* Posts by Daniel B.

3050 posts • joined 12 Oct 2007

Silicon Valley’s top exorcist rushed off his feet as Demons infest California

Daniel B.
Silver badge

Re: "Demons infest California"

The power of UNIX compels you! The power of UNIX compels you!

4
0

UK copyright troll weeps, starts 20-week stretch in the cooler for beating up Uber driver

Daniel B.
Silver badge

Lenient

20 weeks seems light on the guy given the severe beating he inflicted on the driver.

0
0

Valid logins to your workplace are on the net, right now

Daniel B.
Silver badge
Boffin

Re: iOS or Windows? Why?

iOS does have vulnerabilities as well, but Apple patches are available as soon as they're released. Android phones will vary from getting their patches on time, to lagging a couple of months, or not getting them at all. So an 0-day on iOS might be fixed in the next couple of weeks, while some Android phones will be forever stuck with that exploit.

As for Nokia, well, that's what happens when the board promotes a Microsoft sleeper agent to CEO. Fortunately, Nokia was able to jettison that part of the company along with the sleeper agent, and soon will get back at doing smartphones with non-crap OSes.

0
0

Moron is late for flight, calls in bomb threat

Daniel B.
Silver badge

Re: Re. Lol!

Not quite the same thing. The Robin Hood tweet was a joke, and anyone reading it would've understood it as a joke. Instead, the UK cops made a gigantic shitstorm out of it.

This Canadian bloke, however, made a real (albeit bogus) threat.

0
0

Safe browsing checks fail as 16,000 WordPress sites hacked this year

Daniel B.
Silver badge
Boffin

WordPress

The blogging platform that somehow has been hacked into a "CMS" and it shows. It's the lazy webmaster's solution to "I need a quick web site that looks snazzy".

The only thing it has going is that it isn't a horrible MS propietary turd like SharePoint.

0
0

Double KO! Capcom's Street Fighter V installs hidden rootkit on PCs

Daniel B.
Silver badge

So that's M Bison's new power

Rootkit attack! Your PC is now working for Shadaloo!

3
0

Uni student cuffed for 'hacking professor's PC to change his grades'

Daniel B.
Silver badge
Happy

Welp

At least he didn't hack the WOPR as well. Then again, he might've found inspiration from Ferris Bueller's Day Off as well.

0
0

She cannae take it, Captain Kirk! USS Zumwalt breaks down

Daniel B.
Silver badge

Oh the lost opportunity

of calling it the USS Enterprise. After all, CVN-65 is inactive.

0
0

Lenovo denies claims it plotted with Microsoft to block Linux installs

Daniel B.
Silver badge
Big Brother

Interesting

The "Lenovo Product Expert" feedback has been altered to show the new "official" parroting, while hiding away the original "MS pays us to lock out Linux" line.

1984 in action! Your complaint, doublethinked away!

4
1

Samsung intros super-speedy consumer SSDs, 'fastest M.2s ever'

Daniel B.
Silver badge
Boffin

Um...

"The device supports up to 400TB written"

That's too low. Given heavy usage of such an SSD, I guess it'll die within the 3 years given by the manufacturer.

0
0

FBI overpaid $999,900 to crack San Bernardino iPhone 5c password

Daniel B.
Silver badge
Boffin

Re: I'm not sure how he thinks this will work on an iPhone 6

Interesting read. I've been curious on how the SEP works. Looks like it's pretty secure by itself. Sure it's exploitable, but it's far harder to exploit than the rest of the phone.

1
0

iPhone 7's Qualcomm, Intel soap opera dumps a carrier lock-out on us

Daniel B.
Silver badge
Boffin

CDMA

That garbage tech should've died at least a decade ago. It's only alive in the US and some parts of China. The rest of the world chose GSM and uses SIM cards, which means that carriers can't apply vendor lockin on their cellphones.

It seems that even Intel realizes this, hopefully they'll speed up CDMA's demise. In my own country, the few CDMA carriers built up GSM/UMTS networks and are eventually killing their prehistoric CDMA towers.

1
0

Stripped and ready to go: Enterprise Java MicroProfile lands

Daniel B.
Silver badge
Boffin

Re: Java, lightweight?

That's right! Until it hits the unavoidable OOM (out of memory) event that is....

It'll never hit the OOM event if properly configured. That's the whole point. If it's hitting OOM, that's because -Xmx has been configured to a value higher than total available physical RAM, or high enough that it's triggering swapping due to total memory > physical memory (say, you have 8GB worth of programs running, -Xmx is set to 8GB but the system has only 12GB RAM available).

0
0
Daniel B.
Silver badge
Boffin

Re: Java, lightweight?

every real-world Java program I've ever encountered starts by grabbing 1GB and eventually consumes all the physical memory on whatever it's running on and then carries on until the thrashing makes machine unusable and someone kill -9s it.

Isn't that what -Xmx was made for? It pretty much limits Java to whatever you set the heap max to. Sure, if you set it to 512M it'll eat a bit more than that, but it won't go full Chrome and eat all your RAM.

4
0

Bad news: MySQL can dish out root access to cunning miscreants

Daniel B.
Silver badge
Boffin

If you actually spend some time configuring SELinux policies, you can actually make it so that the mysql daemons are unable to write to the configuration file even if they have UNIX permissions. The whole point of SELinux is to lock down everything at the OS level.

2
0
Daniel B.
Silver badge

SELinux

That should avoid modifying configuration files.

2
0

Did you know iOS 10, macOS Sierra has a problem with crappy VPNs? You do now

Daniel B.
Silver badge

Re: WEEKS

iOS rollback is supported, as long as the previous version is still being signed by Apple.

4
1

iOS 10 bricks iThings

Daniel B.
Silver badge

Re: Early adpoters beware

Unlike Windows 10, iOS only nags you to update, but you can happily say no and the device will honor your decision.

In this case, iOS hasn't even told me to update at all. I guess it isn't yet being pushed for the same reason most people avoid x.0 releases.

0
0

Hypervisor security ero-Xen: How guest VMs can hijack host servers

Daniel B.
Silver badge
Boffin

So...

Basically, I can break out of the VM by running DOS and hacking up a program with DEBUG?

-affff

NOP

0
0
Daniel B.
Silver badge
Boffin

Re: Ah the joys of segmented memory

My first assembly programs were written in TASM, targeting 16-bit x86. Ah, the memories...

0
0

Hacking mobile login tokens tricky but doable, says reverse-engineer

Daniel B.
Silver badge
Facepalm

Not surprised

I've always feared this could happen once your tokens start living in a device that can potentially have its entire contents dumped. By the way, some entities that shall remain unnamed do indeed activate PIN mode, but they restrict said PIN to a 4-digit code. This, coupled with the "parity" check means that you can quickly narrow down to a few possible PIN candidates and just try those ones until you hit the right one.

And that's assuming they didn't nab your PIN as well by pulling off those nifty phishing app tricks.

I'll keep my physical tokens, thank you very much.

1
0

Microsoft thought of the children and decided to ban some browsers

Daniel B.
Silver badge

Re: What does "Bing" mean?

Bing is (or used to be) an ice cream parlor franchise in central Mexico. Haven't seen much of those lately.

0
0
Daniel B.
Silver badge
Trollface

Re: Nanny Microsoft strikes again

The reason for the silence is he asked Microsoft shills to answer and there aren't any here.

Still haven't stumbled into TheVogon, eh? That's only the most known one. There are many more out there. I guess they're sleeping or too busy shilling on other articles...

2
0

Update your iPhones, iPads right now – govt spy tools exploit vulns

Daniel B.
Silver badge

Re: Phone Security

Ah, the MS shill chimes in.

No, they weren't able to hack her Blackberry. They did hack her other handset, a Nokia 6260 Slide. The Blackberry Z10 wasn't.

http://www.theatlantic.com/international/archive/2013/10/all-the-chancellor-s-phones/280913/

1
0
Daniel B.
Silver badge

Re: Phone Security

Blackberries are used by top level government officials. The surface area may be small, but there is definitely an interest in hacking these devices.

The NSA was unable to hack Angela Merkel's Blackberry. That should show how well they fare.

3
0

FBI Director wants 'adult conversation' about backdooring encryption

Daniel B.
Silver badge
Boffin

Dear Mr. Comey

We already had this adult conversation. Secure backdoor is an oxymoron. We've shown the math and science behind it. Give it up.

1
0

Larry Page snuffs out ‘too expensive’ Google Fiber project

Daniel B.
Silver badge

Re: "Public utilities and government agencies are better at handling"

Evidently. you never lived in a country where there was a state monopoly over telecommunication.

I did.

Privatization kind of worked.... but only when Telmex started getting real competition. Even then, competition was mostly on large cities, while the rest of the country remained with awful customer service. At my mom's town, getting a new landline = 30 days. At Mexico City, 24 hours or less. But oversubscription is an issue everywhere, with varied results:

Telmex: Get a real IP, low latency, you might get your full Mbps but most of the time it will drop to 50%.

Cable co's: Get CGNATted IP, high latency, traffic shaping and all the awful crap Comcast was doing in the US before the FCC slapped them. (Worst. Experience. Ever.)

Axtel: Get a real IP, low latency, mostly high data rate. Coverage is still limited to major cities, and even then it might not be available in your neighborhood.

Totalplay: No idea if they do CGNAT, low latency, high data rate. Only available in major cities.

The main difference between Mexico and the US is that most of the country is covered by Telmex, which isn't stellar, but at least it isn't trying to screw over their customers. In the US, the cable co's are the ones covering most of the country, and they DO want to screw over their customers. Which is why municipal broadband sounds like a far better option.

1
1

WhatsApp is to hand your phone number to Facebook

Daniel B.
Silver badge

Oh well

Seems Facebook forgot that one of WhatsApp core values was not to sell out your data. They even stated that's why they would charge for their service.

Serves me right for not leaving when they were purchased!

18
0

Windows Update borks PowerShell – Microsoft won't fix it for a week

Daniel B.
Silver badge

So...

The update is broken, and thanks to Microsoft you can't avoid it!

3
1

Google doesn’t care who makes Android phones. Or who it pisses off

Daniel B.
Silver badge
Boffin

Maybe the H/W manufacturers need to look at setting up a consortium to deliver OSs for both PCs and phones that they can shape to what they perceive to be the market's needs.

They did. It was called Symbian, and was the most popular OS before Nokia made the "smart" move of taking over Symbian. Then all the smartphone manufacturers decided to flock somewhere else, and Android ended up being the replacement OS.

Even then, Symbian was moving into an interesting direction up until the Elopocalypse. Proof? Symbian Belle had rave reviews.

0
0

Safari 10 dumps Flash, Java, Silverlight, QuickTime in the trash

Daniel B.
Silver badge

Java

I still need it. Do I still get the option to use the plugin?

0
0

Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate

Daniel B.
Silver badge

Thales

Brennan seems to have missed them. Because they aren't based in the US and are definitely not theoretical.

0
0
Daniel B.
Silver badge

Re: What's all this then? @Paul

I was thinking of Thales as soon as I read this article. Though I thought Thales was a French company?

But yeah, I even remember reading that the French president uses a Thales secure smartphone because the French also don't trust US hardware.

0
0

Apple quietly launches next-gen encrypted file system

Daniel B.
Silver badge

Re: hmmm?

Apple already needs a decent replacement for HFS+, so it'll definitely make its way to OS X.

1
0
Daniel B.
Silver badge
Boffin

Oh well, at least they're doing it

One of our major complaints w.r.t. OSX (I refuse to use the awful name they cooked up) has been HFS+ being stuck in the mid-90s. Sure, it supports a lot of UNIX-style stuff, but it still suffers from issues I hadn't seen in other OSes since the FAT32 days.

It was sad that Apple didn't go for ZFS; it could've been a good replacement for HFS+. But now that they're rolling out their own next-gen filesystem, things may finally move into the 21st Century.

1
0
Daniel B.
Silver badge

ZFS

They did eye ZFS as an HFS+ replacement. Oracle gobbling Sun put an end to that jump. MacZFS and O3X actually derived their code from the original 10.6 beta port by Apple.

1
0

Apple WWDC: OS X is dead, long live macOS

Daniel B.
Silver badge

Lame renaming

No, I don't really dislike rebranding as MacOS ... after all, it was called MacOS X up until recently. Reviving the "Mac" part and getting rid of the X isn't an issue.

But why, WHY did they put that lame lowercase gimmick on the name?!?!

1
0

RIP ROP: Intel's cunning plot to kill stack-hopping exploits at CPU level

Daniel B.
Silver badge

Intel

Still playing catchup with the superior architectures from the 90s?

0
0
Daniel B.
Silver badge

Indeed. x86 has always been the lesser capable architecture out there.

0
0

Cisco drags down the Ethernet switch market, routers grow a little

Daniel B.
Silver badge

Re: Yeah, but times change

Well, the most recent MS Borging was that of Nokia's phone division, so it still kind of applies. And in true MS fashion, they killed the company they borged, which fortunately was only the Elop-firebombed Nokia's phone division.

0
0

Google to kill passwords on Android, replace 'em with 'trust scores'

Daniel B.
Silver badge

Re: Just curious ... how many commentards here

If you start (as I do) from the premise that the "classic" username+password authentication paradigm is broken, then you have to accept we need something new.

It is, but that's an argument for 2FA, not for some mumbo jumbo voodoo crap replacing the password. There's already a workable solution for higher end smartphones: the fingerprint reader. And I still get the ability to use the password if I need to.

5
0
Daniel B.
Silver badge

Re: Time to move away from Android to something else then?

iOS, Sailfish, BB10...

2
0

Must listen: We've found the real Bastard Operator From Hell

Daniel B.
Silver badge

Re: Anyone that can stand 10 seconds or more

I did manage to listen 2 full minutes of this ... but that was because I was laughing my ass off and couldn't reach the laptop.

8
0

Miguel de Icaza on his journey from open source to Microsoft: 'It's a different company'

Daniel B.
Silver badge
Boffin

Re: De Icaza's love affair with Microsoft is not new

It pretty clear you have no idea of what COM and ActiveX really are. Hint: they are not just IE plugins...

No, they're just propietary cruft frameworks that happen to work only in the MSFT garden.

.NET equivalents to the COM part (COM+, I think?) were less ugly but it was notorious that the .Net runtime was heavily tied to the Microsoft ecosystem. Want to use LDAP for your IIS authentication? Well, you have to build your own MembershipProvider and RoleProvider implementations. We only do AD.

But ActiveX? Seriously? That thing was the number one security risk on the web. People may be snarky about Java, but at least the Java framework has builtin security sandboxes. ActiveX was infamous for giving full control with no means of sandboxing untrusted code.

9
1
Daniel B.
Silver badge
Unhappy

Re: open source people universally hate Miguel.

Back in 1999, de Icaza was hailed as a hero, especially within the Linux community in my country (Mexico). Sure, I preferred KDE over Gnome, but it was interesting to see the guy pretty much lead one of the main desktop managers in Linux.

Then it started getting weird with Mono. Why the hell would anyone want to push a Microsoft-centric platform on Linux? If you're going to do pirated Java, do straight Java (and no Miguel, Java isn't the problem. It was the holes punched through by Sun to add extra stuff that caused all those vulns.) Then the Xamarin vs. KDE stuff. Then his actual pushing for propietary over FOSS. I can't remember if it was his praising of OOXML or the propietary over FOSS thing that ended up losing my respect for him, but I can say that it's been a long time since he stopped being praised by us.

His jump into MSFT is simply showing that he has indeed turned to the Dark Side. :(

23
5

Linux infosec outfit does a Torvalds, rageblocks innocent vuln spotter

Daniel B.
Silver badge

Oh this is interesting...

@grsecurity is now "protected". Which means they're throwing an even worse tantrum than the one reported here. Check it out!

0
0

There's more to life than Windows

Daniel B.
Silver badge

LDAP

Chances are that if you're managing a corporate IT network, that's the real main repository.

4
0
Daniel B.
Silver badge

Re: Can we have?

LDAP. It's what most companies do. Pretty much any authentication platform has LDAP integration and thus can use LDAP as their main authentication registry.

AD is basically the usual renegade Microsoft implementation of usually open protocols, in this case it's LDAP and Kerberos v5.

10
0

Another failed merger, Carly? Ted Cruz to bring in ex-HP boss Fiorina as running mate

Daniel B.
Silver badge

iCarly!

So Ted "kill the gays and nuke Syria" Cruz would be running with Carly "I trashed HP" Fiorina? Interesting. Whatever positive points Cruz might get for being "not Trump" will be countered by choosing iCarly.

4
0

Microsoft's Windows 10 nagware storms live TV weather forecast

Daniel B.
Silver badge
FAIL

Funny

Microsoft is only giving itself bad PR with the stupid nagware thing. Just stop it, MSFT, fix your current OS instead of trying to force it on everyone else.

Give us an option to disable that stupid Metro GUI thing. It's less annoying in W10, but it still manages to screw up things.

Maybe then you'll start getting voluntary upgrades!

17
1

Forums