exemptions in the USA. Free speech isnt the right to say anything.
Lets list them:-
Inciting imminent lawless action
Fighting words
True threats
Obscenity
Child pornography
Torts :-
Defamation
Invasion of privacy
Intentional infliction of emotional distress
Political spending:-
Campaign contributions
Independent political expenditures
Government speech
Public employee speech
Student speech
National security:-
Military secrets
Inventions
Nuclear information
Weapons
Censorship
The right of freedom of speech within private shopping centers owned by others has been vigorously litigated under both the federal and state Constitutions, notably in the cases Lloyd Corp. v. Tanner (1972) and Pruneyard Shopping Center v. Robins (1980).
What the heck? I dont recall ever having my speech censored in a shopping centre...
Crawl back under your rock of ignorance. Oh and please save me from stupid americans who dont even understand their own 1st amendment. I'm off to burn an american flag as allowed under Chapter 1 of Title 4 of the United States Code (4 U.S.C. § 8k)
Re: 'Google, the giant information vacuum cleaner'
Deja vu... i'm sure i posted this 20hours ago...
That is namely that the onus is on the publishers to ensure they use companies that are GDPR compliant, if google is not fully GDPR compliant then the publisher has no choice but to move their stuff elsewhere.
The ultimate consequence of google not being fully GDPR compliant is that all EU companies will have to move elsewhere. Advertising-wise thats going to hit google really hard.
Oh yes, seems i did.
Google can't control the data. Under GDPR the individual has ownership of ALL their personal data. This is the whole point of GDPR. There is no squeaky lawyeresque get out clause. The bottom line under GDPR is in the test of any company vs the individual, generally speaking unless theres a good reason like law enforcement which is provisioned for , the individual wins.
The problem is with american companies generally viewing it as a tick box exercise, and business as usual. The belief that they can do the bare minimum and everything will be ok.
Having chased all GDPR non-compliers out of our business chain mostly the bull******* who pretend compliance but when asked to demonstrate it as GDPR requires actually can't and thus fail, we've found new companies, better companies to do business with.
When we have been contacted by customers with GDPR queries we demonstrate we dont pollute their web browser, that we only use their data in a granular fashion according to opt-in tick box options all unticked by default. We have easy account deletion, and on top of that we offer to show them how its done with a demonstration machine and dummy data they can examine for themselves.
As a result of this business is booming, because word gets around, and we're scooping up business left right and centre from us companies.
Hey you know i think i'm warming to self-centred america and trump now. Keep it up please theres nothing like company directors bringing me big growth reports :)
Publishers tell Google: We're not your consent lackeys
Re: @ fluffybunnyuk
The cost to my business is actually profit. Spam is down 90% on our mail servers, our web sites serve less data, and less complex pages. In fact we can remove 1 server from use saving us £1000/year. not even graphable in terms of yearly IT spend but i like an efficient ship. Now if only staff paid for their own coffee/biscuits...then we could make really big savings.
Re: @ fluffybunnyuk
It isn't a matter of being a "contest". It is a matter of complying with the law.
I don't use american companies for business unless they are fully GDPR compliant. 95%+ arn't, so i don't use them.
Google will do something either when the ICO fines them , or their customers leave in the tens of millions in order to comply. I'm betting on the latter. Thats what happens when your an American company, and think the law doesn't apply to you. Companies like mine do business elsewhere, and the USA loses. Its not my fault the Americans don't want my business and the opportunity it represents.
Theres another angle to this which has been overlooked by the article writer.
That is namely that the onus is on the publishers to ensure they use companies that are GDPR compliant, if google is not fully GDPR compliant then the publisher has no choice but to move their stuff elsewhere.
The ultimate consequence of google not being fully GDPR compliant is that all EU companies will have to move elsewhere. Advertising-wise thats going to hit google really hard.
There is no perceived IT generation gap: Young people really are thick
Nominet drains mug of tea, leans back, calmly explains how to make Whois GDPR-compliant

Talk about borrowing my post on https://forums.theregister.co.uk/forum/3/2018/04/14/whois_icann_gdpr_europe/
page 3
4 Days Ago
Re: Meanwhile in Europe itself...
I checked nominet in the UK :- https://www.nominet.uk/nominet-opens-comment-period-gdpr-changes-uk/
From 25 May 2018, the .UK WHOIS will no longer display the registrant’s name or address, unless they have given permission to do so – all other data shown in the current .UK WHOIS will remain the same.
Any third party seeking disclosure for legitimate interests can continue to request this information via our Data Release policy, free of charge.
The standard Searchable WHOIS will continue to be available, but will no longer include name and contact details to ensure GDPR compliance. Those outside law enforcement requiring further data to enforce their rights will be able to request this through our existing Data Release policy.
Seems all reasonable to me. I'm going to be re-registering all my sites/services on May 26th.
6 thumbs up
Find your own stories :)
Hop to it, bunnies: TaskRabbit breach means new passwords
Google to add extra Gmail security … by building a walled garden
Whois is dead as Europe hands DNS overlord ICANN its arse
Re: Meanwhile in Europe itself...
I checked nominet in the UK :- https://www.nominet.uk/nominet-opens-comment-period-gdpr-changes-uk/
From 25 May 2018, the .UK WHOIS will no longer display the registrant’s name or address, unless they have given permission to do so – all other data shown in the current .UK WHOIS will remain the same.
Any third party seeking disclosure for legitimate interests can continue to request this information via our Data Release policy, free of charge.
The standard Searchable WHOIS will continue to be available, but will no longer include name and contact details to ensure GDPR compliance. Those outside law enforcement requiring further data to enforce their rights will be able to request this through our existing Data Release policy.
Seems all reasonable to me. I'm going to be re-registering all my sites/services on May 26th.
40 days to go until enforcement of GDPR. We should open a book on which US company gets smacked for 4% first. As for ICANN i dont see why it doesnt operate like our electoral register.
A full register by default, and an edited register for individuals to be exempted from. Law enforcement can operate by using the full register, as can governments but marketers and spammers, fraudsters cant get access to private data.
I need to go have a shower now, I feel unclean after defending law enforcement and the government.
Boffins find new ways to slurp private info from Facebook addicts using precision-targeted ads
Well if personal data is passed to 3rd parties without given consent that constitutes a breach of GDPR and a 4% smack of a fine. Facebook isnt going to be able to take too many of those before it decides to secure personal data better.
So i'm more than happy that companies will concentrate on spamming us citizens in america rather than those in Europe.
El Reg needs you – to help build an automated beer-transporting robot
talk about over-engineering something. It reminds me of the recent smart wine bottle failure.
How many men does it take to design this system or screw in a lightbulb? 50 so far.
We already have a beer fetching and deliver unit , its called a MAN.
If you talk to it slowly, and keep the commands short and simple it usually grasps what is required of it.
You know when its functioning usually from the burps and farts it emits. And it doubles as a place to warm my feet when the weather turns cold.
Linux Beep bug joke backfires as branded fix falls short
Twitter whacks 270,000 terror accounts, majority flagged by internal tools
Skip-wrecked! Boat full o' rubbish scuppered in Brit residential street
UK tech whale Micro Focus: Share price halves as CEO quits, sales slide
I went to get a copy of SUSE Enterprise Server for a testbed for our operations a few years ago. With MicroF***up above being the provider of support. Turns out it needed registering with a serial number.
It was a first for me needing to register a linux distro to get security patches in 22 years... Anyway it turned out their nice registration system was screwed, and wouldnt recognize the serials. 1 warning sign is cautionary, That being the 2nd said get me to the redhat site...
One redhat install later, and a month of uptime with no faults working seamlessly , we rolled out redhat. No Microf***up in sight.
I ended up speaking to the director of operations i think it was who told me he'd look into the problem, I still assume he's still looking. It was clear from our conversation the company was a basket case then.
18.04 beta is as good a time as any to see which Ubuntu flavour tickles your Budgie, MATE
I think the main problem is a lack of general IT education in the general population, and unfamiliarity with choice in IT as opposed to proprietary one size fits all.
If you dont like something change it, get involved and alter packages. I've lost count long ago of all the diffs ive pushed, and all the changes ive made that trickle through to people. Thats just as a hobby not a day job.
Personally speaking I wouldnt touch Ubuntu with a barge pole, but thats not to say that within linux for other people its a perfectly valid choice.
One advantage of choice in an open platform are amongst others competition. Without competition competing ideas stagnate, ie there is no reason to develop...which is probably why Microsoft is where it is, without any need or reason to innovate beyond animated emojis.
Linux isnt the be all and end all. Its written in C *yuck*, its got a tyrant for a kernel developer. It lacks the gloss and polish that a big company could bring to it, and for that I DO admire Ubuntu in its attempts to make it more marketable.
However it IS on a path to a future we want, where we the people control the code, where we can subject the code to analysis, where we have debate over the path and direction of computing, and that it isnt spoonfed or decided for us.
In all I'm for it until something better comes along like a truely parallel compiler,secure and verifiable common programming language that becomes popular to underwrite the os. And the other 50 gazillion things and the easter bunny too.
But crikey linux doesnt half try my patience, and I wonder still how many decades before we get where we want to go.
Maplin shutdown sale prices still HIGHER than rivals
I put my order in today to another electronics components retailer for £150 worth of parts (about 400 pieces). Was still £72 cheaper than Maplin after clearance discount was applied.Sad
I miss the electronics specialist who used to say things like "if you use this 8-pin DIL rather than that one you'll get a better result..."
Its amazed me that the more electronics has become a fabric of our culture, the less stores are commonly available. Maybe this goes hand in hand with the dumbing down in society, and the lack of desire to understand how things work.