Posts by Kabukiwookie

Re: Thanks for clarifying.

Sometimes small words, talking slowly and repetition isn't enough to guarantee understanding.

That's because you forgot to add 'louder' to that list...

Re: We take the protection of our customers’ data very seriously.

fining a company some large percentage of their global takings is a pretty decent incentive.

Fines will be borne by the company, which will translate it into their cost. This means that with the large oligopolies that we're currently having, the customer eventually pays for the f**k-ups of poor management.

I am not saying CTOs should immediately go to jail without any investigation, but if their Security Officer has been warning the CTO time and time again that things need to be improved and the CTO doesn't act, the CTO did not perform his/her 'due diligence'. This should be at the very least a fire-able offence without pay / golden parachute.

The issue I have with this is that even if this happens (it does not), that incompetent previous C-level manager will happily start working somewhere else at the same level, due to his golf-buddies and f**k things up there.

Jail time seems to be the only way to actually get the message across. It doesn't even have to be years (I am actually against long incarceration), but even a few months being deprived of their freedom will quickly change not only their perception of the seriousness of the job, it will also change the perception of the next board looking to hire C-level managers.

I have no problem with competent managers being compensated properly. I have a problem with bumbling fools being elevated above their capabilities, f**king up things for all employees in the company, then move on to the next one using their golden parachute.

Indeed.

This is good advice:

https://xkcd.com/936/

Re: Question:

Simple. Alice goes to jail or gets find $50,000.

Re: A great start

My thoughts exactly.

What are the chances that any of the embedded security people gets cut off at the knees when complaining about a security issue that needs to be fixed that endangers the delivery date of a new feature?

Without a direct connection to C-level management, any push for security will be doomed to fail.

Re: They are running code in my machine without my explicit consent for their own benefit...

Law supersedes any wording in private contracts if the private contract breaks the law.

Re: Eggs out of pancakes

Literally, the signal-to-noise of what they want plummets the second that you capture ordinary people in the loop

That presumes that the real reason is an attempt to capture the 'bad guys'. Problem with that again is thay the definition of 'bad guys'is constantly shifting.

Re: Security through obscurity?

It's Symantec, did you have any other expectation?

Re: Two Russia cyber stories ..

Can't imagine why anyone would have a negative view of Putin

It's just that a lot of people are tired as fsck about articles with a lot of whataboutery. For some reason, you don't see similar articles about US run sites like CERT, which for instance completely lacks any mention of where Student originates from (who'd have thunk it), but you don't see articles being written pointing this out (and that's good, because it would be just as useful as an article pointing out that water is wet).

Everybody already knows that each government has their own intelligence machine and their own political motivations to point out what their 'enemies' are doing because they're evil.

Please keep technical articles technical.

And btw; insinuating that anyone complaining about this sort of this is a putinbot is so last year.

Re: Home-written HTTP servers

That's why I always use my Bash HTTP Server.

https://github.com/avleen/bashttpd

stopping free banking for the general public.

Which part of the planet do you live where the general public gets 'free banking'?

Re: "... charged with insider trading – and has promised to pay back his alleged ill-gotten gains."

Only if you're C-level management.

Re: Seriously?

if you don't understand the difference between a freely elected government and a government ran by a pseudo-dictatorship which invades a peaceful nation and runs hundreds of thousands of people out of their home at gunpoint.. then I believe you have a lot of research and self-reflection to do.

Indeed, the false choice in the US between a turd-sandwich and a shit-bagle can't actually be called a democracy.

Along with their lang-standing tradition of overthrowing democratically elected governments in other countries they don't like, they should be stripped of their veto power in the UN.

Or is that not exactly what you had in mind?

Slippery slope?

Not sure what the 'cure' term is in GPLv3, but while in this extension the time in which a licence breach can be fixed in 30-60 days (if caught at all).

What's stopping all the proponents for this addition to GPLv2 to slowly start extending this 'cure' term to 144 years?

Re: Invest in hard drives

EVERY rightsholder supply free copies (or hashes) of EVERY copyrighted work to EVERY Web site?

Free copies? No, not free. Anyone who's required to implement these measures can probably buy a solution with a hit ratio of 1%, with a forced subscription model to ensure the signature database is updated at regular intervals.

Re: Aladdin

They'll want to monetise it somehow

They'll have access to lots and lots of private repos, full of IP of companies doing software development.

Re: Credibility

Compulsive liars, need to prove they're not lying this time.

Interestingly, this was immediately attributed to North Korea, while if you check for Stuxnet on the same site, there's not a single link that implicates the US and/or Israel.

For some reason it looks like 'technical' statements from US Cert are highly politicised, and that should already be a reason to take anything they say with a grain of salt.

UN has pretty much been crippled by politics and made meaningless for a long time.

Yes it has, but the value of the UN and active participation is seriously hampered by the few countries that have 'veto' rights. This essentially means that as a non-veto country the only way you can pass any significant changes is if you make sure any proposal you want to pass is in the interest of the countries that do have veto rights.

The only way to fix this is to remove veto rights completely.

Re: "If you whack governments on privacy it will only drive the vulnerability market."

ruthless but selfish minorities.

Of course, if you look at history, it's always the minority groups with no power who abuse said lack of power.

Some people who see 'evil terrorists' in every nook and cranny, don't seem to understand how power corrupts selfish humans who should be working for the good of general population.

Re: Copyright extensions need to stop

Not only this, but copyright should only be given to natural persons, not corporations.

Re: Agile is b*llocks. Any non-idiot knows this.

'using the cloud' is nothing more than putting your balls in someone else's vice and hoping they know which way to twist the handle,

Utter brilliant; I'll definitely be ripping off your comment and will randomly throwing it into polite conversation.

"release now and download updates/fixes later

You mean make customers buy DLCs later, once they're already committed.

Re: Am I missing something?

Surely they need full access to the target users computer not just the target's email account.

No, just having an email file itself allows an attacker to modify it, resend it and have (part of) the encrypted content fed back to the attacker as a URL that attempts to connect to an HTTP capable service owned by the attacker, due to the way that some email clients handle poorly formatted HTML in emails.

This is however only possible if the email client actively connects to URLs embedded in emails to retrieve content and the attacker must already have access to the emails, which mean either access to a user's account or access to a mail server.

The main group at risk of this, may be whistle blowers and political activists targeted by nations states who have access to email servers that contain a copy of the mail with encrypted content already and then only if they are using one of the affected email clients that allow retrieval of dynamic content in HTLM formatted mail.

Re: AC AC Cognitive Dissonance

why should the US burden itself by taking refugees who are unskilled from "sh*thole" countries - such as Haiti 

Maybe because the US is one of the greatest 'contributors' of turning countries into 'shitholes'. Either by bombing them back to the stone age or overthrowing democratically elected governments, because their interests conflict with the interests of the US.

Re: Spherical wheel is superior.

I do know that I never saw a non-distribution provided init script that handled correctly the basic of corner cases – service already running

This only shows that you don't have much real life experience managing lots of hosts.

like application double forking when it shouldn't

If this is a problem in the init script, this should be fixed in the init script. If this is a problem in the application itself, it should be fixed in the application, not worked around by the init mechanism. If you're suggesting the latter, you should not be touching any production box.

"La, la, la, sysv is working fine on my machine, thankyouverymuch" is not what you can call "participating in discussion".

Shoving down systemd down people's throat as a solution to a non-existing problem, is not a discussion either; it is the very definition of 'my way or the highway' thinking.

now in the real world, people that have to deal with init systems on daily basis

Indeed and having a bunch of sub-par developers, focused on the 'year of the Linux desktop' to decide what the best way is for admins to manage their enterprise environment is not helping.

"the dogs may bark, but the caravan moves on"

Indeed. It's your way or the highway; I thought you were just complaining about the people complaining about systemd not wanting to have a discussion, while all the while it's systemd proponents ignoring and dismissing very valid complaints.

Re: Sense of humor

I feel sorry for all bears living in the US.

At least in Canada people don't have the right to bear arms.

Re: I don't understand...

So what's the added value aside from having to additonally maintain a blacklist (if that's your thing) and constantly having to deal with systemd dependency issues as systemd swallows up more functionality over time.

Along with the fact you'd be making a statement when dropping Debian, there seems to be no reason for not switching to Devuan.

I've been a rabid Debian fan up until they adopted systemd.

Now it's Devuan all the way. At least that distro's maintainers seem to be concerned with stability and manageability of the OS, instead of attempting to make themselves seem more important by adding new unnecessary features and with new security holes and then slowly increasing the scope of their project.

Re: Binding Protocol?

That's why the US does not acknowledge the jurisdiction of the International Court of Justice.

Not only that, the US will invade The Netherlands if there's ever a USian brought to trial there.

https://www.csmonitor.com/World/Europe/2009/0213/p05s01-woeu.html

Of course people don't like USians, because of their 'freedom', not because they threaten anyone at any time for any perceived sleight.

Re: beggars belief

Yes, you can pay for the privilege of your data to be mined.

At least Google doesn't require you to pay to give them your data.

If your only tool is a hammer, every problem becomes a nail.

Re: Who Ever Thought It A Good Idea To Buy . . .

Very good observation.

How would the battle of Britain have gone if Spitfire engines needed to be shipped across to Ireland if they needed to be overhauled.

This just demonstrates that the F35 is a dead duck. Very expensive fireworks once they fly over territory that's covered by S400 air defence.