* Posts by doke

55 publicly visible posts • joined 10 Mar 2016


There's always a coronavirus angle these days: Honor intros new smartphone with built-in temperature sensor


not thermal imaging

Too bad it's not a real thermal imaging camera. That would be useful for scanning my breaker panels at work, outlets, etc.

We've found it... the last shred of human decency in an IT director – all for a poxy Unix engineer


This is what "BEGIN" is for

This is why databases have BEGIN, ROLLBACK, and COMMIT. They would have saved me from some of my own mistakes. :-)

Ransomware attackers have gone from 'spray and pray' to 'slayin' prey'


Re: Weird Behaviour

That kind of whitelist won't protect from macros running inside approved applications, javascript or web assembly running inside approved browsers, nor code injected into approved applications. In a corporate setting, it causes complaints, and gets turned off after some director can't run the xyz app that his nephew recommended.

Microsoft hikes cost of licensing its software on rival public clouds, introduces Azure 'Dedicated' Hosts


$106k over three years

So a type 2 would cost about $106k over three years, not including licenses? I can buy a fully loaded Dell R7425 server and run it for three years for about $5k.

Years late to the SMB1-killing party, Samba finally dumps the unsafe file-sharing protocol version by default


I have a few read-only shares, for playing mp3s and such. I want them to be available via SMB1 for older client devices. I would never expose a share read-write over SMB1.

Windows 10 May 2019 Update thwarted by obscure tech known as 'external storage'


Re: Fundamental

"Drive H" is much harder to remember than just mounting your backup drive as "/backup". If your OS automounts it as "/media/something", then just make a symlink.

User secures floppies to a filing cabinet with a magnet, but at least they backed up daily... right?


Re: Then there is the "send me a copy"


Town admits 'a poor decision was made' after baseball field set on fire to 'dry' it more quickly


Re: Burning question

About half the US states banned MTBE years ago. They mandate ethanol instead. If you see a sticker on the pump that says 10% ethanol, then there's probably no MTBE. https://en.wikipedia.org/wiki/MTBE_controversy

The HeirPod? Samsung Galaxy Buds teardown finds tiny wireless cans 'surprisingly repairable'


I don't like wireless earphones.

They're very expensive. The Samsung Galaxy Buds are $140 USD on Amazon.

They're easily lost. Wired headphones have a harder time falling down the sewer, because they're attached. If they do, I can get a new pair for less than $10.

Many bluetooth devices have poor audio fidelity. https://www.lifewire.com/what-to-know-about-bluetooth-3134591

I have to enable bluetooth on my phone. That increases the power consumption, and decreases battery life. There have also been several security issues with bluetooth, https://www.schneier.com/blog/archives/2017/09/bluetooth_vulne.html I could save power by disabling bluetooth after listening, but I will probably forget.


Re: Wireless?

In some places it's also illegal to wear headphones while driving a car. I understand El Reg is a UK news site, but I could only find a link for the US. https://phiaton.com/blogs/audio/are-headphones-illegal-while-driving


Re: It's an unfair comparision

Watch some of Louis Rossman's Youtube videos. Apple is actively trying to kill the repair market on their gear.

Euro consumer groups: We think Android tracking is illegal


Re: The user has no freedom but to consent

The problem with hosts files is they don't allow wildcards. So when they point to you a dynamically made up server name, ie a43c56.adhack.com, it won't match. There are two better ways to do it. You can do wildcard matching in a proxy.pac file. You can create your own internal dns server, and create fake zone files that point *.doubleclick.net to I like the second one because it automatically applies to all of my devices, tablets, phones, etc on the local network.


Why does wifi scanning (for apps like wifi analyzer) need location turned on in android 6 and above? It wasn't needed in 5. It doesn't add any functionality for me. I just want to verify the wifi coverage for my users in their conference rooms.

In Windows 10 Update land, nobody can hear you scream


Re: Windows 7 "outdated"?

"put your Win7 OS into a VM"

This has many other advantages. You can snapshot the VM before an upgrade, and roll back bad ones. You can filter the network connections. You can filter which usb devices are allowed to communicate with the VM. The virtual hardware is standardized, so you never need to worry about weird, broken drivers. You can clone the VM for a special purpose, or for two pieces of software that don't cooperate on DLLs or drivers.

The downside is VMs use a lot of memory.

'Oh sh..' – the moment an infosec bod realized he was tracking a cop car's movements by its leaky cellular gateway


Re: Home Address?

I've been told many apartment complexes around here offer discounted rent to police officers who frequently bring home a marked car. The complex wants the crime deterrent.

Glibc 'abortion joke' diff tiff leaves Richard Stallman miffed


Re: There's no quality issue. It's a movement you benefit from.

FreeBSD recently adopted an appallingly bad code of conduct. The problems aren't as much with what it says, as what it doesn't. It has no transparency. There is no requirement that charges be publicly announced (in an anonymized fashion). There is no provision for defense. There is no requirement for the defendant to be informed that a charge is pending against them, so they are unable to plan our mount a defense. After the fact, appeals are allowed only to a tiny subset of penalties. Appeals are handled by the same committee. There is no way to appeal to a higher, or different, authority.

'Well intentioned lawmakers could stifle IoT innovation', warns bug bounty pioneer


Re: "Well intentioned lawmakers could stifle IoT innovation"

"People Of Little Integrity, Tiny Intelligence, Colossal Incompetence, Achieving Nothing."

Milton wins!

Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...


SCADA systems should never be connected to the internet. The vast majority of them have someone in a control booth 24x7. The boss can just call and ask "Is everything workiing?" If they insist on a status display, that should be done in a one-way export-only fashion, where the protected systems send status updates to an external web server. There's seldom that much status data to update, you could even do it with an RS-232 serial line, with the RX wire clipped.

Ubuntu 17.10 pulled: Linux OS knackers laptop BIOSes, Intel kernel driver fingered


Re: Jumpers

Unfortunately, the write protect switch on an SD card doesn't connect to the circuitry inside it. It's just something the card slot detects. So the slot has the option to override it.

Docs ran a simulation of what would happen if really nasty malware hit a city's hospitals. RIP :(


Re: WannaCry and NHS

"if any deaths occurred directly as a result of WannaCry"

If WannaCry caused any deaths in NHS, then how many lives did Marcus Hutchins save?

Behold, says robo-mall-cop maker: Our crime-busting dune buggy packed with spy gear


Re: Limited growth company.

Also consider possible future expansions. They could get a daily upload of facial recognition data for known shoplifters from other locations. The human guards will recognize people they personally threw out before, but not ones from other malls or airports. They could also identify people by cell phone bluetooth beacons, wifi client addresses, car license plates, etc. All of that data would be very attractive to a mall. They could sell it to directed advertizers.


Knight Rider reference

They should have named them the "Knight Industries Roving Robot" (KARR) and "Knight Industries Two Thousand" (KITT), in honor of the 80s tv show Knight Rider. They also need a scanning red led on the front.

Chirpy, chirpy, cheap, cheap: Printable IoT radios for 10 cents each


Backscatter data retrieval has been around since the 1940s. In 1945 Theramin made a passive, unpowered bug that operated for about 7 years. These guys seem to have increased the bandwidth, but not the range.


AI vans are real – but they'll make us suck at driving, warn boffins


I really want an autonomous car.

There are many reasons I would want an autonomous car.

- It could drop me off at the store door, then go find parking. When I'm done, I would call it to come pick me up. I wouldn't have to carry my packages half a mile to my parking space.

- I could relax and watch video or something on long trips.

- It could drive me home after an evening out.

- I could send it off to get gas, or be serviced.


Re: The future:

"people will discard food/drinks/garbage in the floorboard of an autocab"

They'll receive a bill for the cleaning, with attached video of them leaving a mess in the car. Probably multiple videos from different angles.

Banking websites are 'littered with trackers' ogling your credit risk


Re: Are there any legitimate uses for client side scripts on a banking website?

One common use is "responsive web design" where the js modifies the page to fit various size screens under certain rules. Many designers think it's better to make one page full of "if"s and rules than to maintain separate desktop and mobile sites. I see points for both sides, I think it depends on the site.

EU security think tank ENISA looks for IoT security, can't find any


Re: Oh no

IoT fad lack of security is life threatening?

It can be. Pacemaker hack can deliver deadly 830-volt jolt


Re: please...

Rule 2) The device shall not become operational until the user has set up their own credentials.

This might be a bit much to expect from Grandma. It might be more user-friendly for every unit to have different default credentials, derived from the serial number, and printed on a card that comes with the device. If they lose the card, they can go to the company web site, enter the serial number, and get the default password. That also means the device can be used out of the box, without any setup that requires a computer they might not have.

Red alert! Intel patches remote execution hole that's been hidden in chips since 2010


Intel's normal reaction is denial

These are the same people who said the the F00F bug would only affect scientific computation users.

Microsoft cracks open patch mega-bundles for biz admins, will separate security, stability fixes



The pendulum is starting to swing back. I feel like I'm in a pit...

FTP becoming Forgotten Transfer Protocol as Debian turns it off


routers and embedded devices

These days I mostly use ftp to get firmware images and data on and off of routers, switches, and embedded devices. The simple protocol, and low cpu / memory requirements make it a good fit in bootloaders and rescue images. Virtually all of those transfers are to or from an anonymous ftp server on the same protected management lan.

ftp is sometimes problematic on the internet, because the firewall has to inspect the protocol and open the ports for the data channel. Passive mode will get around your firewall, but not the other end's firewall. Active mode is the other way around. In linux, as a client, you have to load a kernel module, nf_conntrack_ftp, to get iptables to do the inspection to make active mode work.

Skype-on-Linux graduates from Alpha to Beta status


Re: What is the benefit putting a cloud in the middle?

Peer to Peer has trouble with firewalls, especially NATing ones. If both ends have a firewall that prohibits unsolicited inbound connections, then PtP can't establish a connection. The work around in some small routers is UPNP, which allows an application to register with the firewall for an inbound pass. However, that is generally considered very insecure, and most corporate firewalls turn it off.

We found a hidden backdoor in Chinese Internet of Things devices – researchers



name me any business of over a very small size that's going to use the 192.168 range for it's LAN

That's the point, almost no corporate lans use, so it's wide open for another infected machine to assume that as a secondary IP.

We have to overlay on one of our other subnets, on the same vlan, and provide a tftp server on it, for reinstalling certain voip phones. When you factory reset them, they don't even dhcp, they use a fixed ip on that subnet, and try to tftp their OS image from a fixed server ip.

Microsoft catches up to Valentine's Day Flash flaw massacre


VMware Vcenter

I have one thing left that needs flash, VMware Vcenter. Unfortunately, I need to use it for work. I have a separate browser just for that.

That's one example of a growing problem. Many intranets contain legacy devices that need older protocols or ciphers, but for various reasons can't be easily replaced. As the browser companies delete support for those older features, we're forced to use obsolete browser versions to talk with these legacy systems. This becomes a big problem when you have to provide a secretary with two browsers, and tell them "only use browser B for X". They often forget, and venture out on the internet with the wrong browser.

Let's replace Ethernet with infrared light bouncing off mirrors!


might be good for sensor networks

With all the reflections and interference, I wouldn't expect to get much bandwidth of of this system. However, there are things in a data center that only need limited, intermittent bandwidth, ie distributed temperature sensors.

Windows code-signing tweaks sure to irritate software developers


Re: H/W vs S/W vs cloud

"a cloud service can be built to be much more secure than most people can build their own."

"can be built", "has been built", and "has been maintained" are all very different. I've seen several cloud services that were designed with good intentions, built with the best safeguards available, but then turned over to morons to operate and maintain. After a couple years, they're worse than useless.

Stop replying! pleads NetApp customer stuck in reply-allpocalypse


IT people should be able to filter email

Anyone working in IT should know how to put filters on their email, and know not to reply all to this sort of thing. Anyone who replied into the mailbomb just announced their incompetence to the entire group.

Microsoft Germany says Windows 7 already unfit for business users


MS Access

MS Access. Probably only serious data analysts really need it

No serious data analyst would ever use a toy like MS Access. They use Teradata, Oracle, etc. For smaller things, Postgresql and Mysql are great. A real object storage system, or relational database, combined with even a little elementary script coding is far more powerful than Access.

For other types of work, SAS or R are good. It depends on what you're doing.

I've occasionally had to deal with "applications" that a consultant had written in Access. They were always horrible, and scaled very badly. They always seem to try to develop with test data of a few hundred rows. Then they're surprised when the business dumps in 100,000 rows, and their app falls over.

US cops seek Amazon Echo data for murder inquiry


buffer in ram

Why would there be anything to extract from the device? It should be keeping the audio buffer in RAM. If it were in flash, it would run through the erase cycles too quickly. So when the cops unplugged it, it should have blanked. If they left it plugged in, it should have overwritten that part of the circular buffer after a few minutes.

Christmas cheer for KCL staffers with gift of extra holiday after IT disaster


Too little

Two days of paid vacation is a nice thank you, but hardly compensates for what I estimate was several weeks of unpaid overtime to fix this mess.

'So sorry' Evernote rips up privacy changes



What are people using instead of Evernote? I'm playing with Turtl for anything private, and Google Keep for unimportant things (ie grocery lists).

Google proudly regards dented shovel as Flash lies supine on the floor


Re: Chrome will run the auto-play video ad ...

For mozilla and palemoon, put this in your user.js, or do it through about:config.

user_pref("media.autoplay.enabled", false);

It’s Brexploitation! Microsoft punishes UK for Brexit with cloud price-gouging


existing contracts and future instability

I suspect part of the price hike is to compensate for the existing contracts at lower prices. The new ones get gouged to make up for MS's losses on the old ones. Also, they may be factoring in some "insurance" for future instability in the UK pound vs the US dollar. Between BREXIT and Trump, the financial future is uncertain.

Experts to Congress: You must act on IoT security. Congress: Encourage industry to develop best practices, you say?


Standards in the US would also affect china, due to dev costs

It's expensive to make multiple versions of code for an IoT device. So imposing security standards for selling into the US will cause the IoT developers to improve their code in products released worldwide.

The same thing happened when Europe legislated Reduction of Hazardous Substances. It took a few years, but now virtually all consumer electronics meet RoHS, regardless of the country they're sold into.

Ubuntu 16.10: Yakkety Yak... Unity 8's not wack


snaps are a stupid way to badly reinvent LD_LIBRARY_PATH

For over 20 years, every version of unix I'm aware of has supported using the LD_LIBRARY_PATH environment variable to avoid library conflicts. If you need a specific version of libjpeg, just put it in it's own directory, and set the variable.

US government wants Microsoft 'Irish email' case reopened


Re: users don't control where data resides?

These large multinationals have billions in cash reserves. Why don't they buy an island, make their own country, and move their HQs there?

Having offended everyone else in the world, Linus Torvalds calls own lawyers a 'nasty festering disease'


lawyers scare deveopers into leaving projects

Linus is right about the BusyBox GPL lawsuit. Bringing in lawyers scared the developers into leaving. That ended up hurting everyone.

Programmers usually don't understand or trust lawyers. There have been too many stories about people losing everything. The developers don't want to be caught in the splash zone, so they abandon the project. It can take years to recover.

Kindle Paperwhites turn Windows 10 PCs into paperweights: Plugging one in 'triggers a BSOD'


Re: a slow motion trainwreck

"And then COME BACK because the software they need doesn't run anywhere else. You might as well be Walking on the Sun..."

Why do people keep repeating this FUD? I'm a network and systems administrator. There are only two applications I still need for work that require windows. I very seldom use either. Both run fine in VirtualBox VMs. One actually runs better in a VM than on bare metal, due to quirks in how it's networking interacts with VPNs. There used to be more, but most of them now have Linux replacements. My need for windows has shrunk dramatically over the years.


Re: is there a comprehensive list of cockups?

I would suggest VirtualBox, VMplayer, or something similar, to run windows VMs as guests on your Linux system. You can snapshot the windows image, and back out when it eats itself. It gives windows a simpler, virtual, "hardware" platform with more common drivers. It lets you sharply limit access to attached devices. For example, you can explicitly list which USB devices the VM can see. I have two of these guest VMs, one for each windows only software application I still need. Keeping them separate also keeps the apps from fighting over DLLs.

Apple is making life terrible in its factories – labor rights warriors


statistics are inadequate to draw any conclusion

This report is based on too little data to mean anything, nor draw any conclusions. On page 1 of the pdf, "http://www.chinalaborwatch.org/upfile/2016_08_23/Pegatron-report%20FlAug.pdf", the report says "Pegatron is one of Apple's major suppliers, employing almost one hundred thousand workers in Mainland China". Most of the numbers in the report are based on paystub data. However, on page 5, there is a table showing how many paystubs they analysed. Over 10 months, they collected a total of 2015 paystubs. One month, Jun 2015, they got only 4 paystubs. The peak was 1064 in Oct 2015. The average number of paystubs they got per month was 202. That is only 0.20 % of the workforce. That is not enough data to be a worthwhile statistical universe.

I have no doubt Apple is pressuring them to reduce costs. Conditions there might well be awful. However, I can't tell one way or the other from this study, because it's statistics are insufficient.