* Posts by Daniel B.

3084 posts • joined 12 Oct 2007

iOS 10 bricks iThings

Daniel B.
Silver badge

Re: Early adpoters beware

Unlike Windows 10, iOS only nags you to update, but you can happily say no and the device will honor your decision.

In this case, iOS hasn't even told me to update at all. I guess it isn't yet being pushed for the same reason most people avoid x.0 releases.

0
0

Bad news: MySQL can dish out root access to cunning miscreants

Daniel B.
Silver badge

SELinux

That should avoid modifying configuration files.

2
0

Hypervisor security ero-Xen: How guest VMs can hijack host servers

Daniel B.
Silver badge
Boffin

So...

Basically, I can break out of the VM by running DOS and hacking up a program with DEBUG?

-affff

NOP

0
0
Daniel B.
Silver badge
Boffin

Re: Ah the joys of segmented memory

My first assembly programs were written in TASM, targeting 16-bit x86. Ah, the memories...

0
0

Hacking mobile login tokens tricky but doable, says reverse-engineer

Daniel B.
Silver badge
Facepalm

Not surprised

I've always feared this could happen once your tokens start living in a device that can potentially have its entire contents dumped. By the way, some entities that shall remain unnamed do indeed activate PIN mode, but they restrict said PIN to a 4-digit code. This, coupled with the "parity" check means that you can quickly narrow down to a few possible PIN candidates and just try those ones until you hit the right one.

And that's assuming they didn't nab your PIN as well by pulling off those nifty phishing app tricks.

I'll keep my physical tokens, thank you very much.

1
0

Microsoft thought of the children and decided to ban some browsers

Daniel B.
Silver badge

Re: What does "Bing" mean?

Bing is (or used to be) an ice cream parlor franchise in central Mexico. Haven't seen much of those lately.

0
0
Daniel B.
Silver badge
Trollface

Re: Nanny Microsoft strikes again

The reason for the silence is he asked Microsoft shills to answer and there aren't any here.

Still haven't stumbled into TheVogon, eh? That's only the most known one. There are many more out there. I guess they're sleeping or too busy shilling on other articles...

2
0

Update your iPhones, iPads right now – govt spy tools exploit vulns

Daniel B.
Silver badge

Re: Phone Security

Ah, the MS shill chimes in.

No, they weren't able to hack her Blackberry. They did hack her other handset, a Nokia 6260 Slide. The Blackberry Z10 wasn't.

http://www.theatlantic.com/international/archive/2013/10/all-the-chancellor-s-phones/280913/

1
0
Daniel B.
Silver badge

Re: Phone Security

Blackberries are used by top level government officials. The surface area may be small, but there is definitely an interest in hacking these devices.

The NSA was unable to hack Angela Merkel's Blackberry. That should show how well they fare.

3
0

FBI Director wants 'adult conversation' about backdooring encryption

Daniel B.
Silver badge
Boffin

Dear Mr. Comey

We already had this adult conversation. Secure backdoor is an oxymoron. We've shown the math and science behind it. Give it up.

1
0

Larry Page snuffs out ‘too expensive’ Google Fiber project

Daniel B.
Silver badge

Re: "Public utilities and government agencies are better at handling"

Evidently. you never lived in a country where there was a state monopoly over telecommunication.

I did.

Privatization kind of worked.... but only when Telmex started getting real competition. Even then, competition was mostly on large cities, while the rest of the country remained with awful customer service. At my mom's town, getting a new landline = 30 days. At Mexico City, 24 hours or less. But oversubscription is an issue everywhere, with varied results:

Telmex: Get a real IP, low latency, you might get your full Mbps but most of the time it will drop to 50%.

Cable co's: Get CGNATted IP, high latency, traffic shaping and all the awful crap Comcast was doing in the US before the FCC slapped them. (Worst. Experience. Ever.)

Axtel: Get a real IP, low latency, mostly high data rate. Coverage is still limited to major cities, and even then it might not be available in your neighborhood.

Totalplay: No idea if they do CGNAT, low latency, high data rate. Only available in major cities.

The main difference between Mexico and the US is that most of the country is covered by Telmex, which isn't stellar, but at least it isn't trying to screw over their customers. In the US, the cable co's are the ones covering most of the country, and they DO want to screw over their customers. Which is why municipal broadband sounds like a far better option.

1
1

WhatsApp is to hand your phone number to Facebook

Daniel B.
Silver badge

Oh well

Seems Facebook forgot that one of WhatsApp core values was not to sell out your data. They even stated that's why they would charge for their service.

Serves me right for not leaving when they were purchased!

18
0

Windows Update borks PowerShell – Microsoft won't fix it for a week

Daniel B.
Silver badge

So...

The update is broken, and thanks to Microsoft you can't avoid it!

3
1

Google doesn’t care who makes Android phones. Or who it pisses off

Daniel B.
Silver badge
Boffin

Maybe the H/W manufacturers need to look at setting up a consortium to deliver OSs for both PCs and phones that they can shape to what they perceive to be the market's needs.

They did. It was called Symbian, and was the most popular OS before Nokia made the "smart" move of taking over Symbian. Then all the smartphone manufacturers decided to flock somewhere else, and Android ended up being the replacement OS.

Even then, Symbian was moving into an interesting direction up until the Elopocalypse. Proof? Symbian Belle had rave reviews.

0
0

Safari 10 dumps Flash, Java, Silverlight, QuickTime in the trash

Daniel B.
Silver badge

Java

I still need it. Do I still get the option to use the plugin?

0
0

Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate

Daniel B.
Silver badge

Thales

Brennan seems to have missed them. Because they aren't based in the US and are definitely not theoretical.

0
0
Daniel B.
Silver badge

Re: What's all this then? @Paul

I was thinking of Thales as soon as I read this article. Though I thought Thales was a French company?

But yeah, I even remember reading that the French president uses a Thales secure smartphone because the French also don't trust US hardware.

0
0

Apple quietly launches next-gen encrypted file system

Daniel B.
Silver badge

Re: hmmm?

Apple already needs a decent replacement for HFS+, so it'll definitely make its way to OS X.

1
0
Daniel B.
Silver badge
Boffin

Oh well, at least they're doing it

One of our major complaints w.r.t. OSX (I refuse to use the awful name they cooked up) has been HFS+ being stuck in the mid-90s. Sure, it supports a lot of UNIX-style stuff, but it still suffers from issues I hadn't seen in other OSes since the FAT32 days.

It was sad that Apple didn't go for ZFS; it could've been a good replacement for HFS+. But now that they're rolling out their own next-gen filesystem, things may finally move into the 21st Century.

1
0
Daniel B.
Silver badge

ZFS

They did eye ZFS as an HFS+ replacement. Oracle gobbling Sun put an end to that jump. MacZFS and O3X actually derived their code from the original 10.6 beta port by Apple.

1
0

Apple WWDC: OS X is dead, long live macOS

Daniel B.
Silver badge

Lame renaming

No, I don't really dislike rebranding as MacOS ... after all, it was called MacOS X up until recently. Reviving the "Mac" part and getting rid of the X isn't an issue.

But why, WHY did they put that lame lowercase gimmick on the name?!?!

1
0

RIP ROP: Intel's cunning plot to kill stack-hopping exploits at CPU level

Daniel B.
Silver badge

Intel

Still playing catchup with the superior architectures from the 90s?

0
0
Daniel B.
Silver badge

Indeed. x86 has always been the lesser capable architecture out there.

0
0

Cisco drags down the Ethernet switch market, routers grow a little

Daniel B.
Silver badge

Re: Yeah, but times change

Well, the most recent MS Borging was that of Nokia's phone division, so it still kind of applies. And in true MS fashion, they killed the company they borged, which fortunately was only the Elop-firebombed Nokia's phone division.

0
0

Google to kill passwords on Android, replace 'em with 'trust scores'

Daniel B.
Silver badge

Re: Just curious ... how many commentards here

If you start (as I do) from the premise that the "classic" username+password authentication paradigm is broken, then you have to accept we need something new.

It is, but that's an argument for 2FA, not for some mumbo jumbo voodoo crap replacing the password. There's already a workable solution for higher end smartphones: the fingerprint reader. And I still get the ability to use the password if I need to.

5
0
Daniel B.
Silver badge

Re: Time to move away from Android to something else then?

iOS, Sailfish, BB10...

2
0

Must listen: We've found the real Bastard Operator From Hell

Daniel B.
Silver badge

Re: Anyone that can stand 10 seconds or more

I did manage to listen 2 full minutes of this ... but that was because I was laughing my ass off and couldn't reach the laptop.

8
0

Miguel de Icaza on his journey from open source to Microsoft: 'It's a different company'

Daniel B.
Silver badge
Boffin

Re: De Icaza's love affair with Microsoft is not new

It pretty clear you have no idea of what COM and ActiveX really are. Hint: they are not just IE plugins...

No, they're just propietary cruft frameworks that happen to work only in the MSFT garden.

.NET equivalents to the COM part (COM+, I think?) were less ugly but it was notorious that the .Net runtime was heavily tied to the Microsoft ecosystem. Want to use LDAP for your IIS authentication? Well, you have to build your own MembershipProvider and RoleProvider implementations. We only do AD.

But ActiveX? Seriously? That thing was the number one security risk on the web. People may be snarky about Java, but at least the Java framework has builtin security sandboxes. ActiveX was infamous for giving full control with no means of sandboxing untrusted code.

9
1
Daniel B.
Silver badge
Unhappy

Re: open source people universally hate Miguel.

Back in 1999, de Icaza was hailed as a hero, especially within the Linux community in my country (Mexico). Sure, I preferred KDE over Gnome, but it was interesting to see the guy pretty much lead one of the main desktop managers in Linux.

Then it started getting weird with Mono. Why the hell would anyone want to push a Microsoft-centric platform on Linux? If you're going to do pirated Java, do straight Java (and no Miguel, Java isn't the problem. It was the holes punched through by Sun to add extra stuff that caused all those vulns.) Then the Xamarin vs. KDE stuff. Then his actual pushing for propietary over FOSS. I can't remember if it was his praising of OOXML or the propietary over FOSS thing that ended up losing my respect for him, but I can say that it's been a long time since he stopped being praised by us.

His jump into MSFT is simply showing that he has indeed turned to the Dark Side. :(

23
5

Linux infosec outfit does a Torvalds, rageblocks innocent vuln spotter

Daniel B.
Silver badge

Oh this is interesting...

@grsecurity is now "protected". Which means they're throwing an even worse tantrum than the one reported here. Check it out!

0
0

There's more to life than Windows

Daniel B.
Silver badge

LDAP

Chances are that if you're managing a corporate IT network, that's the real main repository.

4
0
Daniel B.
Silver badge

Re: Can we have?

LDAP. It's what most companies do. Pretty much any authentication platform has LDAP integration and thus can use LDAP as their main authentication registry.

AD is basically the usual renegade Microsoft implementation of usually open protocols, in this case it's LDAP and Kerberos v5.

10
0

Another failed merger, Carly? Ted Cruz to bring in ex-HP boss Fiorina as running mate

Daniel B.
Silver badge

iCarly!

So Ted "kill the gays and nuke Syria" Cruz would be running with Carly "I trashed HP" Fiorina? Interesting. Whatever positive points Cruz might get for being "not Trump" will be countered by choosing iCarly.

4
0

Microsoft's Windows 10 nagware storms live TV weather forecast

Daniel B.
Silver badge
FAIL

Funny

Microsoft is only giving itself bad PR with the stupid nagware thing. Just stop it, MSFT, fix your current OS instead of trying to force it on everyone else.

Give us an option to disable that stupid Metro GUI thing. It's less annoying in W10, but it still manages to screw up things.

Maybe then you'll start getting voluntary upgrades!

17
1

What do you call an old, unpatched and easily hacked PC? An ATM

Daniel B.
Silver badge
Boffin

Re: Banks? Security?

Bad enough that my bank STILL refuses to make passwords case sensitive, or allow "Special" characters.

That's a problem everywhere, and the sad thing is that I know why this is the case.

RACF has issues with non-alphanumeric characters due to ASCII/EBCDIC.

Many bank systems do RACF authentication. Therefore, bank password policies won't allow non-alphanumeric password.

Client-facing systems don't authenticate clients against RACF. Yet they're also saddled with the same password policies because having a single policy for everything is easier!

1
0

Charter can gobble TWC for $78.7bn ... if it bins monthly download caps

Daniel B.
Silver badge

Re: @Daniel B

While contention can get you out from serving 100% all the time, having data rates dip to 20% most of the time should be frowned upon. I don't expect my current 10Mbps DSL to run at 10Mbps all the time, but neither do I expect it to run at 2Mbps most of the time. Especially when they're offering 3Mbps packages at less than half the price I'm currently paying for 10Mbps.

I think ISPs should come forward with both the "up to X" and a guaranteed minimum rate for their offerings. Give the end user a choice between "highly contended" and "low contention" and they might be surprised at the number of people that will pony up extra cash to get guaranteed fat pipes. As another commenter stated, most telcos won't serve business links to residential areas.

0
0
Daniel B.
Silver badge

Re: Which brings us to "The tragedy..."

All ISPs sell bandwidth data rates. If they can't provide the service they're charging for, they should upgrade their infrastructure.

Data caps are outright double dipping.

8
0

Germans stick traffic lights in pavements for addicts who can't take their eyes off phones

Daniel B.
Silver badge
Unhappy

Re: I'm conflicted

There's also the drivers to think of: most drivers involved in machine + idiot incidents tend to leave service.

Indeed. One of my former girlfriends had the nasty experience of watching someone fall into the subway tracks just seconds before the train entered the station. She looked away from the tracks, but heard a loud crunch when the train ran over the guy. She got really sick from that, and she says that the driver (who had slammed the emergency brakes) got out as soon as the train stopped and barfed on the floor. That was just awful.

6
0
Daniel B.
Silver badge
Boffin

I'm conflicted

Part of me wants the Darwin Awards to follow their natural course .... the other part wants less accidents, 'cause getting late to work due to some numbnuts not watching before crossing is annoying.

3
0

Trouble at t'spinning rust mill: Disk drive production is about to head south

Daniel B.
Silver badge
Boffin

Annoyed at this

I currently have my 1TB Laptop HDD at 91% capacity. I might be able to get a 2TB HDD at most, but not more. Why? Because nobody seems to care enough to get 4TB or even 3TB HDDs made in the traditional laptop form factor. Never mind that the PS4 also uses this format, and 4TB is something very useful there. This is because many people are buying into the SSD craze. I would do so, but 1TB is still too expensive and I would still be stuck with the same issue I currently have. I haven't seen any 2TB SSDs.

On desktop systems, I'm happy with Seagate still churning out higher capacity HDDs. Hopefully they'll remain doing so, as large storage is still a need for me. I'm planning on upgrading my "home server" PC, which currently has 6.5TB storage capacity.

2
0

FBI ends second iPhone fight after someone, um, 'remembers' the PIN

Daniel B.
Silver badge

Don't fear the reaper

In the UK I believe you can be compelled to hand over passwords. Scary. Nice place to visit but glad I don't live there!

Do fear the RIPA.

14
0

'No password' database error exposes info on 93 million Mexican voters

Daniel B.
Silver badge

Re: Voters database *in the cloud*?

Not official. I'm pretty sure that this database was highly illegal under Mexican federal law. The IFE database must not leave the country, ever.

0
0

BOFH: Thermo-electric funeral

Daniel B.
Silver badge

Re: as if owning IT antiquity was one of those positive character traits

TI-59 had the tiny versions. I had one.

3
0

Ten years in the clink, file-sharing monsters! (If UK govt gets its way)

Daniel B.
Silver badge

Re: His (her) Master's Voice

Orlowski is also the same guy who ended up defending FunnyJunk... The guys who were actually engaging in piracy, only because it proved his own twisted view on IP matters.

13
2

Facebook clickbait cull

Daniel B.
Silver badge

Meanwhile

They've completely removed the ability to report spam. Which means those guys spamming threads with "click here to get free dragon city gems" are able to spam with impunity.

1
0

123-reg still hasn't restored customers' websites after mass deletion VPS snafu

Daniel B.
Silver badge
Boffin

Gah!

For us, it's been the kick the client needed to retire the pile of asp that no one understood that ran the old site.

Let me guess, pre-.NET ASP? Horrible! VB can't seem to die fast enough.

0
0

Chinese crypto techie sentenced to death for leaking state secrets

Daniel B.
Silver badge

Re: Well, it's China.

Ah yes, the "Falun Gong" treatment of involuntary organ donors. Very "efficient".

0
0
Daniel B.
Silver badge
Holmes

Well, it's China.

They have a habit of dealing death sentences for a lot of stuff. Especially people who are percieved as threats to the government.

3
0

You won't believe this, but… nothing useful found on Farook iPhone

Daniel B.
Silver badge

No shit Sherlock

Nobody expected anything to be in the phone. The FBI wanted a test case.

0
0

BOFH: Sure, I could make your cheapo printer perform miracles

Daniel B.
Silver badge

Re: Dummy mode!

Indeed! Probably a return to classic BOFH? I distinctly remember that the very first BOFH stories involved users killing themselves after following BOFH "advice".

2
0

Forums