* Posts by It's just me

69 posts • joined 2 Aug 2018

Page:

Debian 'Bullseye' enters final phase before release as team debates whether it will be last to work on i386 architecture

It's just me

Re: Debian Bullseye 32 bit

The difference can be significant. Several years ago I ran some tests, I configured 2 identical bare bones Ubuntu server VMs running Apache, one 32 bit and one 64 bit. The 32bit system used 170MB RAM while the 64bit system used 270MB.

America says banks can now transact using so-called stable crypto-coins. What does that actually mean?

It's just me

Re: The long march

I'm not so worried about criminals breaking another law. As you say, they will always find ways to hide their actions. I was arguing against your point 3 which boiled down to "you have nothing to worry about if you have nothing to hide" I'm more worried about the government using these laws to persecute and/or steal from lawful users of the system. Lowering the "suspicious amount" threshold from $10K to $3K means that a lot more innocent transaction will come under their scrutiny and there are already too many examples of people being relieved of their money by the authorities for the "crime" of carrying too much cash.

It's just me

Re: The long march

You say "Structured transactions are one of the core features of these systems." However, the regulations that mandate currency transaction reports (CTR) on transfers over a certain amount also make structuring transactions to avoid the CTR illegal. So you are giving the authorities a very low threshold to harass anyone they take a dislike to as well as increased opportunity for outright "legal" theft, see the abuse of civil asset forfeiture.

Attack of the cryptidiots: One wants Bitcoin-flush hard drive he threw out in 2013 back, the other lost USB stick password

It's just me

You can. The thing is, back when they got the Bitcoins they weren't worth thousands of pounds, so they didn't bother to back them up. Now they wish they had.

Linux developers get ready to wield the secateurs against elderly microprocessors

It's just me

Re: People still make these older CPUs last I checked...

64bit also has greater memory costs. A number of years ago I ran some tests, I configured 2 identical bare bones Ubuntu server VMs running Apache, one 32 bit and one 64 bit. The 32bit system used 170MB RAM while the 64bit system used 270MB.

US Treasury, Dept of Commerce hacks linked to SolarWinds IT monitoring software supply-chain attack

It's just me

Re: Re:Don't Panic Too Much,They're Surely Insured.Successfully Sue Bill or George or Mike or Who?

Expand that graph from 1 day to 1 week - they lost 17% over this weekend.

Google reCAPTCHA service under the microscope: Questions raised over privacy promises, cookie use

It's just me
Terminator

Re: reCAPTCHA only issues

Probably to block automated credential stuffing attacks, which are rampant. Not that I approve of Google's snooping, but some form of CAPTCHA is necessary for just about any internet facing service now.

Did Arthur C. Clarke call it right? Water spotted in Moon's sunlit Clavius crater by NASA telescope

It's just me

Re: So, to get 1 liter of water you need to process 3 cubic meters of regolith

Gold is extracted from ore with concentrations of 3 parts per million, so if it's of sufficient value, low concentrations shouldn't present an obsticle.

Big IQ play from IT outsourcer: Can't create batch files if you can't save files. Of any kind

It's just me
Facepalm

Re: More than once ...

Reminds me of back when NT4 first came out, a user secured their brand new desktop by changing the NTFS ACLs on the entire C: drive so only they had access.

Windows didn't appreciate System being denied access to C:\Windows\.

Engineer admits he wiped 456 Cisco WebEx VMs from AWS after leaving the biz, derailed 16,000 Teams accounts

It's just me
Happy

Re: And the point is...

That's an unusual implementation of single sign-on.

Tens of millions of Internet-of-Things, network-connected gizmos at risk of remote hijacking? Computer, engage shocked mode

It's just me
Unhappy

Re: Details needed

On the JSOF site they have a video of them exploiting the flaw against a HP printer, a UPS, a smart light, a Digi board and a medical pump. According to the messages displayed during the exploit the devices were behind a NAT and the exploit was delivered in DNS replies from a malicious DNS server. Other methods mentioned in their "Risk Evaluation and Mitigations" include fragmented packets, broadcast & multicast traffic and ICMP.

To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it

It's just me
Mushroom

I've been getting a phish from "American Express" sent through SendGrid about once a week for the last month. I've reported them all to spoof@americanexpress.com and abuse@sendgrid.com but nobody appears motivated to stop them.

Real-time tragedy: Dumb deletion leaves librarian red-faced and fails to nix teenage kicks on the school network

It's just me
Angel

Re: My uni had similar rules :)

Us true admins were the ones running the quake server on the network for lunchtime and after-hours "network latency testing" and ops team-building.

It's 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either

It's just me
FAIL

Re: Why the Details pane?

If I recall correctly, for at least some file types, Windows runs the file in the associated application in order to extract that metadata.

Wake me up before you go Go: Devs say they'll learn Google-backed lang next. Plus: Perl pays best, Java still in demand

It's just me
Happy

Was that some Perl code you ended your comment with?

Microsoft boffin inadvertently highlights .NET image woes by running C# on Windows 3.11

It's just me

Re: BTW if you need a cross-platform GUI development solution

> you get a fairly large (10 Megabytes) static binary

Turning off debug info can shrink the executable size 90%.

Are you getting it? Yes, armageddon it: Mass hysteria takes hold as the Windows 7 axe falls

It's just me
Linux

Re: one would think

Microsoft already owns the Lindows trademark.

In 2001 the founder of mp3.com released a Linux distribution names Lindows OS.

Microsoft sued them in 2002 and in a 2004 settlement MS gave them $20 Million, they transferred the Lindows trademark to Microsoft, and changed their name to Linspire.

https://www.operating-system.org/betriebssystem/_english/screen_gallery.php?bsgfx=linux/lindows/shot0-scr-.jpg

Step away from that Windows 7 machine, order UK cyber-cops: It's not safe for managing your cash digitally

It's just me
FAIL

Re: Upgrade from Windows 7

Unless you surf to such malicious sites as the BBC, The New York Times Online, The London Stock Exchange, Spotify and The Atlantic. All of which have in the past served up malware in the ads they display to their viewers. Just because it's a reputable company doesn't mean that crooks haven't found a way to inject malware into their site.

H0LiCOW: Cosmoboffins still have no idea why universe seems to be expanding more rapidly than expected

It's just me

Re: the Hubble variable

Maybe it's a just-in-time or interpreted universe.

Rowhammer rides again as FPGA attack, RSA again reportedly up for sale, anti-theft kit to nuke laptops, etc

It's just me

Re: Rowhammer/JackHammer

As much as I would like that, I doubt it, as a prerequisite of these attacks is for the attacker to already have their code running on the victims computer. In the case of consumer devices it's already game-over at that point. The only place these attacks are really a concern is situations such as cloud computing where you share the hardware with untrusted third parties, or perhaps DRM where the untrusted party is the owner of the hardware.

Latitude 9510 lappy has a speakerphone so you can tell the conference call all about your 30-hour battery

It's just me

Re: Speakerphone

It doesn't mean they are doing it, but when there are additional microphones available then some advanced signal processing and noise cancelling algorithms can be employed to give better audio quality.

It's just me

There are several things that may limit a system to 2TB. MBR formatting has a 2TB limit and certain SCSI commands have a 2TB limit. So if the system doesn't support UEFI booting to a GPT partition with a 64bit OS or it doesn't support LBA64 then it might have this limit. Or they might not want to list all the caveats or deal with the increased support load and its simpler and cheaper to just say they don't support it.

It's just me
Unhappy

Re: 30-hour battery

No, We've had to replace swollen batteries on probably 10 to 20% of our Dell laptops over the last few years, over 50% of the XPS and Precision laptops purchased 2016-2017 had this problem. Dell did proactive replacements of a number of them in early 2017.

Managing the Linux kernel at AWS: 'A large team of security experts' dealing with fallout from Spectre, Meltdown flaws

It's just me

Re: How many attacks?

The problem is, with most of these attacks, there is no noticeable effect on the targeted system. So unless the crooks/hackers/TLAs screw up in some other way, you may never know you were attacked, what they got, or how they got it.

Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much

It's just me

Re: Unblockable email

Most spam I see comes from random or fictional addresses so a block list doesn't help in many cases, I recently found gmail bounces incoming email that doesn't provide a From: heading.

Close the windows, it's coming through the walls: Copper Cthulu invades Dabbsy's living room

It's just me

Re: Tone tracker

Unless you pay extra for the shielded stuff, Cat5 & 5e is UTP (Unshielded Twisted Pair)

That code that could never run? Well, guess what. Now Windows thinks it's Batman

It's just me
Linux

You do know sudo can be used to run processes as users other then root? These are exactly the type of people who should be restricted by a very tight sudo policy.

Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol

It's just me
Boffin

Re: So, for the simpletons like myself...

You should be able to, at your router, block traffic to the DoH IPs that Firefox uses - ping mozilla.cloudflare-dns.com and then block the IP(s) it resolves to. Currently it resolves to 104.16.248.249 and 104.16.249.249.

It's just me
Big Brother

Re: not going to work

It's known as MITM or MiddleBox TLS interception/inspection. Doing it without raising a warning/error on the client requires that either you get your own certificate installed as a root CA on the client, or you are able to obtain, via theft or coercion, a signing key from one of the several hundred CAs your browser already trusts.

One man's mistake, missing backups and complete reboot: The tale of Europe's Galileo satellites going dark

It's just me

Re: Oh yeah?

Probably the same rogue engineer that worked for some auto manufacturers.

Blood, snot and fear: Why the travelling lone tech reporter should always knock twice

It's just me

Re: Bah!

The majority of times the latch was used, there was no story.

It's 2019, and Windows PCs can be pwned via a shortcut file, a webpage, an evil RDP server...

It's just me

Re: "exploits in the wild"

Actually they did report on this:

https://www.theregister.co.uk/2019/08/30/google_iphone_exploit_chain/

The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network

It's just me

Except Nagle is often disabled for interactive sessions such as SSH.

Call Windows 10 anything you like – Microsoft seems to

It's just me
FAIL

Re: "Naturally, all user data is wiped with this option"

But windows explorer still doesn't know how to properly deal with the folder mounted partitions. If you have a 1GB D: and have a 1TB partition mounted on D:\Data\, using explorer to try to copy a > 1GB file from elsewhere to D:\Data\ fails with a insufficient disk space error.

Brits are sitting on a time bomb of 40m old electronic devices that ought to be recycled

It's just me
Happy

Re: Tell Apple that..

> I made 2 working HP laptops from one broken laptop by swapping parts.

That's amazing, how did you do this?

This summer's hottest sequels: BlueKeep II, III, IV and V – the latest wormable RDP holes in Microsoft Windows

It's just me

Read The Fine Article

From the article itself: "mitigations or workarounds... turn off, or firewall off, RDP services"

Y2K, Windows NT4 Server and Notes. It's a 1990s Who, Me? special

It's just me

Re: Even to this day...

RE: ghost systems

A few months back we had an AWS instance that experienced some hardware failure, was given the commands to shut down, and then restarted so aws brought it up on different hardware. But the old zombie instance kept running for a couple weeks with us having no way to access it, but it continued to send notices and warnings that took a while to track down as there was no trace of them on the supposed source machine.

LibreOffice handlers defend suite's security after 'unfortunately partial' patch

It's just me
Headmaster

Re: age of code

That's SSLeay, by Eric Andrew Young

Literally braking news: Two people hurt as not one but two self-driving space-age buses go awry

It's just me
Happy

Re: 9mph!!!

Oh no, not the comfy chair!!

I don't know but it's been said, Amphenol plugs are made with lead

It's just me

Re: Soon... soon....

Just waiting for the statute of limitations to expire, huh?

Here's a great idea: Why don't we hardcode the same private key into all our smart home hubs?

It's just me
Linux

Re: Not just IoShit

I discovered the same problem in an open-source intrusion detection system distribution a year or two back as well. Every installation from the ISO they provided would include the same SSH private key. I notified the author and in less then a day they had a new ISO posted with a modified installer that generated a new key during installation.

Google's reCAPTCHA favors – you guessed it – Google: Duh, only a bot would refuse to sign into the Chocolate Factory

It's just me
Terminator

aMfM?

What score does he get?

Out of Steam? Wine draining away? Ubuntu's 64-bit-only x86 decision is causing migraines

It's just me

Ubuntu 18.04 is not anywhere near EOL, it is the current LTS version and will receive updates for the next 4 years.

If Uncle Sam could quit using insecure .zip files to swap info across the 'net, that would be great, says Silicon Ron Wyden

It's just me

Re: Sensitive documents - with NIST?

NIST stands for National Institute of Standards and Technology and they develop Federal Information Processing Standards that all federal agencies must follow. Among others, their Special Publication (SP) 800 series present information of interest to the computer security community. The series comprises guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities. SP 800 publications are developed to address and support the security and privacy needs of U.S. Federal Government information and information systems.

https://www.nist.gov/itl/nist-special-publication-800-series-general-information

It's just me

Re: Strong encryption for the masses? Since when?

> ... six of the most honest of senators ...

Could you find that many?

Ubuntu says i386 to be 86'd with Eoan 19.10 release: Ageing 32-bit x86 support will be ex-86

It's just me
Linux

32 bit VMs

One thing I used 32 bit linux for was lightweight single purpose VMs, if you are using < 4GB RAM then a 32 bit system uses a lot less resources. A number of years ago I ran some tests, I configured 2 identical bare bones Ubuntu server VMs running Apache, one 32 bit and one 64 bit. The 32bit system used 170MB RAM while the 64bit system used 270MB. So in this case the 64bit system used over 50% more ram just to accomplish the same job and I could run quite a few more 32bit VMs on the same host.

Microsoft emits free remote-desktop security patches for WinXP to Server 2008 to avoid another WannaCry

It's just me

Re: XP What? Where?

I believe the TeamViewer host maintains an outgoing connection to the TeamViewer servers to facilitate connections from behind a NAT router. So, unless there are additional considerations, you should be able to use a strict firewall that denies all connections coming from the internet and just allow connections initiated by the XP machine.

It's your what in a box? Here's a thing to make your bosses think about malware responses

It's just me

Apparently Americans are not part of "it's open for anyone to use"

Tried to access it from the US and got

403 ERROR

The request could not be satisfied.

The Amazon CloudFront distribution is configured to block access from your country.

Generated by cloudfront (CloudFront)

Request ID: VHAppfdRXhGS1TMFQ4-fnV21guIgWpEAhd8mfgddxw==

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021