* Posts by Astara

35 posts • joined 6 Jul 2016

Sun billionaire Khosla discovers life's a beach after US Supreme Court refuses to hear him out


Re: racists gonna race

Unless Brahman's are a separate race in India, it's not racist so much as "castist", as he speaks out against his presumption of caste privilege in a country that does not recognize it.

Desktop Telegram users showing off not only their silly selfies but also their IP addresses


its a matter of trimming the low hanging fruit

if you were running on windows, or from your own source build, it is likely you could monitor incoming and outgoing communications to see the IP address of another party in P2P communications. If you are running that app in an unrooted phone, then it might be more difficult to download a traffic monitor to let you monitor endpoints of p2p communication. Even so, having the app store the remote-endpoint in a local log makes it all too easy to see the remote IP, which is the main security flaw. Given enough resources, of course, someone has to know the remote IP whether you go P2P or through the server. It really becomes matter of how easy it is to use in a short amount of time -- as is true for most security options, quantum ones aside.

Softbank's 'Pepper' robot is a security joke


And how did security researchers sell their services to inventor before hand?

The security researchers are a bunch of idiots. They claim any toy needs to NOT be vulnerable to various security hacks. Baloney! The toy is not meant to be used in a hostile environment or hooked up to an outside internet. End of discussion.

Until you prove it is designed to be a network attached security product, you are an idiot if you believe that security was considered as part of coming up with a new idea. You can't saddle every toy or object ever invented with the baggage of psychopaths our culture nurtures, encourage and reward with stock options and company titles.

In most capitalistic based cultures, getting rich by turning others into human assets (or capital) and having them managed as human resources is the way businesses operate.

The internet and early computers were developed by idealistic, forward looking pioneers who fully thought there inventions were going to be used in a futuristic start-trek type world where money is obsolete and people no longer work at jobs because they need money but for self-actualization. Does anyone remember the star-trekNG episode where the hibernating/frozen capitalist awoke and found all his capital investments and projects were worthless because the idea of collecting and possessing more and more capital was obsolete? The idea of acquiring more capital so as to be able to dominate and control more people was obsolete.

Security is what you get when your ideals get jaded and you get ripped off. Eventually you get paranoid enough to think of anyone with more power is a threat that must be neutralized -- then you are ready for a position in national security.

*You can't expect creativity to flow in an atmosphere of fear*

If you focus on security, don't expect them to come up with novel new inventions other than new ways to be more secure.

None of these statements mean that we shouldn't spend on security and defense -- but doing so takes more than equivalent share out of the ability of the society to be creative and productive. Criticizing inventors for not being security experts will only suppress more invention. The research need to work alot more on social skills and how to add security than making pronouncements in public about how bad some new invention or product is because the security expert was able to find 100 new exploits. Isn't that a surprise -- the security expert could find 100 exploits (while inventing nothing) while the inventor creates 100 new products (all w/o security).

Looking at it another way -- how many security experts come up with novel products unlike anything before that have nothing to do with security? Why would they expect inventors to come up with pre-secured inventions? The security types need to work with interpersonal relationship types to find ways to get their information and services to the inventor types in a way that the inventors will want to incorporate such ideas.

Like any of that is likely to happen as long as a culture is only focused on cost & making the most money.


problem is not IoT, it's no "home (as in private) networks".

Not every toy was designed to be an internet protected appliance.

Use it at home on a closed network.

All my home devices are on a closed network and would have to, at least, go out through a proxy, so please stop portraying every network-capable device as a disaster. People need to start having 'home networks' with the same basic expectations as a home bedroom or bathroom -- something that isn't automatically connected to every hacker on the internet.

Rather that try to raise expenses and force security on every home device like toilets, toasters, refrigerators, etc... you need to focus on people having a 'home space' that includes a closed home network.

Former Apple engineer fights iPhone giant for patent credit and denied cash, says Steve Jobs loved his 'killer ideas'


Re: How should patents work?

At the very least, the fact that he mentioned the idea in his pre-employment documentation?


Re: He shouldn't also forget that Steve said....

The article said he had financial issues due to not working. The same dynamic is at work...not enough money to pay the lawyer (himself).

'This is insane!' FCC commissioner tears into colleagues over failure to stop robocalls


filtering on cellphone were callerid is included is easier than 12$/month extra cost CID on landline

I have 2 lines, one I give to businesses wanting a number, and the other for those that need to contact me. Neither phone is listed. The former doesn't have CID which is $12 extra/month. The latter I pay the extra $12 for.

Oddly enough, my computer dialed phone spam only comes in on the line that does not have caller ID -- usually at the rate of a few /week to as many as a few/day, starting at 7-8am and ending as late as 7pm. Of side interest, when I had a line problem with static on the line, the phone company began testing (for 10 days before they could send someone) on the line. During that 10 days, I received 0 (zero) calls on the non-CID phone. Coincidence?

Both lines have had similar probs in the past and they usually just try to find another pair and move me over to it -- that usually gets rid of the problem for another 18+ months. But before the line test period, I had several calls/week (usually selling credit card services) with them starting up again after the line was repaired (it wasn't out-of-order, just had some static on the line and the line w/static wasn't even the number they call in on).

Since then its back to the same -- junk calls on the no-CID line, and only "allowed" non-profit+political calls on the phone with the $150/year CID service.

So does the local phone company (PacBell->AT&T) have a financial incentive to not stop robo calls? In my case, I get relief on the unlisted phone with CID. The phone company refused to put a trace on my other line to record the incoming numbers and says it is up to me to pay for CID if I want that protection, er, service. of course even 30 years back phone companies in this area had complete logs of incoming calls, now stored for law-enforcement perusal for years.

I ask for a 'white list' service but refuse that, they also refuse to block calls w/no callerID unless I pay for callerID. Seems like the phone company has more than a little incentive to make sure everyone pays for CID as part of basic phone service.

Google Chrome: HTTPS or bust. Insecure HTTP D-Day is tomorrow, folks


HTTPS everywhere benefits google ensuring you download their ads

The main beneficial of HTTPS everywhere (given that anyone who cares about security will likely be breaking the encryption via MITM certs) is Google.

It used to be that I could store about 20% of web requests (by request or byte count...varied, but averaged out the same), locally. On some sites, that would hit 40% -- but with HTTPS -- it falls to zero. because individual requests can no longer be seen or stored.

This means good adverts that refresh each time you fetch them can be fresh each time, or all those wizzy scripts and icons... fresh each time...and it does slow things down -- house mate noticed a 50% boost in his youtube browsing with it caching all of the video icons... (not all of us are on google fiber even if it was offered in any significant market percentage)... I've never had to worry about someone altering my web pages in transit. Now -- even if you have an ad blocker -- many thing will still get downloaded before they are blocked (some won't), but so many things like fonts on every page are fairly constant as are many images and could be cached if not encrypted.

So HTTPS everywhere is helping google more than anyone else. Security my bum!

Fork it! Google fined €4.34bn over Android, has 90 days to behave


....we are approaching a time of living in "interesting times"

Except that within the smart-phone eco system, you have apple and....?

Then came google...that created an android smart phone -- except the bad thing they did was make it cheap enough for the masses. There wasn't an android market before they created it. Now others demands a piece of the pie. Why didn't they do this with apple? Apple never opened up their iphone -- still hasn't. Only reason google got hit, is that it made enough for many phone makes to get involved. If it hadn't created competition among phone makers to create android phones it never would have gotten in trouble.

They should have contracted with 'one' no-name phone maker and called it the google-phone. They might have to charge 10x (apple-like) prices for having no competition among the phone makers, but then no one would have sued them to open up their phone to 3rd competition on every nut+bolt.

It's also different from MS -- in that MS created the platform+OS 0-- then locked people out of providing competing programs for that platform, where it was clear that those apps were independent of the OS.

But in google's case, there was no way to market their product -- the search engine unless they first invented the platform to carry it. I.e the app (search) was the motivator for creation. So, now google should walk away from the platform with their app -- since they no longer have a way to ensure their app is on their platform -- they should toss the platform out to everyone and create a locked up phone like apple where only google apps would play.

With MS -- they couldn't walk away from the OS -- it was the only thing they had.

This is very backwards in so many ways.

Looks like it is war again -- commercial war -- the right of the Yankees to sell their goods w/o restrictions. Lets see how that turns out, since capitalism competes at the lowest common denominator level -- of course the citizens of the US will have to get used to poverty and income like china had 25 yrs ago...but what could go wrong w/that plan???

Can the US-elites maintain control over the populace AND control world markets?... history says not...so what will play out?.... ...

When Google's robots give your business the death sentence – who you gonna call?


and when someone working at google starts harassing you?

Who do you call?... I got a DMCA take down for my own artwork on my google-plus account. I complained -- and the response I got was that they changed it to being taken down for violating google's TOS. At that point, I asked what the violate was...but was told that someone had reported my anime-based avatar as offensive and that they weren't allowed to give any more information -- i.e. I could fight the 1st as I had the production history -- but the 2nd you can't fight. I finally found # for google's legal dept (this was at least 3 years back) and someone there looked into it -- someone inside google had a grudge against me and had banned it both times from within. I was fortunate in that I had been able to contact someone who could look into who did it, and do something about it. They told me they found the problem and that it wouldn't happen again. So far, it hasn't. But their first-line user-support answers were mostly worthless.

OpenBSD disables Intel’s hyper-threading over CPU data leak fears


People abusing the technology leads to problems...

From the parts of HW that hyper threads have shared (though they are increasingly becoming separate processes by virtue of less HW being shared as time goes on), threads were designed to speed up different threads in the SAME program.

It's never been a good fit for unrelated applications as it causes too much non-shared resource contention which can result in slower performance than running the two separate apps on different cpus.

Are your IoT gizmos, music boxes, smart home kit vulnerable to DNS rebinding attacks? Here's how to check


No sign of intelligent life....

claimed to contact several devices -- none of which I have (similar to poster at top)

Scanning {{ips.length}} IP addresses from {{startIp}} to {{endIp}}

Google Home IPs finished/started: {{googleHome.finishedIps.length}}/{{googleHome.startedIps.length}}

Roku IPs finished/started: {{roku.finishedIps.length}}/{{roku.startedIps.length}}

Radio Thermostat IPs finished/started: {{radioThermostat.finishedIps.length}}/{{radioThermostat.startedIps.length}}

Phillips Hue bridge IPs finished/started: {{phillips.finishedIps.length}}/{{phillips.startedIps.length}}

Sonos speaker IPs finished/started: {{sonos.finishedIps.length}}/{{sonos.startedIps.length}}


Don't have any of those.

Then it said:

The DNS Rebind attack was successful and a device has been found on your network. Your browser has been tricked into violating the Same-Origin Policy and HTTP requests have been made to interact with a device on your local network. The information below has been exfiltrated from your device and sent to a remote server that you do not control.



OMG!!! It sent {{d}}....NOT THAT... I've been pwnd!

Maybe he need a bit more testing on his proof of concept...

JURI's out, Euro copyright votes in: Whoa, did the EU just 'break the internet'?


Google: get out of Europe

Seriously. The EU copyright laws are not the same as those in the US.

If the EU wants to put the onus on websites instead of those actually doing the wrong -- it is up-ending safe-harbor for hosts of interpersonal communication. It's requiring pre-censoring which always gets it wrong part of the time as well as becomes a tool for political and ideological censorship.

There are enough false positives to worry me. From my own created art -- that someone filed take down notices against to harass me until I contacted google's legal department, to some claiming ownership of the "Happy Birthday" song.

With an extension of copyright on the horizon -- AGAIN. It becomes clear that "Imaginary property laws are no longer benefiting society at large, but the rich elite. In the past this has caused depressions, oppression and violence. Is that what it takes to stop this type of abuse?

If content owners want complete control of "their content", don't share it with the world. It brings no benefits worth the cost of those most selfish.

Microsoft pulls the plug on Windows 7, 8.1 support forums


MS accounts being "temporarily turned off" if not Win10?

I had an account (my own email), since 2002 that lately was only used for MS support. I didn't use it often, last was a few months ago. I logged in a few weeks ago and found the account had been suspended for either suspected hackin attempts, or spamming, or violations of the MS-terms-of-use. I was told to send myself a text message from their site to unlock it.

Thing is, they blocked my text number as well. It won't even try to send the text message, but says this number is not allowed to receive text messages.

They provide no other way for you to recover your account unless it was an MS-account on one of their mail servers.

Most of the past few attempts at asking questions went unanswered or I was redirected to the tech forum. I remember my last message was about not being able to get the event-log server running due to an error: Error 4201: The instance name passed was not recognized as valid by a WMI data provider.

I was given all sorts of steps including rebuilding the WMI store, and the event directories and performing an "in-place" upgrade/repair. Finally I was told to upgrade to Win10 where the problem was supposedly fixed. FWIW -- I wasn't the only one with this error -- others had reported it years back -- but MS either refused or was unable to fix it. If it was known to be fixed in win10, and hadn't been fixed in Win 7 for years, that seems more than a little suspicious -- perhaps I said as much in their forum and perhaps that had something to do with my suspension -- I dunno. I may never know, because none of the two support people I talked to so far, told me anything useful -- both told me the exact same info I got from MS-web pages about cause (lots of generic reasons), and recovery, send message to a text phone -- which I'd told both of them was blocked.

Maybe MS is already using really dumb AI to answer support emails they don't want to really answer?

US websites block netizens in Europe: Why are they ghosting EU? It's not you, it's GDPR


they waited 2 years for EU to fund the conversion...EU FAILED

The EU announced new rules to be put in place in 2 years -- and companies waited for the EU to provide the funding needed for the conversion. It never came. The EU had 2 years to supply the funds needed to convert websites for compliance and to provide future funding plans to those websites that needed the private info to continue their business model.

You'd think 2 years would be enough for the EU to come through with the funds to implement their new rule. But...

Guess not.

It seems more than a little disingenuous to put the blame on websites for not implementing a special solution for the EU that has to cost money, at least to implement and maintain, not to mention a special solution that may substantially impact the ability of some sites to stay in business.

Facebook faces foe formation in facial fingering fight


So a photo of a face is considered "biometric data"....???

I'm am not a fan of facebook, but if facebook is gonna get sued for something it should be something other than what one could see in a school year book. For that matter, it seems possession of multiple yearbooks or a "who's who" type book, with 1000's of photos, might be considered building a biometric database.

Sounds like a bad law to use to bring facebook down.

Get the FTP outta here, says Firefox


Re: pardon, me ignorant

I prefer SMB or CIFS myself...

:-| (str8-face)

Chrome wants to remember which Websites to silence


Will they let you mute YouTube's autoplay -- no matter what site it is displayed on?

Boffins bust AI with corrupted training data


Why is this even posted as "news"?

Give "fake news" to humans and watch them FAIL big time with all sorts of stupid behaviors.

Humans are easily "busted" with propaganda, fake news, and terror -- and they *DO* have the ability for critical thought (but are taught not to use it).

Computers -- they are just programs that are following instructions humans wrote and working up from there -- so just how much should we expect them to walk on water when we have humans easily programmed into becoming suicide bombers for some over-the-top and dangerous, monotheistic mythology. Having billions of people believing in deities that tell them to kill for this and that get spun as "protected" and "holy", while it's news that when garbage is fed to a computer, you get garbage out.

Will humans grow up before they kill themselves off? The universe is watching...

Slurping people's info without a warrant? That's OUR JOB, Google, Facebook et al tell US Supreme Court


Re: Philosophical Question

".com" et al, doesn't have the right to confiscate all your possessions w/o cause. Our government has assumed that right via property forfeiture laws. Furthermore, our government knows it is behaving against its "charter" (constitution), and goes to extensive lengths to HIDE its *illegal* and unauthorized activity through parallel construction (https://en.wikipedia.org/wiki/Parallel_construction) -- where law enforcement hides the disallowed and illegal sources of information that were illegal for use in domestic law enforcement (i.e. discovered in broad searches for terrorist or spying activities).

Virtual reality audiences stare straight ahead 75% of the time


Re: Why though?

If you are sitting on your bum, yeah, you don't need what is behind you...unless... you are playing the latest zombie slash'em game and you are a bit-part player about to have your final moment in the game (w/ 'N' other people who showed up to play the zombie version of "Who-dunit".

Just the other day, I'm running around in a 3-D environment using a 2-D view that shows me a 30-60 degree FoV. As I wait for a target I am constantly spinning my look button to get a quick 360, though usually a side-to-side quick 180 and hope no one is behind me.

What you are demonstrating is that the need for surround-view is totally dependent on the task at hand. So why are you watching a VR of you sitting on a couch anyway? Seems like that would get boring pretty quickly...

Got that syncing feeling? Cloud's client-side email problem


Will sync solutions ever use options already in place?

I've been using IMAP(s) for my email for ... about 20 years. For the most part, I use a home server as my IMAP server, since most of my email reading happens there, but even using a VPN when working "in the office"/"onsite", I had few problems ... up until the advent of local-clients wanting everything downloaded so it could be "index" and cross-referenced.

A few times having most of my 6.4G IMAP store re-downloaded into my "roaming profile", and I realized I needed to be wary of the newest and latest updates. Ended up still running Tbird 2.x because of 3.x's bad defaults and tendency to use those defaults settings on any new machine/user/account. Just 1 machine and I'd have at least 2 stores / user (local & network account) + more if I had test-users or used another login while reading email....

Anyway, just try logging in or out with a 6.4G roaming profile and see how far you get (even with a 10Gb dedicated network connection) thanks many abuses with tiny I/O sizes and small MTU's...


Linux kernel hardeners Grsecurity sue open source's Bruce Perens


Re: >Ah - much truth is claimed to be said in "jest"....

While I agree w/the bit of humor that started this, problem is that such humor can also be take as a pointed-barb by some. At the same time, some can intend a pointed-barb post, that after getting sufficient "heat", is later recharacterized as "humor" or "jest" to avoid further heat.

It's all a crappy, nobody wins area. I'm a WinLinguista, running both @ home w/Windesktop and Lin server (something both sides don't like very well)... and I, for another just wish we'd all be able to get

along... *sigh* ;^/... (including for the sake of my home network!)...

Facebook's freebie for poor people under fire again


"Partial" == 1990's internet, didn't everyone start there?

Ok, I don't like FB -- don't have an accnt, and don't visit website, BUT, can the naysayers tell me just how Zuckerberg is going to get rich on people who make 1$/day?

Ok, so they don't get 1Gb on day 1, but my first online experience was at 1200bps.

I will say they shouldn't be artificially limited -- since some group/village could get access to a local proxy at higher speeds.

Retirement age must move as life expectancy grows, says WEF


They want to raise the retirement age, but where will those people work? If they work in the tech industry, the idea of working till "retirement" would be (I say 'would be' because I know of no-one working until "retirement age" in the software industry) a joke w/age bias and discrimination. I can't see how raising the retirement age will help...

Linux on Windows 10: Will penguin treats in Creators Update be enough to lure you?


Re: Is it better than Cygwin?

The inability to open a locked file is a Windows "feature" -- I find it hard to believe that their linux implementation will be able to get around that.

The main problem is NTFS. Unlike linux, which can have data on disk pointed to by multiple names, so locking happens from the name(its "inode number), an offset and a range. But on NTFS, locks happen by locking the file's data on disk -- so another process trying to open the same area -- even by a different name, will hit the same lock. Also, on linux, files stay around until the last link or handle to the file is closed. All the links on the file system may be deleted, but as long as a process has that file open, that process can still see and read the original file. This makes it easy to replace in-use files -- currently running procs will keep using the old file until they are restarted. While new procs will pick up the new file. If you *want* to force all procs to update, you must restart the processes that hold on to the old file. On Windows, it seems you can't do that -- or can't determine who holds the file, not sure which -- either way, to replace an in use file on windows, usually involves rebooting the machine.

To really not be affected by NTFS's limitations, MS would have to provide some other file system that allows linux/unix-like semantics. I'd have a hard time seeing how that could be done in an emulation layer that operated over NTFS ...

Your next PC is… your 'Droid? Remix unveils Continuum-killer


As soon as word "desktop" includes Win7 functionality....

Gates idea for the desktop was use of 3D-features to allow for better information comprehension. Instead, w/addition of mobile "desktops"[sic], interfaces have to be dumbed down achieving lower-information comprehension. Lower-comprension, that's exactly what I see with Metro-style/icon style desktops that don't provide thumbs and fading (translucent) edges to blur edges and background windows. MS even tried forcing 1-app/desktop like Mac's, which was hugely retarded.

Some of us want large screen monitors (mine is only *medium* size @30"2560x1600) with 3D-visualizations appropriate for the application to be able to visualize and see results of multiple apps tied together. Sometime, people should look at the difference between Photoshop using advanced graphics vs. not in moving/resizing images... its night & day.

Expecting the same perf out of atoms. vs. xeons+GPU's is harmful to desktops, yet, that's what MS et al. want to do -- getting us to only expect best that *clouds* can offer -- for the masses that won't be allowed to afford desktops (since they compete w/clouds)...

Amid new push to make Pluto a planet again... Get over it, ice-world's assassin tells El Reg


Sun-Jupiter => binary system?

Wouldn't that make sun-jove a binary? How far outside the sun is it (outside 1st planet, mercury's orbit)?


Re: Large Satellites?

Isn't one of his requirements that it be spherical?

Look, no client! Not quite: the long road to a webbified Vim


Linked-examples broken: not web-based examples, but 'chrome'-based apps. :-(

I want to try some of the examples linked to, but i was told that they were not *WEB* apps, but Chrome Apps. tat I was told I would need a **special** interpreter (Chrome) to run these apps and that I should _NOT_ expect these "web apps" to run on any other web-platform (FF, Palemoon, IE, etc...).

So how are Chrome-specific apps Web-Apps?

You'll need better examples of web-apps than simply those that are Chrome-only.

Reminds me of the "good-old-days" of MS having their own web-standards that only worked in IE...

Lovely. Certainly don't need another monopoly with Google replacing MS.

Forget quantum and AI security hype, just write bug-free code, dammit


Problem w/security is lack of responsibility

Software used to be reasonable when *support* for the software was included in the purchase. Things went downhill as "support" started to be seen as its own profit & loss center. At my last job, I was written down in reviews for fixing bugs if I was in the code for some other reason. My manager said "we don't fix bugs unless there is a support-paying customer bug-report behind it". He complained about my doing too much testing on my code -- I was only suppose to get it to work -- not do extensive testing.

Another senior engineer who he went out for drinks with had told him he was having problems finishing it, but it should only take 1-2 weeks. I took 7 because the supposedly senior engineer knew nothing about multi-threaded/multi-process kernel work -- but he was real good at shooting the shit w/the ex-Dilbert-boss. Of course when I pointed out the problem, I was castigated for putting the blame on "someone else"...another sign of a 'losing culture' -- where instead of finding out where the problem is and how to correct it and prevent it from happening again, you were just supposed to "fix" it and not "assign blame" (the not-taking-responsibility problem made into company policy). Real sick.

Cheap, lousy tablets are killing the whole market says IDC


Disposable portables & replacing PC's

Saw the comment about disposability being related to not replacing PC's... Why? With all their data in the cloud, who needs a permanent local storage? (FYI -- not in this group, as don't have portable and don't have data in cloud, but on local linux file server w/50TB storage, but how long it will last? It's only 7 years old and still lots of expansion room if I can afford it...(and there's the rub))...

Hypernormalisation: Adam Curtis on chatbots, AI and Colonel Gaddafi


no access

What's an iplayer, and why won't it let anyone outside the UK watch this video?

Sysadmin flees asbestos scare with disk drive, blank pay cheques, angry builders in pursuit


"Crisis is what I pay you for"

Re: "This is what I pay you for"...

Load of doodoo! That's what any trouble-shooter gets -- except when there is no trouble -- then they get "what have you been doing and why haven't I had status reports on your progress". I.e. if you organize things to run well, you are not appreciated when things run well -- only those who are seen as doing well in responding to a crisis are seen as performing "adequately".

Motto: don't create good self-running policies and programs, but only those that create regular crises that you get credit for handling. Saw it at nearly every big company I worked for. No credit for things going well, only credit for when things don't go well and seen as hero in saving the day in the midst of a failure (that could have been prevented by a good plan -- but what's the point in that when such can get you axed as not being "useful")...

Mozilla emits nightly builds of heir-to-Firefox browser engine Servo


Amazon site uses "bleeding edge" code...

Amazon is the only site I use semi-regularly (usually more than once per month) that has triggered multiple browser crashes on their site (most often on their "welcome page").

Sometimes, I can't even type in the item I am searching for (while it attempts auto-completion) before it crashes which leads me to using Google to find the item (or class or type of item) with a "site:amazon.com" appended to the search to circumvent amazon's front page.

It's not surprising that that a new browser might have problems with it.


Biting the hand that feeds IT © 1998–2021