* Posts by detuur

26 publicly visible posts • joined 20 Nov 2017

Europe's USB-C deadline: Lightning must be struck from iPhone by December, 2024

detuur

Re: Astonished

Every time someone says they're worried that "my phone can't take all these amps pushed into it", somewhere in the world, somewhere where it's currently night, a baby wakes from its sleep and starts crying.

D'oh! Misplaced chair shuts down nuclear plant in Taiwan

detuur

2023 is when its operating permit expires. This doesn't mean that it's going to shut down then, necessarily. Usually permits are extended. Only if the political winds have shifted and/or there are major security failings do such extensions fail to materialise, and the plant gets shut down.

Brexit freezes 81,000 UK-registered .eu domains – and you've all got three months to get them back

detuur
Holmes

Re: I want a .EU domain...

Isn't the continent called Oceania in the first place?

New lawsuit: Why do Android phones mysteriously exchange 260MB a month with Google via cellular data when they're not even in use?

detuur

Re: How

Consider using airplane mode. Perhaps that implicitly disables that warning message.

'I am done with open source': Developer of Rust Actix web framework quits, appoints new maintainer

detuur
Unhappy

Let's not forget that the commotion only really started when a helpful lad—at the maintainer's request, mind you—wrote a patch fixing a race condition and his only response was "this code is boring".

After four years, Rust-based Redox OS is nearly self-hosting

detuur

Re: what problem is it solving?

Redox seems to be a solution in search of a problem.

As neat of a project as it is, I really don't see a purpose for it. It's a playground for its developers to have fun writing an OS. To call it a toy OS would be unfair considering the amount of work gone into it, but I struggle to give it any more purpose than TempleOS (at least that one had a self-hosted compiler).

You'e yping i wong: macOS Catalina stops Twitter desktop app from accepting B, L, M, R, and T in passwords

detuur
Holmes

or retweeting Black Lives Matter posts

Is HONK nothing sacred HONK? It's 2019 and an evil save file can pwn much-loved HONK Untitled Goose Game

detuur

Exciting.. Or it used to be

Save file vulnerabilities used to be a prime method of running unsigned code on consoles in order to jailbreak them. Unfortunately modern consoles do not make save games user accessible anymore.

GIMP open source image editor forked to fix 'problematic' name

detuur
Facepalm

The name is too offensive!

—they said, so they forked it on git.

Struggling with GDPR compliance? Don't waste money on legal advice: Buy a shredder

detuur

See this as an opportunity

I've started putting "GDPR Compliant" on my resume and I've been getting a lot more calls back.

Blighty: We spent £1bn on Galileo and all we got was this lousy T-shirt

detuur

Re: Meh

If that's true then it sounds like a great model for Britain-EU cooperation going forward then. You guys pay and build the satellites, and we'll just keep them. I can totally support that.

But somehow I doubt you "did rather well out of it".

Anon man suing Google wants crim conviction to be forgotten

detuur

Re: Right to be forgotten

The issue is not the availability of the records. Right to be Forgotten does not, as is popularly believed, compel this data to be purged from the internet. It compels that this data is removed from any *profile* that companies hold on you (public or not). Google's search engine and strong capability to summarize information means that when you search for a person's name, you receive a compiled list of information and links that are, taken together, essentially a profile. When the search result includes spent convictions, that's when RTBF springs in action.

According to RTBF, a spent conviction is no-longer-relevant information, unless there is a good reason it isn't. Good reasons could be for example exceptionally notorious, serious or heinous crimes, or crimes committed while in a public office. This is information that people *should* reasonably have access to, even after the conviction is "spent".

But, after such results are expunged as part of RTBF, an important thing to note is that this information stays available. More specifically, a targeted search is allowed to turn up this information with no qualms, as it can no longer be considered a general profile any longer. So "convictions ABC" is a search term that is perfectly allowed to serve these "censored" results. (IANAL so this explanation is a product of my own, limited, understanding of a complex piece of legislation.)

Is it a bird? Is it a plane? Is it a giant alien space cigar? Whatever it is, boffins are baffled

detuur

Baffled boffins buffalo over broad boulder

And they're bummed it's not bigger.

Apple will throw forensics cops off the iPhone Lightning port every hour

detuur

Re: Just wondering

I can't imagine that the RTC or NAND being relied on by the Secure Enclave Processor would be vulnerable to external hardware attacks. They are most likely part of the same die as the processor which means it's impossible to access them directly.

How life started on Earth: Sulfur dioxide builds up, volcanoes blow, job done – boffins

detuur

Re: Ashes to ashes

Volcanoes

detuur

Ashes to ashes

They've given rise to humans—and if we piss off Mother Earth for much longer, they may decide to put an end to us.

We sent a vulture to find the relaunched Atari box – and all he got was this lousy baseball cap

detuur

Re: Atari controller?

You hit the nail on the head. I'm an electronics/IT engineer and I'm friends with quite a few industrial designers. So many of their ideas and concepts are so entirely detached from physical plausibility that could be rectified by just having one person on board who vaguely remembers using a RasPi a long time ago. I have the impression that they're educated in a complete vacuum, unaware that engineers or practicality even exist.

ESA builds air-breathing engine that works in space

detuur

I'm still upset SABRE isn't a large priority to ESA. Could revolutionise cheap launch platforms but instead being given a "fusion never" budget.

UK ICO, USCourts.gov... Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned

detuur

Don't load third-party scripts

Just don't do it. It's not worth it. We're seeing reports now nearly every day that third-party scripts, usually ad platforms, get hijacked and that high-profile websites start dropping malware or running coin miners.

Besides, I question the practice of government websites connecting to third-party domains. If you're running a gov site, security is a top-tier priority. This time we had a script being hijacked for coin miners, but what if it got hijacked by credentials-stealing code? Gov sites deal with highly sensitive information, and as such shouldn't run any code that its maintainers aren't 100% what it does. Concretely, what this means, is that they should host their own instance of the service and serve the scripts from their own domain. That this isn't already established policy amounts to sheer lunacy.

‘I crashed a rack full of servers with my butt’

detuur

> After any significant change I make copies of the project directory with a yyymmdd_hhmm suffix.

Sounds like you just need a decent version control system like git.

OnePlus minus 40,000 credit cards: Smartmobe store hacked to siphon payment info to crooks

detuur

Are European cards vulnerable?

Whenever I pay with my Belgian prepaid mastercard, the payment processor refers me to my bank's verification page, where I need to perform a challenge-response routine with my TAN generator, card, and PIN. I've only ever encountered exceptions with Amazon, but I don't remember if they asked a verification for the first payment (and are only exempt for follow-up purchases), or if they never asked at all.

So I would assume that crooks, when trying to pay with my card details, would encounter the same verification wall. Thus making my bank details safe. Is that right?

Facebook settles landmark revenge porn case with UK teen for undisclosed sum

detuur

This is a mentality issue

The fact of the matter is that whoever posted these pictures didn't stop to think "hey, I'm posting child porn on facebook". Same thing goes with teens exchanging nudes they get from their teen hook-ups. When I was a kid, edgy as I was, I liked to browse 4chan's /b/. And tried as they might to prevent it, at one point I discovered some sick fuck posted child porn on there. Even though the girl in the picture was probably around my age and thus not very distinguishable from current-day teen nudes, my first reaction wasn't "cool I should share this with my friends", it was more like "OH FUCK NUKE THE DRIVE".

People of all ages are posting private pictures of hook-ups, girlfriends, ex-girlfriends, wives, ex-wives around with impunity, without regard for personal integrity, without understanding it's now on the internet forever, because everyone is doing it and no one ever faces consequences. Start treating even just tangential participation in sharing these intimate pictures as a serious crime, and it will cease being a mainstream issue. Once the sources of these pictures dry up (the people sharing what ought to be private), the only things left to repost will be those pictures shared with consent. No one's going to risk burning themselves on highly illegal pictures when there's plenty of promiscuous people who like having their pictures shared. People will see those who share those pictures as the scum they are.

It's a big mentality shift, but it's possible. Mainstream Western attitudes to women's rights and racism have undergone similar changes.

Oracle still silent on Meltdown, but lists patches for x86 servers among 233 new fixes

detuur
Devil

"Clear communication" is probably an optional extra that you can tick on the contract. It's on page 162 and requires extra signatures on pages 48, 198, 67 and 115 (in that order).

You GNOME it: Windows and Apple devs get a compelling reason to turn to Linux

detuur
Linux

Re: How do you know if someone uses Arch Linux?

Literally no one of the daily Linux users I know, all Debian, Ubuntu, Fedora and even Arch/Gentoo users, really pays attention to distrowatch (or even knows what it is). Mint being popular on distro watch says just one thing, which is that it's popular with distrowatch frequenters.

The most popular distro on 4chan's /g/ is Gentoo but you don't see me peddling that as some kind of proof that it's the most popular distro _out there_.

OnePlus 5T is like the little sister you always feared was the favourite

detuur

Re: still on oneplus one

Also still on OPO, but it's starting to show its age. Stuck on CM13 (jgcaap build) because that's the last version you could get the superior camera blobs to work. Performance is noticeably choppy by now. Battery only lasts a day on moderate use. I'll be switching to something new in 2018, but the OPO got a hell of a run. Hope the replacement is going to survive the regular drops I put my phone through.

Some 'security people are f*cking morons' says Linus Torvalds

detuur

Re: Exercise stack to avoid everything living in registers

Have you heard of our Lord and saviour Rust