Posts by the reluctant commentard

Re: Gates

I'm no fan of Microsoft or (old) Bill Gates and his underhand tactics, but I'm not sure you can say he is doing this just to establish a legacy. For one, I believe he is remarkably reticent about plastering his name on everything, he (and his foundation) seem to focus on funding research and initiatives into coming up with solutions that kill large number of the world's poor in underdeveloped countries: diseases like Malaria, but also poor sanitation and lack of access to safe drinking water.

Not sexy, but major killers and things that is difficult to find commercial funding for, as they don't affect affluent countries and so from a money making perspective they're not attractive (what a cynical world we live in).

Could it be that he has simply decided that he cannot take it with him and so he wants to put it to some good use? (Yes, that would mean that a leopard can change its spots)

Also, both he and Warren Buffett have been encouraging other billionaires to follow this example through the Giving Pledge - guess who is one of the signatories? One Larry Ellison.

This is not to say this automatically makes these people saints, but I'll give them some credit for trying to use their obscene wealth to maybe improve the lot of the world's poor.

But we may at some point want to have a think about whether it's morally justified that one person amasses these vast amounts of wealth, and a society which seems to value that above all else?

Especially as it now seems that in the US you can use that wealth to sway elections - or in other words, not every vote appears to be equal anymore.

Re: "If everything Google does is a threat"

Don't worry, if you use the Google Office Suite for work, Google charges you upfront as well. I'm not sure how much (if anything) they still slurp from you when you pay them to use it, but i strongly believe that Microsoft is absolutely no better in this regard.

Having used both, I have to say I prefer Google Apps over MS 365 - I find it unbelievable how awful MS Office has become, and don't get me started on Teams. Or Onedrive.

Re: I'm fortunate enough to have a large audience and contacts within YouTube

Came to the comments to see if anyone mentioned Mend It Mark's recent run in with bogus copyright claims on YouTube and glad to see I was not disappointed!

For the poster asking above: that saga nicely shows what happens if you're a smaller content creator _without_ contacts in YouTube: nothing, you're screwed. Unless someone with a bigger following steps in to help, as happened in this case. Then it becomes yet another lovely example of the Streisand Effect.

Re: Booting DOS?

I'm no expert either, but I believe it is because DOS uses functions provided by the BIOS (Basic Input Output System) to drive the hardware. UEFI doesn't have such functions, so DOS can't work. See for instance https://en.wikipedia.org/wiki/BIOS_interrupt_call

As the decryptor only works for a specific version, it may be that the operators already realised and fixed their mistake in later versions. So you wouldn't be telling them anything they didn't know already.

To the author: The company is called EclecticIQ, not ElectricIQ. I can just imagine the wailing of their marketing people having gotten their blog on the front page of TheRegister only to find their name misspelt.

Re: computer intrusion, blackmail, and fraud

The article says he was released on bail, it makes no mention of whether or not that bail came with any conditions such as not being allowed to use computers etc. I'm pretty sure that conditions of that sort will have been imposed, that would make sense.

Jailing an under 18 year old while awaiting trial is a very heavy measure and is only reserved for the most serious of crimes I expect.

Re: Spectacularly irresponsible.

Yes, that is a *much* better article than this piece, as it also points out:

* There are 4 encryption algorithms used, TEA1, TEA2, TEA3, and TEA4. The weakened key vulnerability only affects TEA1

* TEA1 is for "export use only" and (as john.w has pointed out, most European forces use TEA2)

* In 2006 an Italian manufacturer pointed out to the US embassy that TEA1 had a "less than 40 bits" key length when an initial application for an export license for TETRA equipment to Iran was turned down, suggesting this weakness was pretty well known within the industry.

So the world does not appear to be ending (or at least not over this, anyway) but it does show why security by obscurity is generally a bad idea. But it's a pity this article didn't point out these factors, without this context this article is a bit alarming and sensationalist.

Re: you are looking at a rabbit and assuming that it has the potential to evolve into a bear.

I had a pretty good idea of what that video was going to be before clicking on it and I'm glad to say I wasn't disappointed!

Re: South don't work in the North

Once read an article by a Philips engineer on all the magic that went into making CRTs (talk about a whole field of knowledge that is now no longer much in demand) and he stated that the factory in Eindhoven where they made colour TV sets had a room where they could emulate earth's magnetic field in any location on earth to allow for correct calibrating of the tube for that location - so yes, it seems earth's magnetic field did matter.

Re: You can run Windows, but...

You can run Windows on M1 & M2 Macs using UTM, which is free. It has to be Windows 11 for ARM which is currently in Insider Preview and can be downloaded from Microsoft provided you sign up for the Windows Insider program, which is free.

I have followed one of the howtos and it does indeed work, it was rather nice to see an ancient Windows application from 2005 run on Windows 11 on a completely different architecture.

Here is a link to a HowTo: https://2ality.com/2022/06/windows-on-macs-via-utm.html

Re: The cloud is just someone else's computer

Although it is good to question how 1Password approaches this whole concept of password vault security, the article was actually about LastPass which is a completely different company.

They don't even need to replace them - just deploy different firmware. Virgin is Liberty Global, in The Netherlands that's Ziggo which uses the exact same modems and does support IPV6 including prefix delegation.

Re: Smartfobs, relay attacks and latency being the 'defence'??

Normally with systems like these, whether keyless or a key with a fob with buttons, if no doors are opened within a certain time of the car unlocking, it will simply lock itself again.

Re: You are joking?

Not necessarily a defence force. But because, as the relentless march of digitisation continues, more and more devices and processes (logistics, distribution, navigation) all start to depend on satellite navigation.

Having that under control of a third party which can switch it off (or when push comes to shove will always prioritise good service over their geographic area above good service over yours) means that you become very dependent on that third party.

Strategically it may make sense to ensure that such a vital service for your digital society is under your control.

Re: I don't get why we need a system

The systems in use in South Korea, the US and The Netherlands (amongst others) don't use text messaging at all, but rather a feature built in to (I believe) 3G and up: cell towers can transmit these Alert messages to all phones within their range and they will then show these messages as Alerts and play an alarm sound (even if they are set to silent although that is up to the phone)

This works better than SMS because you can reach *all* phones regardless of operators within a certain geographic area (including phones from abroad for instance) and the messages don't get lost, marked as spam, ignored, etc.

The functionality is baked in to the mobile standards specifically to be able to alert all phones within the boundaries of whatever disaster is unfolding.

Re: Financial analysis?

You don't need to register them all, you just need to register *one* - the domains are used by bots to connect to their command and control (C2) server. Once they connect to one, they will continue to use that one for as long as that domain is "up".

If you seize the domain, take down the server or interrupt C2 communication in any way, the bot uses the Domainname Generation Algorithm (DGA) to generate a list of *possible* new domains - that list may be as large as 50,000 domains for that particular day. It then just goes down the list trying domains until it finds one where a C2 is alive and waiting for it - that would the one domain the botnet herder registered.

If it fails, it will just generate a fresh list the next day and try again, right until it finds a C2 server.

Many DNS queries for non-existent domains (NXDOMAIN responses) are a sign you have a bot which is trying to find "home" on your network.

Re: Feet of clay

I too attended the lecture and I had the exact same experience, he just gave a history of the net (in which nothing new was said) and that was it.

I left thoroughly disillusioned, like you.