* Posts by david 12

846 posts • joined 6 Jul 2009

Page:

Transfer techies at SWIFT tell Bangladesh Bank: Don't shift blame for $81m cyberheist

david 12
Bronze badge

2 factor authentication

Swift is already 2 factor authentication: You need to know the password, and you need to have (access to) the Swift terminal. That's what 2FA is, and that's what Swift is, and that's why the Swift terminal is locked in the Swift terminal room.

Not that 3FA is not a new idea, or a bad idea -- remember that nuclear launch requires 2 people, and 2 keys, and 2 codes -- but there are diminishing returns from more factors, and if the bank can't protect their passwords and systems and swift terminal, you have to wonder if adding a mobile phone or a key fob would have helped.

0
0

Bug hype haters gonna hate hate hate: Badlock flaw more like Sadlock

david 12
Bronze badge

Re: MS Windows ?

Thanks. The Windows vulnerability was still unpublished/reserved when I posted.

0
0
david 12
Bronze badge

MS Windows ?

The listed problems are all in Samba, not in "Samba and Windows". They all appear to be Samba-specific errors. None of them look like the kind of problems that would be shared with another implementation.

But the publicity says "Windows", and MS has also listed a patch. What is the nature of the Windows patch and the Windows problem?

1
1

Google yanks Chrome support for Windows XP, at long last

david 12
Bronze badge

Re: "In many ways, the existence of Chrome with support for Windows XP"

IE6? No, a lot of the web blocks IE6. I had to roll back to IE5.5 to get a working web browser.

0
0

Windows 10 with Ubuntu now in public preview

david 12
Bronze badge

Re: Hmmmm???

>"The chances of Microsoft emulating (say) POSIX threads correctly seems pretty remote. It even took Linux itself years to get that right."

Yes, it wasn't until Microsoft SFU version 3.5, in 2004, that Windows got POSIX threads.

1
0
david 12
Bronze badge

Re: So problems with pocesses and filesystems

"Top" is in the previous versions of SFU (2.4, 3.0, 3.5) , so either the problem is specific to Linux, or to Win10, or they just haven't got around to it yet.

1
0

Australia's broadband policy is a flimsy, cynical House of Cards

david 12
Bronze badge

Re: This article is a joke right??

Article started by equating Dynamic Range "blacks so dark the panel looked like it actively sucked in ligh" with Resolution, "4K stream", and went downhill from there. How could it be anything but a joke?

0
2

Legion of demons found in ancient auto medical supply dispensing cabinets

david 12
Bronze badge

XP embedded?

SP3 went out of support in January. XP embedded 2009 goes out of support in 2019

There are also "point of sale" versions with other dates

7
0

The bill for Home Depot after its sales registers were hacked: $19.5m

david 12
Bronze badge

Re: Software nasty installs itself on cash registers?

Yep, looks like they didn't update their point of sale software for more than 7 years.

0
0

Steve Jobs, MS Office, Israel, and a basic feature Microsoft took 13 years to install

david 12
Bronze badge

Re: Mac OS X didn’t support Right to Left (RTL) languages?

MS Office for Mac was written using the Mac Carbon API, which wasn't RTL. The osx Cocoa API, which came out immediately before "13 years ago", did support RTL and other scripts. It's taken MS 13 years to do a complete re-write of MS Office for Mac.

0
0

AT&T: Three-quarters of our network is going virtual, and we're open-sourcing the tools

david 12
Bronze badge

Too early, too late.

Kevin Mitnik, Herbert Zinn, Leonard Rose, "Legion of Doom", come back, all is forgiven.

0
0

'Just give me any old date and I'll make it work' ... said the VB script to the coder

david 12
Bronze badge

Re: People Love to hate VBA

I love to love VBA. But this feature of VB/VBA/VBS, which MVP Michael (michka) Kaplan memorably dubbed "evil date guessing", is a bug that did nobody any favours.

However, the memory of the original poster is incorrect, because although VB/VBA/VBS had this flaw, it wasn't in the thing called cdate( )

1
0

Woz: World-changers to Apple Watches, why pay for an overpriced band?

david 12
Bronze badge

watch bands

I've got a review of the original IBM pc that says it's ~average~, but ~redefines~ the PC keyboard. I'm reminded of that because I've read reviews of the original Apple Watch wrist bands, which say that if Apple isn't actually -redefining~ the wrist band market, it's certainly defining it: that the Apple wrist bands were market leaders, and better than what you would pay $1000 for elsewhere.

I'm not a wrist-band guy myself, but Woz isn't either, and doesn't pretend to be. Perhaps being in the jewelry market isn't a bad thing for todays Apple.

0
0

Michigan shooter says 'mind controlling' Uber app told him to kill

david 12
Bronze badge

Re: That's pretty sad

In South Australia, they really did just close all the asylums and put all the people out on the street, leading directly to one murder. There was a bit of a political scandal. In all other Aus states, they were a little more careful about it, and all now have programs for locking up people for a day or two when there is an obvious murder risk.

As in the USA, a very high proportion of prison inmates are crazy, damaged or insane, if not outright psychotic. But the advantage of closing all the asylums was that they were state funded. Crazy people on the street are on unemployment or sickness benefits, and attract no state-level costs.

There were and are many good arguments for closing asylums and institutions of all sorts, but the driving force behind it was money. All the arguments in the world wouldn't have mattered if it wasn't for the money, and all the arguments in the world don't matter because of the money.

0
0

Get lost, Windows 10 and Phone fans: No maps HERE on Microsoft's OS

david 12
Bronze badge

Dollers to Donuts, it's a UAC-aware re-write that is required.

Modern apps are required to use UAC elevation requests to access resources. It's a major rewrite.

Legacy systems (Win V/7/8) allowed legacy non-UAC-aware applications. Win 10 is tighter. Win10 phone is/will be tighter. I don't know what will be tightened in the new Win10phone release, but it's a no-brainer that UAC elevatoin will be tighter.

0
0

Every Australian address - yes yours, and even yours – just became open data

david 12
Bronze badge

No Aus Post DPID?

I guess Aus Post still charges if you want to find out the correct Delivery Point Identifier to barcode your mail.

"If you're using PreSort Letters, Charity Mail or Acquisition Mail, you'll need to barcode your items. For this, you need AMAS-approved software - or you'll need to find a mail house to help you. "

0
0

Microsoft hoses down Windows Server hardware support change fears

david 12
Bronze badge

Zero inpact on most home users. Zero impact on most servers

Since most of them are on OEM or hardware-linked licences, you can't install new or copy old once they stop selling anyway.

It's been awhile since I was corporate, but it used to be most workstations had floating licences. That's not true of servers now.

0
0

Dan Kaminsky is an expert on DNS security – and he's saying: Patch right God damn now

david 12
Bronze badge

Re: I have a retina iMac

>outrageous money for cheap commodity hardware with an expensive badge stuck on

Still living in the 00's ? In 2016 Apple OSX laptops are not cheap commodity hardware: they are top-line hardware at a reasonably competitive price. I wouldn't put Win8 on one, but that's because Apple provides crap Windows drivers for the hardware. Running OSX, you'r paying top price for a top quality laptop.

2
0

Linux Mint hacked: Malware-infected ISOs linked from official site

david 12
Bronze badge

Re: Can happen to anyone...

>"not the same as"

Yes, doubtless the server that was hacked was one of those ridiculous malware-prone MS IIS servers that no sane educated person would use. Run by amateurs, lusers, victims of MS's relentless dishonesty.

In no way the same as.

2
1

Alibaba security fail: Brute-force bonanza yields 21m logins

david 12
Bronze badge

Re: 2 factor?

>They now do 2 factor

Or, as Alex Papadimoulis of The Daily WTF memorably called it in 2007, "Wish-it -was 2-factor security"

Real 2F security is "something that the user knows, something that the user possesses or something that is inseparable from the user"

0
0

Why the Sun is setting on the Boeing 747

david 12
Bronze badge

>the aircraft that made Boeing into the global leader it is today

I thought it was the DC10 that made Boeing into the global leader ....

Yes, the whispering T-Jet was quieter in economy, but the 747 was still much quieter in economy than a modern Airbus. And, originally, nothing like as crowded as economy on a modern flight. I remember a quite civilized flight on Air France in the early 70's.

0
0

ABC storage project adrift in 'brown ocean'

david 12
Bronze badge

wtf is 'brown ocean' ?

When I read the title, I thought they maybe meant the project was adrift in a sea of shit ??? But when I read the article, the've aparently used the phrase seriously to mean somthing like "a brown field site" -- a usage I've never seen or heard before. Can someone point me to a definition and other usage?

0
0

Volkswagen Australia says 77,000 local diesels need software fix

david 12
Bronze badge

Null Change = No Effect

My understanding is that all these vehicles meet existing Australian emissions regulations. VW has promised Australian owners that the change will not affect fuel economy or power.

It seems likely to me that in Australia the "fix" may be just to change the engine softare so that it does not dishonestly modify emissions when tested.

Owners would be eligible for compensation only to the extent that their buying decision depended on the quoted emission levels -- ie probably not at all.

1
0

Telstra costed fibre to the premises before it was Telstra

david 12
Bronze badge

ADSL happened

We were looking at the same time frame. ISDN was expensive. Frame Relay was expensive. Dial-up was slow. Fibre to the Office was the obvious choice, but for us had 2-3 year pay off period compared to ISDN, because the installation cost was so high.

Then - BANG - ADSL happened. ISDN became obsolete. Prices plunged, and Fibre, instead of becoming something that will happen in 1997, because something that did not happen in 1997.

2
0

Volkswagen used software to CHEAT on AIR POLLUTION tests, alleges US gov

david 12
Bronze badge

Re: have a software update that corrects this

Aus. is watching this with various degrees of outrage and indifference. My understanding is that the cheating engines still meet Australian standards, and I'm guessing that the Aus. 'fix' which has been promised to owners here, will be just altering the software so that it doesn't report dishonest values during testing.

Due to Aus population and weather patterns, this is less of an immediate helath issue here than it would be in Bejing/London/LA

0
0

ANN-IE-LATION: Microsoft to axe support for older Internet Explorer next week

david 12
Bronze badge

MS, like many other companies, already doesn't support IE8, in the sense that great swathes of the Microsoft.com website are unavailable to IE8.

0
0

Reverser laments crypto game protection, says wares dead after 2018

david 12
Bronze badge

Re: A month.

>the USB emulation facility - which generally works fine, or alternatively use hardware passthrough

YMMV. My hardware doesn't support passthrough, and the USB emulation facility doesn't work fine. (Works then requires a virtual machine reset).

0
0

Dick limps towards inglorious end: Gadget retailer on the brink

david 12
Bronze badge

Re: JB HiFi killed them?

They never made the transition from hobbiest to high-street store, partly because they never threw off the legacy locations and commercial leases.

As a hobbyiest store, people would, as described above, go out of their way to shop at DS. Once they moved to selling commodity electronics, their shop locations were mostly non-commercial. The new private owners had a shot at fixing that (many years to late), but picking up good retail locations is a tough and long-term proposition.

2
0

Happy 2016, and here's the year's first ransomware story

david 12
Bronze badge

[apparently, someone thought this was a good idea – El Reg].

I'd like more information about that. What exaclty is NW.js? What exactily is JS sandboxing? Am I right that server-side implementations of JS allow "interaction with the underlying operating system,", and that this malware includes/installs a server-side implementation of JS?

5
0

Software bug sets free thousands of US prisoners too early

david 12
Bronze badge

Re: surely its normal to check these things

" but surely in a prison in particular"

Prisons operate with almost no feedback. The only people watching what happens are the prisoners, and nobody cares about their opinion.

This mostly includes the release date. Prisoners get "time off for good behaviour" which is under the control of the prison admin, and can be revoked. And they get "parole", which is under the control of the parole board, and can be revoked, but in general they don't have a right to immediate release even if they are eligible for "parole", and it's all subject to administrative processes, and even the guards don't know who is going to be released, let alone the prisoners.

0
0

Microsoft mandates browser-extension defence to malvertising

david 12
Bronze badge

Re: Didn't understand a word of that

"Personally I've never found the uninstall button for IE Add-Ons. Could someone be so kind as to point me in the right direction please?"

Tools | Manage add-ons

0
0

Oracle ordered to admit on its website that it lost the plot on Java security

david 12
Bronze badge

Re: Java, Road to hell paved with good intentions.

"It was a good idea, badly done, a sort of C syntax Visual Basic for every platform. "

All the readability of C, with the shear speed of interpreted BASIC.

1
0

MPs question value of canning Raytheon from e-borders

david 12
Bronze badge

Re: Procurement question

Does a customer go into a contract thinking "I'll just leave it all up to the contractor to decide what I want"?

A rhetorical but serious question.

1
0

Digital Transformation Office hits deadline for Gov.au prototype

david 12
Bronze badge

aaaaaaggghhhh

"and then we present relevant content and information"

That is, they deliberately hide information until they have forced users to "tell us a little about their circumstances "

0
0

Oxford Uni opens infosec ivory tower in Melbourne

david 12
Bronze badge

Oh, it /is/ an operations centre then? Last time, it was a "security" centre, with hundreds of "security" jobs.

0
0

Windows' authentication 'flaw' exposed in detail

david 12
Bronze badge

Re: Never say never

The reason Windows has support for NTLM (v1) authentication is for backwords compatiblity with systems which have no support for anything more modern. For years, this was primarily SAMBA installation: (Win98 had an update available) SAMBA itself was, naturally, late to support Kerebos and NTLMV2, distributors were later, and users were even later.

When MS turned off default support for NTLM authentication, there was /outrage/ from the community of SAMBA users (I don't speak for the developers).. M$ had /deliberately/ broken compatibility with Open Source community!!! Windows was /incompatible/ with Open Source software!!!

The fact that SAMBA still has support for NTLM authentication suggests that they still have users with clients other than Win95/98/SE/2K/2K3/XP/Vista/7/8/10 that are unable to authenticate using other protocols.

And for Windows, the reason is the same: NTLM (v1) authentication is still supported for use with old versions of non-Windows clients.

None of this, of course, has anything to do with the memory-capture flaw described here, which relates to the use of a stored hash, not NTLM authentication, and not even particularly the hash method: since the stored hash is captured from memory, it could have been hashed by any modern hash/encryption method, and the flaw would still exist.

1
0
david 12
Bronze badge

Re: Well, Ain't that dandy!

"setting the localtime into the hardware clock during DST changes"

I can only guess, given that this is the comment section of "The Register", that you think that comment somehow applies to something like Windows or OSX or some Linux distribution.

But it doesn't. Not to Windows, not to OSX, not to any common Linux distribution.

0
0
david 12
Bronze badge

"Kerberos on other OSes is unaffected."

That would be on other OSes thatdon't have disused or disabled accounts, and clear key hashes from memory.

On the bases of repeated reports over the last 5 years, BSD and Linux based systems have been very slow to maintain proper memory sanitation (clearly due to the fact that Windows was forced into attempts at memory sanitation much earlier).

And chances are high the many people have disused or disabled accounts.

So although this particular account is a Windows account, generically it's the kind of fault you'd expect to see on many *nix systems.

Except, of course, that most *nix system don't use network authentication, so they don't use Kerberos, so the "password/key recovery from memory" failures we've seen in the last couple of years have been in local authentication.

1
1

Are second-hand MoD IPv4 addresses being used in invoice scams?

david 12
Bronze badge

Re: Full Marks

Fully marks to Myffy W for the referece to a favorite poet, but "Tommy Atkins" was the default name for illiterate or generic British soldiers well before Rudyard started Kipling.

0
0

Microsoft extends Internet Explorer 8 desktop lifeline to upgrade laggards

david 12
Bronze badge

But regardless of CSA's, Microsoft isn't supporting IE8 at the server side: more and more of microsoft.com is becoming unreadable (blank) in IE8

0
0
david 12
Bronze badge

Re: Because....

"Standards are your friend." If you are a company with a minority market postion.

Standards are a commercial weapon, used to lock people into and out of markets, and to split markets open.

For those of you without direct experience: remember, if you didn't pay to develop the standard, you are the product that is being bought and sold.

0
0

Typo in case-sensitive variable name cooked Google's cloud

david 12
Bronze badge

Re: @ ben edwards

:"Kids ... are quite prone to this kind of mistake. I've been seeing it for about 40 years"

And and it was an obvious mistake even 40 years ago.

But that was also a time when being able to print in different fonts was so new and exciting that it seemed like a good idea to do it everywhere.

0
0

Volkswagen blames emissions cheating on 'chain of errors'

david 12
Bronze badge

Re: Simple requirements problem

"Every engineer will see that this is the fault of the marketing departments. "

An attractive idea, but I think that in this case, the engineers probably saw this as a failure of the standards and licencing people.

I mean yes, everyone knows that marketing and management are stupid, but if you work with standards, you often find that you disagree with the standard, and (we can't help it), most of us tend to believe that anyone who disagrees with us is at least a little bit stupid, and that people who force their opinions on us are at least a little bit arrogant.

I've read credible suggestions that VW engineering, like VW management, sales, and marketing, believes that diesels are best, and that their diesels are best, and that people who disagree with them are wrong.

I think that engineering chose this path, and I think they knew what they were doing, and I think that they know that they knew what they were doing, which must be making them feel a little defensive at present.

0
0
david 12
Bronze badge

Re: These is no such thing as a "Defeat Device"

If, by chance, your are refering to my posting, let me point out that I have never tried to avoid the obvious truth, and never claimed any excuse for the moral or criminal failure of VW (management or engineering).

I'm interested in both the technical and systemic origins of crimes, and simplistic, misleading, or just plain false explanations may be entertaining, but they don't help me.

For example, (from above) "detection routine which recognizes which test is being run and setting the engine MAP explicitly to a set of values which are used only in a test."

That is a false description, so it doesn't help identify the technical or management failures which lead to this crime.. Cheap and careless reporting leads to false descriptions like that I just quoted, and so cheap and careless reporting doesn't help identify the technical or management failures which lead to this crime.

Hiding behind semantic justifications like "a device is a system" doesn't help either: there is no system specifically dedicated to cheating, and pretending that there is, while understandable given the poor level of reporting and edititing demonstrated here, doesn't get you any closer to punishing those properly responsible for the crime.

Which reminds me that no, I wouldn't take anything that VW says on face value, even if it was accurately reported in the comments section of a news source, acccurately derived from an English language press release. (Which, with respect, doesn't seem to be the case here).

8
9
david 12
Bronze badge

Re: These is no such thing as a "Defeat Device"

No, I don't work for VW, and I don't drive a diesel. But I do write embedded software, and I do work in the altermative-technology energy sector. It is clear that there is no "defeat device", and repeated use of that term just makes the editors seem cheap and stupid.

23
14

NBN opens 400 tech jobs in looming second Melbourne security shop

david 12
Bronze badge

Re: I smell a junket

"Security" is the new buzzword. It looks like an operations centre. Operations = Security, right?

0
0

From Zero to hero: Why mini 'puter Oberon should grab Pi's crown

david 12
Bronze badge

Re: Pascal -> Modula-2 -> Oberon

You've failed to notice, or report, that modern C compilers implement in the compiler, parts of the standard C libraries.

They do, to the extent that they comply with the standards, implement the languge "as if" it had a separate library, allowing you to override the internal implementations of library-like functions, but that is just another layer of complexity on top.

The compiler actually implements key "library" functions as part of the language it is compiling, and also has an additional language function that allows you to overide the internal language definition.

This was by no means the original language design principle of C compilers, which implemented a "small language of only a few keywords".

0
0
david 12
Bronze badge

Re: Pascal -> Modula-2 -> Oberon

"Pascal was only meant to be a language to learn Programming, not to learn Pascal."

Wirth's interest was language design. The "programming" that he taught was language design. The "programming" that students learned was language design.

Pascal was only ever meant to be a language which demonstrated good language design, that students could use, that also demonstrated how a properly designed language worked.

One of the fascinating aspects of language design is how C has given up it's original idea of "a small language, only a small number of key words". Modern compilers aren't like that at all, having instead native support for i/o primitives. That was an area of active debate when C and Pascal were introduced, with C and Pascal representing diverging viewpoints. Taken as a language design, Pascal has certainly aged better than C has.

3
1

It's nearly 2016, and Windows DNS servers can be pwned remotely

david 12
Bronze badge

Re: KB3112148

Time zone updates always cause problems for scheduling/meeting/appointments. Appointments are recorded using UTC, but happen at local time: If you keep the same local time, people in other times are either going to see a time change. Apointment already made will need to have UTC time corrected, etc.

This problem always happens with time zone updates, and waiting just makes it worse (because you are more likely to have scheduled a meeting in the new time zone setting).

Outlook is a scheduling/appointment/meeting application.

0
0

Visual Studio Code: The top five features

david 12
Bronze badge

Re: Underimpressed...

"the only reason they slapped the name Visual Studio onto this is because of the brand and nothing more. This has absolutely nothing in common with working in VS and I think readers really should be careful and not let themselves be fooled by this."

VS itself was nothing more than a stupid re-branding excercise to capitalize on the soccess of VB. Which, in addition to having an actual visual/GUI design interface, had a coding environment unmatched by the stupid VS pretender until many years later.

1
1

Page:

Forums