* Posts by Lorribot

429 posts • joined 13 Jul 2017


Microsoft among software titans under spotlight for restrictive licensing


No surprises

C-level execs reading licencing terms, seems a tad improbable to me. Most Licencing managers don't read them as they are too impenetrable and convoluted and most have terminology that means something different to what you understand. What is even worse if you ask a software vendor if something is allowed they will say read the licence, its like they don't even understand their own licencing or at least not confident they wouldn't tell you something untrue.

Then there is those that get with decent simple licencing and then once you are locked in change the terms to be more favourable to them.

It is also support contracts for software that is Open source, Red Hat is not particularly nice.

Then there is anything owned by Oracle like Java, you have licenced this in your environment as it came bundled in with some other software you bought and some dev thought it was free.

SQL Server admins warned about Fargo ransomware


Its a SQL server not a web server

Might just be me but "a Fargo attack starts with the SQL Server process on a compromised machine being used to download a .net file via the cmd.exe and powershell.exe consoles" would seem to indicate that the best course of action is to not allow your SQL servers access to anything on the internet.

I am sure someone will point me to a valid reason but personally I am at a loss.

Mozilla drags Microsoft, Google, Apple for obliterating any form of browser choice


Re: Chrome on desktop

Its not just OSes, Google pushes Chrome via is plethora of Web services such as Googlemail and Youtube.

It implores you to install it for a better experience, whilst also degrading performance or even breaking the service for any browser that wasn't Chrome, this is one of the reasons Microsoft gave up on its own engine and joined the Chormalikes.

Fitbit users will have to sign into Google from 2023


Now Google will know how excited you are at receiving those adverts for those heart pills you didn't know you needed since you forgot to opt out of the NHS giving Google all its data.

Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects


The attitude of some of the posters herein is exactly the reason why Linux will never be suitable as an OS for all, as newbies are often met by this sort of attitude when trying to find information.

People range from "plain stupid" through "ambivalent" to "know enough to be dangerous" and then on up to the posters levels of skill, caring and knowledge.

Unfortunately 90% of the world falls in to the first three categories and these people need to be protected from themselves, saying stupid people get what they deserve is at best condescending and shameful and at worst sneering and smug, it helps no one.

Every compromised device has the potential to be used against you and the services you use to destroy your life or business, it is us against them why do we fight so much amongst ourselves?

Will you still say they are stupid when your lights go out, bank collapses or the hospital is closed just when you need it because you were busy being smug?

Malwarebytes blocks Google, YouTube as malware


The fact that all Chromium based browsers were blocked. Likely it was calling home to Google, suggests that not even Microsoft can get all the Googleness out of Chromium, what hope the likes of Brave, Vivaldi et al?

Another reason to use Firefox.

Admins run into Group Policy problems after Win10 update


There are other options that could make you happy, you just have to take the first step

For those that hate Windows, its updates and MS generally stop using it and move to MacOS, find a Linux Distro that works for you or even sell your soul to ChromeOS.

Then you can feel smug about your choice as you have done something positive and you can get on with your life and manually patch when ever you feel like it if you even think it is a requirement.

Be happy that at least on PCs you have several choices that can fit any pocket and any personal security requirements you may have unlike mobile phones.

White House to tech world: Promise you'll write secure code – or Feds won't use it


Software is flakey and full of holes, get over it

While this a good thing as an aim, it will fail as it does not address the many issues with software development.

First you attest your software is developed with CIST, what about all the libraries and bits and bobs you have half inched from the FOSS world? Do you have to attest to them (Log4J anyone?).

Does this mean the project will be twice as long as we re-invent the wheel to ensure code security and can attest its security?

How long will that last when all these projects start to fail because of cost and time overruns so they stay where we are on 20 year old software code as it is too difficult to move on?

Want to know the future of FOSS? You can look it up in a database


What starts as good idea.......

Whilst all FOSS is created equal, they do not evolve equally, something to bear in mind when you bet your company on it for those technical reasons the boss/bill payer will never understand but will still support because he pays you so much money you must know what you are talking about.

Having made a punt on some software only to see it stagnate and finding migration to a different product convoluted at best or impossible at worst, I know these decisions can bite you hard down the road as you struggle support an old out of date and hopeless product.

Anyone that has had to manage backups, archiving or financial software or email systems will know that your are effectively stuck once you make a choice, how many people will move away from SAP gouges its customers again? These things are never easy or simple or cheap to move away from.

Ad blockers struggle under Chrome's new rules


I think you'll find that Chromium is not as Googleless as you would hope, I seem to remember Microsoft had to untangle 30 odd Google services that were hard coded in to the browser and replace them with their own, I am sure the smaller browsers such as Brave and Vivaldi leave most of those in as they have no alternative, so any Chromium browser is likely going to be talking back to Google in some form.

"it can harvest all kinds of sensitive data about you from these pages as you visit them"

This line made me laugh, Google worrying about something harvesting user data for reasons, not like they haven't been doing that for the last 20 years.

Microsoft warns of bugs after nation pushes back DST switchover


i don't think the client devices (including phones and MacOS and other OSes) will be as badly affected as the servers, these may have transactional time stamps that may have legal consequences if they are incorrect.

And don't forget all those IoT devices that may end doing weird stuff on not sending their spy data off to Samsung correctly, god it could be really bad.

Merge requests and insecure GitHub workflows may lead to supply-chain attacks


Yeap, absolutely.....er how do you do that, is that on Linux only or do I need to do something on my third party software? Sorry to be pandantic but you know, my life is complicated and i have 1000 servers, 7 different OSes and 300 different applications, which ones use that thing and how would I know?


Its open source, what do you expect?

Open source, lets rely on a bunch of developers who's focus is delivering an end product, to secure every step in the development process on every open source project correctly.

People wonder why I feel embracing open source software will bite you in the bum eventually.

Unfortunately, its not like you have a choice these days, I refer you to Log4j amongst many others that are bundled in and hidden away.

Former Microsoft UX boss doesn't like the Windows 11 Start menu either



Normally when you tick a box that makes something go away it disappears, but not in MS start menu, you can turn off recommendations but you still have the word Recommendations and the some text explaining you can add it back, taking up a third of the start menu for no benefit.

They just don't get I want gone to mean gone, not hanging round like a bad smell to remind you they know better. They whole thing is a mistake like windows 8 and should be backed out.

The central position is useful if you have an Ultrawide screen but not so useful for the other 99% of Windows users.

And why is there no real customisation and removing basic functionality like having the tool bar where you like? It all feels half finished.

Feedback seems to work about as well as complaining to BT.

Microsoft looks beyond the US with Windows Subsystem for Android


Re: Americans guinea pigs for the rest of the world

Whilst you are correct from answering the question, you miss the point.

Why ask a question about something that 95% of your customer base has no access to, without giving them the option of indicating that?

The questions and answers were framed in such a way that it was assumed you had access to it but chosen not to use it or had experienced it.

A questionnaire should allow for those who have no access to the feature to answer accordingly or your results would be inaccurate.

It is a common mistake on surveys where the questions and answers dictate the results without allowing the truth to come through.

There is a big different between 1% of respondents had tried it and 20% of those that had the feature available had tried it.


Not sure MS market realise 95% of world doesn't get it

Received a "how do like Windows 11" survey, one of the questions was what i thought of Android on Windows, unfortunately there was no option for Don't get it.

Thing about Americans is they don't realise they are only 4% of the world's population and yet they thing they are 90%.

I guess self importance counts for a lot

Scientists use supercritical carbon dioxide to power the grid


I wonder what SEG rate they got for the 10kWh they fed in to the Grid, Best at the moment is 7.5p unless you have a Tesla powerwall then it is 10p. Would be nice given all price increases that the energy people actually upped the SEG a bit.

Meta's AI internet chatbot demo quickly starts spewing fake news and racist remarks


"our systems can now understand the notion of consensus, which is when multiple high-quality sources on the web all agree on the same fact"

would it not be better to just give Wikipedia a large wedge of loose change and just use them for all factual questions? Would actually mean Google doing something useful for the rest of humanity (ie all non share holders or the other 7billion people in the world.

India scraps data protection law in favor of better law coming … sometime


Re: Well, 81 out of 99

...because the House Of Commons is such a good model on how to do things properly and clearly giving the general populous more say on employing more self gratifying idiots with their empty promises that evaporate upon election and swinging constantly between two opposing ideologies that between them have consistantly broken this country, well we can all see how that ends.

Democracy only works when you have no group/party with overall control (Germany) so progress is by consensus, one party with control forever (Japan) so long term planning can happen or the ideologies are not really that different. Countries doing well for long periods is generally despite the politicians (US) rather then because of them.

On topic. GDPR despite all is actual a pretty good bit of law, why not just copy it?

All the tech giants understand it so would be easy to implement for India. I am pretty certain Laws are not subject to copyright or plagiarism and by rewriting to be specific to India would be easier than reinventing the wheel, unless of course the Indian government had aspirations to steal their peoples data for their own benefit.....

Linus Torvalds releases Linux 5.19 – using Asahi on an Arm-powered Mac


Re: @qbix

The flaw in your statement here is that the assertion that the OS would not take advantage of the hardware, in reality i would suggest that the hardware has been designed to maximise the performance of the OS which is where the benefit comes from owning both and not something Intel or AMD would do for any OS even Windows.

With Apples M chips there will always be performance gains to be had but they may need some fundamental changes to the kernel to enable maximum use of the the specific functionality which can cause bloat or impact other hardware implementations and may not even be of value or use to most users, a bit like Intel's AVX-512 extensions that are great in very limited scenarios so is it worth making the changes to use them?

Why the end of Optane is bad news for all IT


Intel are the problem

There are a number of things here.

It was developed by Intel, they have not got a clue how to talk to people, so they dumb stuff down and sell Optane as hard disk replacement (this is the first time I have seen a proper explanation of what was intended). They over promise (I remember 1000x faster that current disks). They develop stuff so slowly (discrete graphics cards anyone) they get bypassed by more mature technology by the time they get it to market (NAND just got faster and cheaper, they just had an SSD that had no USP) and the DIMM stuff just didn't turn up any time soon, was almost as expensive as RAM (which keeps dropping in price) and only ones that could afford it were enterprise and they didn't see the benefit of persistent middle tier storage that complicated things as servers are always on. They were the only ones selling it.

If they could have been at least price competitive with or at least 5x faster that NAND then they may have been able to make a case for it, or licenced it out to HP on the cheap to develop systems to support it say alongside SAP or some of those big Oak ridge super computers, no wait they screwed that relationship with Itanium another good idea looking for a problem to solve.

Upgrading what might be the world's oldest running Linux install


No one else concerned that one of the most widely used SSH tools was hosted on such an elderly beast of a system? One would worry about the security of such an installation.

It is also a good example of just because you can doesn't mean you should.

I appreciate some people get attached to things like vintage cars, but they generally don't use them as daily drivers even if they have been patched and modified, migrating to some new hardware or virtual environment and fresh install of an up to date OS would seem the most prudent way forward.

Windows Network File System flaw results in arbitrary code execution as SYSTEM


Used NFS once because I needed a target for a bit of dumb kit that would only backup its config to an NFS share. Simple to set up and do and worked. I then uninstall the feature form the server and never used it again. Anything worth using will support FTP if nothing else so we just use that and TFTP for these sorts of things.

If you don't install the feature you won't see the problem, however it is a timely reminder that you should always patch your system after installing any feature.

And just for balance, Samba has had its fair share of woes over the years and can be a real pain to implement on some Nix a like systems and for that reason we just use FTP for file transfers.

Broadcom's VMware buy got you worried? Give these 5 FOSS hypervisors a spin


For most moving off of VMware to anything other than cloud based hosting would be very difficult due to the number of systems that integrate in such as Backups, which those of us that actually do manage this stuff have to maintain. Bear in mind that if you keep your backups for any length of time, such years, you will need to maintain a recovery environment, personally we only keep 3 months so not the end of the world but would need to find a product comparable to Veeam for any of these solutions.

Also we are using HCI with VSAN so no separate storage, we would therefore need to set up all that stuff as well, would be expensive, as you don't mention anything that is comparable in this gloss over. We also use NSX and virtual networking is also not mentioned so may be addition cost add on and complexity to move.

Hyper-v is free for most people as they probably already have per core Datacenter licences on their hosts for Windows, unless you are heavy in to Linux guests then this is probably the way most would go.

Having spent almost a year migrating 500 servers from an NSX-v platform to an NSX-t one and juggling the business requirements, other projects' needs and down time etc on what was relatively simple process, moving to another completely different platform would not be joyful or quick experience.

To me this is a case of Broadcom buying something at the peak of its value, most people in medium to large sized businesses are moving to hybrid hosting ahead of a move to cloud, solutions that offer this as a reasonable simple migration path are going to be the winners especially as hardware starts to get replaced and if Broadcom do a Broadcom and stuff it up, Microsofts Azure Stack HCI seems to offer this kind of path so would be a likely first choice for many even if like most Register readers you hate Microsoft they may just have the smoothest path when you have to deal with all those technology people that are not technology people in the business.

UK signs deal to share police biometric database with US border guards


Re: Give the murkans a break

The reason we have a monarchy is Boris Johnson and all the other career politicians that would be awful as president.

I can't think of one Prime minister we have ever had that would have been a good President.They are all a choice between pointless or megalomaniac.

We have survived as country despite our politicians causing us to lurch from one crisis to another as we flip between two opposing ideologies and from one bunch of self serving muppets to another due to the archaic way we choose our parliament which only topped by the Murkans idiotic collage system.


America does not seem to be a nice place to visit at the moment. They appear to be working through some issues, hopefully they will catch up with the rest of the planet in a few decades.

As for our government, which also appears to be working through its own issues, not least of which desperately seeking a partner to support us by agreeing to any stupid demand and not even thinking to make it reciprocal. Bunch of lame arse couch jockeys, not that any of the rest of them would be any better. Its about time we got rid of Career politicians, you get 2 terms and that is it, go and find a proper job.

What to do about inherent security flaws in critical infrastructure?


So to recap

About ten years ago it was highlighted that these systems have laughable security if any at all....mostly the latter.

Just now, another report shows that the industry has done nothing to remediate said systems or come up with new protocols and designs that are secure by default.

You were told ten years ago and you have done nothing since and are now whinging it is too difficult because there are too many things to fix, most of which can't be and yet you still installed the same old crap systems that were know to be insecure.

If you had started 10 years ago you could be shipping proper secure systems now and it would be a start, and mitigate existing ancient systems by air gapping them or firewalling them off, wht something when you can stick your head in the sand and do nothing and get paid for it.

I still remember a conversation I had with a conveyor system supplier about patching their Windows servers controlling the system, their answer was they don't support patching and we wuold need a dev system to test on, because everyone has a dev warehouse, we were also their first customer to request 2016 (in 2019) and they didn't know if it would work or not. They also have to run their software as a logged on user on a console session or it wont work.

These systems, companies and developers have fallen in to an archaic mentality and don't see the problem. If i was hacker I would be targeting them for ransomware because I bet there are running unpatched systems and have very poor security if any just like their systems.

Google location tracking to forget you were ever at that medical clinic



Option 1 buy a phone that give all your personal information to the data slurper of your choice so you can play stupid games and get harangued by work via E-mail/Teams/zoom a.n.other crummy rubbish app from the 2 gazillion on the App store because that number is important most of which also track you and record everything you say.

Option 2 buy a phone that just makes phone calls and maybe text messages. Old Nokia anyone?

"We remain committed to protecting our users against improper government demands for data, and we will continue to oppose demands that are overly broad or otherwise legally objectionable."

Good job Google have our backs when it comes to governments, now what about all those non government companies they sell my data to? Will I start getting adverts for abortion clinics if I walk past one, maybe some cold calling "we noticed your indecision as you walk past... can we help you with your life choices?"

Microsoft plans to dig through your Edge Collections to make suggestions


Free choice is a wonderful thing

When did Google ever do a new feature in Chrome that benefited the user rather than Google coffers or allowed them to influence or control the internet?

Half of MS patches these days are Chromium Bug fixes.

I don't understand why so many people (The register included) need to express their displeasure at Microsoft and their products.

If you don't like them just use something else, you're free to give your data to whom ever you wish so they can sell it back to you whether you choose Chromebooks, Linux Mac, Android or whatever as your OS its your choice, as for browsers, find one that works for you and use it, get on with your life and be happy you still get the chance to choose as monoculture is really bad.

PCIe 7.0 pegged to arrive in 2025 with speeds of 512 GBps


With the limitations on track length, complexity and quality requirements of the Mobos will increase costs big time. The fact that Graphics cards barely need PCI 4, seems to me that it is unlikely to be needed in consumer PCs by 2025, servers with dense storage and the like could fulfill a need if Nand could be driven faster or another technology comes along. Main benefit seems to me to be the bandwidth which means you need less lanes, storage devices might on need 1 lane rather then 2 or 4, even Graphics cards may only need 4 lanes rather than the 16 now, however, I can't see the mobo manufactures doing the sensible thing if they can increase prices and margins.

Microsoft forgot to renew the certificate for its Windows Insider subdomain


I work for a relatively small company but we have a ridiculous number of domains (more than a 1000) and websites and certificates to manage, oddly this falls to a team that is nothing to do with web development or website management at all, got love how organic growth of IT departments mean things end up in weird places. Just getting all our certs and domains in one place was massive piece of work, and then when the great HTTPS everything hit , well cert management is 50% of someones job.

It works pretty well but you can only provide the certs, someone has to schedule in the replacement and actually do it, yes there are automated processes but these don't always work and if someone doesn't notice then....

I would imagine a business like MS renew certs at the rate of 100s if not 1000s a day so the odd one is not not a bad fail rate, who can put thier hand up and say they have fail rate of 0.1% or better?

In a past life I was a betting shop manager, pass rate for the bet settling exam was 98% (money not bets) and that was hard to live up to.

Makers of ad blockers and browser privacy extensions fear the end is near


Browsers are a case of you get what you pay for.....

I have never used Chrome personally as I have never liked or trusted Google and I use Duck, duck go for searches.

I moved to Waterfox a few years ago, it is like Firefox with out the cruft. Never had any issues with any website and ublock Origin and DDGo Privacy all work well, again with a PiHole on the edge to keep the Samsung telly and Android stuff isolated (about 50% of blocked traffic).

I once used Youtube with out it all and it was unusable for me with constant ad breaks.

It always amazes me how much IT people don't care about their privacy and always recommend Chrome and laugh at my Firefox/Waterfox usage and not even using Google to search for stuff.

Other things are available, are better and load websites just as well. Don't fall for the hype and nonsense people who know nothing other than what that person on Facebook/Youtube said.

Linux Lite 6.0: It's quite pretty, but 'lite' it is not


"->why not bundle Microsoft Edge for Linux

I haven't tested it on Linux, but on Mac it did a lot of phoning back home to Microsoft"

Unlike Chrome which is the epitome of silence and discretion.


how about full browser choice for once

I would have thought installing Chrome, Firefox and Edge or none and and provide download options for a selection of browser from a repository and give people a free choice of who they give their browsing life to would be best route. Why do OS developers feel the need to impose their own preferences on users in this way?

An OS should have no additional software other than that required to run the OS, a GUI and a way to install and support applications the user requires. Seems not even Linux based OSes can conform to that.

Sick of Windows but can't afford a Mac? Consult our cynic's guide to desktop Linux


Re: What sickens me the most...

The OEM version of Windows being on the device is down to the supplier and they may just do it as the default or its down to whatever deal they have to save costs on the licenses, probably adds about €/£/$5 per device. Lenovo have two laptops with no OS and Dell have two with Ubuntu so just pick a supplier that does not install it by default.

Just bear in mind you may void a warranty if you install an OS that does not come preinstalled, including the Linux Distro, that is the fault of your local government implemented Laws and nothing to do with MS or your hardware supplier.


What's missing

An interesting and amusing view of Linux Distros.

Couple missing are Elementary OS, though that is more of a MacOS look alike, and SteamOS which is Valve's Game focused OS and more of an appliance implementation of Linux.

What I have found amusing in the comments is the general hate for MS and Windows, due to subscriptions and spying and yet people love Chrome, ChromeOS and Android and more than happy to allow Google to spy on their every move and even listen to their every spoken word with out any concern, maybe they are are just not aware of it as Google does not tell them it is stealing their lives and selling to any bidder in order to fund the support and development of the OSes.

OSes are expensive things to maintain, MS is just trying to find a sustainable charging model to support the cost of developing and managing an OS, all these Linux distros either make no money and developers give their time for free, rely on donations from users or corporations or use the subscription support model for enterprise versions to fund the end user version. Is it really an worse than the subs you pay for Netflix, cable, Broadband, Mobile or any other service that is provided to you?

Mainstream Linux distros often rise up on a wave of altruism as the one true Linux to bind them all, then hit the economic reality of running a business and paying salaried staff to support it and start casting around for funding, often ending up at the Enterprise doorstep cap in hand for donations or support contracts or just wilt away in to nothingness and update wasteland, maintained by a few dedicated developers that just can't let go.

BOFH: Where do you think you are going with that toner cartridge?


oh the paperless office (bit like fusion always 10 years away)

Despite people working from home for 2 years with no printers, as soon as people have return to the office they feel the need to print out their emails to read and keep copies of.

OpenVMS on x86-64 reaches production status with v9.2



Still in daily usage on Itanium where i work.

Can't wait to move it to VMware as getting hardware to work with it can be tricky. Hardware requirements and drivers have always been very specific.

Dave Cutler was involved in its conception before he moved on to NT4, Shame he never bothered to copy the Clustering in to Windows as MS version has always been on the wrong side of pants in comparison.

Twitter buyout: Larry Ellison bursts into Elon's office, slaps $1b down on the desk


Re: Dickheads?

Dickhead is nothing to do with achievements, it is all about your behavior as human being.

Elon Musk is a very successful businessman, unfortunately he is also a bit of a dickhead and not the best human being in world.


Oracle licensing would mean you would have to pay $5 for all the users every time you liked because you could have liked everyone not just the one so just in case.....

EU Apple suit alleges anticompetitive Apple Pay practices


I would love to say this should be good, but....

...even if the EU win Apple will only be obliged to comply for EU residents which we of course or not so Apple can carry on treating us like shit as our government could not be arsed to go through the same legal proceedings as we don't have a law from 1806 to cover it.

Microsoft points at Linux and shouts: Look, look! Privilege-escalation flaws here, too!


Auto update and reboot anyone?

"these should be filtering their way down to endpoints as they update their packages."

This is why Linux is more vulnerable than something like Windows, These patches are advertised why before they are available due to the end user, so teh bad guys are handed a window of opportunity on a plate. There is nothing like advertising.

Open source developers and users need to get a handle on this stuff so they can manage it a lot better so you those windows do not open.

The flip of this is that most normal people (should Linux go to great unwashed by one of those 600 distributions) would not have a clue if their distro had this or some other (if they even cared) component/library/plugin/widget and really should just set their OS to automatically (if that is an option they can find) update everything as soon as anything is released....er just like Windows does with a little pop up to tell you reboot would be good. I am sure the Linux community would be supportive of this.

Microsoft fixes Point of Sale bug that delayed Windows 11 startup for 40 minutes


Wish we could go back to terminals

SAP has Mostly replaced our VMS based system that used to manage the whole business from Warehouse to Finance on two servers in a cluster. SAP and other systems that mainly do the finance only, now uses 150 servers and the warehouse stuff will add another 30 odd.

Sometimes I wonder if all the pretty icons are worth it.

VMS also is totally secure by obscurity, though I believe Sophos does or at least did at one time do an Anti Virus solution for it.

Oracle already wins 'crypto bug of the year' with Java digital signature bypass


Oracle "those number things are hard"

i think the fact they only gave it a 7.5 out of 10 rating shows that Oracle can't do numbers

Ryzen Pro CPUs are better for work than Intel's, claims AMD


Re: Microsoft's Pluton security processor

Not entirely sure Google and MS get on, Google seem more hell bent on destroying MS at every opportunity than adopting anything they do.

However, expect something similar to this in Android and Chrome OS on ARM if it is really a spying/tracking opportunity as I am sure Google would not want to miss out on any of your data.

Google's version will obvious do no harm to anyone or actually steal any data because you have already told them to help themselves. You must remember reading it just before you clicked accept to any one of their frequent terms updates

Rivals aren't convinced by Microsoft's one-click default browser change


one rule to apply to all (OSes)

Is it possible to use any browser on a chrome book/MacOS/Android//iOS/iPadOS/Linux? Is there a pop for that? Anyone tried?

Oh of course not because everyone has chosen to send all their data and life to Google because they once said do no evil was their thing, until they beat Microsoft, now it they don't need to (even pretend to) care.

They are all rubbish and get away with it because we don't want to pay or put a bit of effort in. MS had to unpick around 33 Google services from Chromium and replace them with their, mainly so the browser would still work. Do you really think those small Chromium based browser did all that too?

Would you pay for a browser that complied with all standards and didn't send you data to any one, or even actively stopped websites stealling your data, automatically enforced minimal cookie usage. Yes? How much per year is that worth to you?

VMware Horizon platform pummeled by Log4j-fueled attacks


This is going to be an ongoing issue

One of the problems this has highlighted is the disclosure of this vulnerability came after the software was patched but before all the companies that used it were able to test across there own stack and provide the required updates to customers, as such you are left waiting for software patches from companies scrambling to do testing and releasing half fixes and thus the window is wide open for being hit by miscreants. VMware suffered badly as their software is external facing by design so would have high exposure..

Disclosure is a major issue with OSS components like Log4J as it is only worried about the source developers not how it is used in the real world over which they have no control or even knowledge.

On a separate note it was surprising how many companies said they weren't affected as they shipped with v1, which went out of support in 2016 and has a number of unpatched CVEs against it, v1 is even shipped/installed with SQL 2019 which was released 3 years after the software was end of life and still gets copied on to drives when you install SQL. Nice one Microsoft.

Linux Mint Debian Edition 5 is here


All that is good with Linux, Choice

All that is wrong with Linux "they are very likely to work, at least so long as they don't depend on a specific desktop"

Flatpack, Snaps or native?

Linux needs to stop making this stuff so hard/complicated/convoluted/clear as mud if it really wants wider adoption for the end user.

Apple has a completely closed ecosystem on the desktop, tablet and mobile, Android is more or less there and Windows just works on pretty much anything but each version is broadly the same. they all have one desktop (changed at the whim of the developer but there is only ever one for each version, except Android where Device manuafacturers/Carriers are free to make a pigs ear of things).

A small amount of choice is a good thing, vast arrays of random whimsical choices are generally not good for adoption by the mass unwashed public. Pick any industry, it will always go through the same cycle of many small companies that come together to leave just one or two, occasionally another one will pop up but the OS market is beyond that. Linux will only ever be a niche on the desktop until there is one disto to rule them all, Red Hat and Unbuntu have flattered but ultimately faltered.

This browser-in-browser attack is perfect for phishing


Re: Skins and themes

As most web browsing these days is done from Android rather than Windows or Mac and Chrome is on 90% of those machines we should be all safe as Google will have our backs and stop all this nonsense.

No wait they make all their money form adverts, and it all this rich functionality is down to them. bugger we are all screwed.

Google Maps just got lost for a few hours


People seem to think cloud services are always on 24/7 and developers code accordingly, never bothering to put something in case that free service that has no SLA just isn't available.

This always on and connected mentality even extends to developer/suppliers assuming your servers have unrestricted internet access to any web site they choose to install any python/other code are available packages from and seem to be upset/can't compute when you say, no, internal servers have no internet connection its a security risk.



Biting the hand that feeds IT © 1998–2022