* Posts by MacroRodent

1106 posts • joined 18 May 2007

Page:

US think-tank wants IoT device design regulated, because security

MacroRodent
Silver badge

Re: Accredited Standards Body

Seems the current state is so bad that just a few guidelines that would fit on a post-it note would be an improvement. Like (1) There shall be no default password that is identical on all devices, (2) any password must be nontrivial (at minimum 10 random ASCII characters) and supplied off-line, (3) the device must survive a "fuzzing" test with a state of the art fuzz tool (the tool or its version updated yearly).

1
0

HBO slaps takedown demand on 13-year-old girl's painting because it used 'Winter is coming'

MacroRodent
Silver badge

Melancholy Elephants

The story by Spider Robinson

http://www.spiderrobinson.com/melancholyelephants.html

is more relevant than ever.

How many three-word phrases that make some kind of sense are there in the English language? (eg. excluding things like "blue weep coffee", but allowing "cake has measles"). Seems like a problem similar to the one discussed in the short story.

1
0

For God's sake, stop trying to make Microsoft Bob a thing. It's over

MacroRodent
Silver badge

Re: But...

I'm farsighted, and will probably have problems with focus at such a close range.

One would expect it to have adjustable oculars, the same way as binoculars have had since forever. Would be silly to make an expensive device without such a basic feature. But then, it is Microsoft. (I find myself far-sighted or near-sighted, depending on how well I slept... The joys of being over 50...)

4
0

Microsoft plans St Valentine's Day massacre for SHA‑1

MacroRodent
Silver badge

Re: It won't be gone for decades...

I for one set my tablets User Agent to a 5 year previous string. [...] Short version: Your logs only list the UA of accessing devices, which might not represent the ACTUAL device used.

People like you probably represent about 0.001% of the users. Most people don't even know what the user agent string is, so collecting statistic based on it is reliable enough.

2
0

2016 in a nutshell: Boffins break monkeys' backs to turn them into tragic shuffling cyborgs

MacroRodent
Silver badge

Wiring set up worse than in my house

If you already know what wire connects to which, it's trivial to repair the damage,

In this case, the wires are squishy, deteriorate easily, they are unlabeled, and the communications protocol used on them is undocumented ,and varies from unit to unit...

Impressive feat connecting them, says I.

7
0

Windows 10 market share stalls after free upgrade offer ends

MacroRodent
Silver badge

Re: I'm not surprised...

I'm still waiting for printer manufacturers to develop printer drivers for Linux!

Best solved by choosing a printer with Linux support. They exist from most major vendors. Given that low-end printers now cost about the same as an ink refill, if your current printer does not support Linux, it is not a big hardship to buy one that does. Eventually the rest of the vendors might get the message.

26
3

Brute force cred crunchers gifted Username Anarchy

MacroRodent
Silver badge

Freedom

> So a pen tester is releasing this into the wild as will help hackers...?

It's the price of freedom. Unless you go for totalitarian control of information, there is no way to distribute it only to the qualified people. The idea is simple anyway, and probably already in use by black hats.

9
0

OK Google, Alexa, why can't I choose my own safe, er, wake word?

MacroRodent
Silver badge

The obvious choice

Prikazyvat, like in Larry Niven's "The Integral Trees". Uncommon enough.

2
0

Ludicrous Patent of the Week: Rectangles on a computer screen

MacroRodent
Silver badge

A new low, indeed

That looks like any number of old GUI and touch screen user interfaces. From the very short patent, it is hard to even see what novelty is claimed. But remember this is a design patent, where the bar is lower than in "real" patents. And judging by this example, they have no screening at all. Or maybe they only checked their database did not contain any identical entry.

2
0

Elon Musk: I'm gonna turn Mars into a $10bn death-dealing interplanetary gas station

MacroRodent
Silver badge

Re: Average temperature -55C, atmosphere almost 100% CO2.

Would rocket fuel do ? [as shielding]

There is the little problem that your rocket uses it up to get going. So it is not there when coasting to Mars and you need the shielding.

0
2
MacroRodent
Silver badge
Boffin

Re: Average temperature -55C, atmosphere almost 100% CO2.

Scarcity of resources is not an issue if your colonists won't likely to survive a trip or arrive with brain cancer

Obviously no-one is going until there is a solution to that. A hard problem, but not impossible. Elon's big booster rocket probably needs to make a few more trips to lift enough shielding material like water, or some hydrogen-rich plastic.

8
0

Hubble spies on Europa shooting alien juice from its southern pole

MacroRodent
Silver badge

Re: How did Clarke know ?!

The various flybys that have occurred since Clarke wrote 2001 (in the 1960s)

The speculations about the ocean on Europa do not appear in "2001", but only in the sequel "2010", written in 1982. At that time Voyager images of the Jovian moons were already available. (The "2010" was the first place I read about the ocean).

1
0
MacroRodent
Silver badge
Alien

The interstellar war would be very short

Movies are one thing, but if an alien species that has mastered interstellar travel but would otherwise not be much more advanced (the usual film scenario, to give humans some changes), I'm afraid it would be always go very badly for us. Never mind having ugly aliens shooting about in flying saucers like in ID4, or in long-legged walking tanks like in War or the Worlds. They would just abduct a few humans, study our biology carefully, then engineer a virus that would wipe us out. A virus that would spread for a few years without symptoms, then suddenly activate when everyone has it. That way they would get the planet intact, and with no risk to themselves.

Maybe that has already started. You know the alien abduction stories...

0
0

Apple to crunch iOS 10 local backup password brute force hole

MacroRodent
Silver badge
Black Helicopters

Weakening

"Apple have moved from pbkdf2 (sha1) with 10,000 iterations to a plain sha256 hash with a single iteration only,"

I wonder why. A friendly suggestion from FBI?

6
0

Half! a! billion! Yahoo! email! accounts! raided! by! 'state! hackers!'

MacroRodent
Silver badge
FAIL

Change! your! Flickr! password!

I'm sure not many people actually care about Yahoo email, but Yahoo also owns the popular Flickr photo-sharing site, and it is accessed with the same account! Hmm. Got to change my password there ASAP...

Aha, the Flicr sign in now even warns about it like this: Make sure your account is secure!

To secure your account, change your password and update your mobile number.

5
1

TRUMP: ICANN'T EVEN! America won't hand over internet control to Russia on my watch

MacroRodent
Silver badge
Mushroom

Re: I honestly don't know who'd be worse

> I am confident that Hillary will not be responsible for instigating nuclear war. I cannot say that about Trump.

My thoughts also. Forget about moving to Canada, If it were possible to move off-planet, there would be a queue after Trump got elected.

Even without nukes, the planet would be in peril. Both he and his vice-presidential candidate are rabid climate change deniers.

5
1

HP Inc's rinky-dink ink stink: Unofficial cartridges, official refills spurned by printer DRM

MacroRodent
Silver badge

Re: Workaround?

So a workaround would be to set your printer's clock to an earlier date?

Probably impossible/difficult now. Most modern printers connect to the network, and get their jobs from there (at least my HP does). I assume they also get time via NTP, I never had to set the clock. One would have to set up an isolated network living in a time warp.

0
0

Opera debuts free VPN built into desktop browser

MacroRodent
Silver badge

Re: An interesting move

I don't think that applies to all BBC content. For example Dr Who credits say "BBC Cymru" (or is it a separate company?). A more relevant reason could be that BBC licenses the programs it owns to foreign broadcasters and video-on-demand providers, who don't want BBC competing with them directly on their home turf.

5
0

Ted Cruz channels Senator McCarthy in wrongheaded internet power grab crusade

MacroRodent
Silver badge

Re: Ted's playing the Long Game...

> Google "Ted Cruz coloring book".

Now that left me speechless!

1
0

VW Dieselgate engineer sings like a canary: Entire design team was in on it – not just a few bad apples, allegedly

MacroRodent
Silver badge

Re: It seem to me

> you got robbed constantly when gangs decided it was easier to wait until you'd done the hard work killing, an animal and dragging it back and cooking it and then just robbing you.

Much the same happened in early agricultural societies. Stationary farmers made easy targets for robbers. The solution to this, organized defense, eventually caused other problems: feudal lords, serfdom.

Of course, things have improved now, at least here in the comfy first world.

0
0
MacroRodent
Silver badge
Boffin

Re: It seem to me

> We would be limited to hunting and trapping and picking berries, warming ourselves over open fires, the lucky ones having caves. Disease would be so rampant that life expectancy would be about 25.

Modern research indicates the life expectancy went down quite a bit after agriculture was introduced. Hunting and picking berries really was healthier! Among other things, agriculture meant living in close proximity to animals, which caused infectious diseases (such as smallpox) to jump to humans. Agriculture also made the diet less varied. Altogether a bad idea.

1
0

Star Trek's Enterprise turns 50 and still no sign of a warp drive. Sigh

MacroRodent
Silver badge
FAIL

Re: EmDrive is an impossible idea?

According to the descriptions I have seen, it is supposed to be so simple you could basically put it together from some sheet metal and parts from an old microwave oven. The fact that there are not dozens of reproduced results by now is a clear indication the idea does not really work.

4
0

Pains us to run an Apple article without the words 'fined', 'guilty' or 'on fire' in it, but here we are

MacroRodent
Silver badge

Wonder how it will compare to the Nokia monster cameras

as seen on the Nokia 808 and Lumia 1020. The former in particular should be hard to beat, some test reports indicate the Lumia 1020 implementation was not quite as good.

1
0

Linus Torvalds won't apply 'sh*t-for-brains stupid patch'

MacroRodent
Silver badge

Re: He's right. Again.

Drivers should be shipped as source code and built with a compiler at install time.

Yes, but even this would not work in Linux (given current policies), because the driver API is not so stable even at the source level. This is justified by the need to preserve the freedom to change the kernel implementation.

3
8

Google emits three sets of Android patches to fend off evil texts, files

MacroRodent
Silver badge

Re: When I were a wee lad, data was data and code was code.

> So how do you do a JIT compile, where data is necessarily code and code is necessarily data? Harvard architectures can't do a JIT compile, which is a necessary speed boost sometimes.

Compile the code as data to a page (or pages) marked non-executable, then change the protection to execute-only. Arrange things so that the compiler is the only application that can change the page protection bits this way, and that it will compile only data that has been originally loaded from valid bytecode files (use checksums for example). This also requires that the CPU refuses to execute anything from a writable page. Perhaps not foolproof, but should make it much harder for malware to write stuff to a data page at run-time and then execute it.

1
0

Adobe reverses decision to kill NPAPI Flash plugin for Linux

MacroRodent
Silver badge

Re: Good

Can anyone give such an example? Genuine question.

One relevant example (for me and other Finns) is YLE Areena, the streaming site of the Finnish equivalent of BBC. They used to serve Microsoft media streams, so Flash in this case was actually a step forward....

2
0
MacroRodent
Silver badge

Good

Flash may be bad, but tell it to the web site builders. Until they dump Flash, it is only good that Linux users can view them, too.

8
0

YouTube breaks Sony Bravias

MacroRodent
Silver badge

Re: Obviously the haven't even heard of defensive programming

No defensive programming can fix that.

No, but that is not what it is about. The application must just be able to decide it cannot handle the situation, give a sensible error message, and exit, instead of mysteriously freezing. This is especially important for software in consumer devices.

Handling error situations well is one of the things that distinguishes quality software from poor hacks.

5
0
MacroRodent
Silver badge
FAIL

Obviously the haven't even heard of defensive programming

Sony: “The symptoms being experienced are not a failure of the TV, but are as a result of specification changes made by YouTube that exceed the capability of the TV’s hardware.”

Total BS from Sony. If your system crashes because it gets unexpected input from the network, it is your fault. The Youtube application need not work with the unexpected input, but it must notify the user and shut down gracefully, without taking the system with it.

But the Bravia bug is typical of the software quality of consumer devices. Like the LG DVD player I have that locks up if it is fed a disk in a format it cannot handle, or is too scratched.

7
4

Is it time to unplug frail OpenOffice's life support? Apache Project asked to mull it over

MacroRodent
Silver badge

Re: Two separate projects are a waste of resources

LibreOffice is now what OpenOffice should have been. It is already far ahead. Among other things, LibreOffice has cleaned up the code base and build system, making further development much easier.

Problems in the original build system was one reason why the security bug was not fixed in a timely fashion in OpenOffice: they could not even compile the dang thing! OpenOffice really is a dead office suite walking.

16
0

Windows 10 now rules the weekend, taking over from Windows 7

MacroRodent
Silver badge
Linux

Re: Lies, Damn Lies, and Statistics

Or in my case it was, "I have to upgrade because I keep getting that security message".

The living-room laptop had that disease until I finally got annoyed enough to find and run a "never10" (or some such) free utility on it, which shut it up by patching registry. The other Windows 7 laptop in the house got the Linux treatment.

The first one would have been Linuxified as well, but I need one WIndows machine to run my negative scanner that has no Linux driver.

2
0

FBI Director wants 'adult conversation' about backdooring encryption

MacroRodent
Silver badge
FAIL

Re: Maybe

Sadly, as many recent reports have shown, much of the Rest of the World are busy talking out of a similar orifice to the one Mr Comey appears to favour, and demanding, or moving towards demanding, the same thing.

Yes, and if the FBI gets its way in te U.S, it will accelerate similar backdoor schemes elsewhere. When every major governement wants access to a backdoor, the magic keys will leak even faster, and the security afforded by such encryption will be worse than that of a girl's toy lock on her pink diary.

8
0
MacroRodent
Silver badge

Re: Comey = Traitor or Idiot

Given enough time and resources all messages can be broken and read.

Enough time, sure. As in millions of years. And adding bits to the key makes the time go up exponentially. DES with its 56-.bit key is now considered crackable, so it has been replaced by algorithms with a longer key. I expect they too will be replaced as computing power grows. But it does not really matter, as long as the time needed for a brute force attack is longer than the time the message is expected to be relevant.

2
0

USBee stings air-gapped PCs: Wirelessly leak secrets with a file write

MacroRodent
Silver badge
Black Helicopters

Re: Missing piece...

But it has exposed USB ports. Seriously?

I wonder if the attack could be extended to work with other attached devices, like a mouse: you can send configuration and status request commands to it. Or if the PC or laptop has earphones, you could send very high-pitched modulated sound, which would turn into very low-frequencey radio. Sound cards can often output up to 20khz, it does not matter if the earphone does not reproduce it, and most adults cannot hear it anyway, so the hidden carrier would be undetectable.

5
0

Europe to order Apple to cough up 'one beeellion Euros in back taxes'

MacroRodent
Silver badge
Thumb Up

Now, if some specific company gets a better treatment than others, it can be ruled a "state aid" - the government "pays" the company renouncing to taxes - which is forbidden by EU rules.

Not to mention extremely unfair to other companies, Irish or foreign.

Any true free market enthusiast should actually be cheering the Commission, even if they don't like taxation: if there are taxes, the same rules shall apply to everyone, so as to not distort the market.

1
0

Microsoft redfaced after Bing translation cockup enrages Saudis

MacroRodent
Silver badge

Re: Looks like someone had a botnet

NIcely illustrates the dangers of "crowdsourcing". Actually, bots are not even needed, if you can motivate lots of volunteers to carry out the hack. This technique has already been used to smear people in Google searches.

6
0

Your wget is broken and should DIE, dev tells Microsoft

MacroRodent
Silver badge

Re: Nothing new

>People still used FTP?

I still often find it to be the only common way to move files between unlike systems. Even if a better alternative is available for some OS; it may not have been installed by whoever is in charge of the system I need to communicate with. Or there is stupidly configured firewall blocking the way for other methods. I don't think FTP is going away any time soon...

4
0
MacroRodent
Silver badge

Nothing new

It is the same when you run the FTP command on Windows. After all these years, it still does not understand the "passive" command, which makes FTP work better through firewalls.

19
1

Oracle Java copyright war latest: Why Google's luck is about to run out

MacroRodent
Silver badge

I don't get it

Why would the use of Android on something else than mobiles change the fair use argument?

9
0

We're going to bring an asteroid fragment into Lunar orbit

MacroRodent
Silver badge
Mushroom

Re: Giving Skynet an Asteroid to Drop on Us?

The technology, once invented, cannot be uninvented. If you can park something around the moon, you can plow something into the Earth.

The same states that can (perhaps) alter the orbits of rocks in space have also the capability of dropping fusion bombs anywhere on Earth. So this does not give me anything extra to worry about...

9
0

#Shadowbrokers hack could be Russia's DNC counter-threat to NSA

MacroRodent
Silver badge
Happy

OT: emojis as icons (Re: The press is already misinterpreting this)

Where's that shaking head emoticon when I need it?

It would in fact be a neat extension, if The Register allowed one to insert any emoji character as the forum posting icon, which would then be blown up to the usual icon size.

0
0

Nokia taps former Rovio man Rantala to market relaunch

MacroRodent
Silver badge
FAIL

You got it backwards

HMD global Oy, the parent company of Nokia,

Say WHAT? HMD Global just tries to relaunch the "Nokia" phone brand, but it is most certainly not the parent of Nokia the company (which is still going strong in network equipment). Nokia just licenses the brand to HMD, and has a representative in HMD's board.

Sloppy reporting.

3
0

First FreeBSD 11.0 rc lands

MacroRodent
Silver badge
Linux

Drivers

instead of fixing long standing but difficult issues like FOSS GPU drivers STILL sucking,

Doesn't the blame here belong more to information-hiding hardware vendors?

(If I were the Great Dictator, I would prohibit the sale of any computing-related hardware, unless full programming information is made available for at most nominal cost, and without NDA restrictions.)

5
2

Video surveillance recorders riddled with zero-days

MacroRodent
Silver badge

Re: The joy of The Internet of Things

Isn't it about time we just assume that the default setting is security = nonexistent?

Looks like it. The problem is, security problems are not visible to most customers, until too late, and the vendors escape any liability. Same thing has happened in comparable situations with other technology. Cars used to be "unsafe at any speed", until increased awareness and regulation improved the situation.

1
0

Australian spooks' email guide banishes MS Word macros, JavaScript

MacroRodent
Silver badge

Re: Huh?

>Honestly, the best protection against macro viruses now is to be running an up to date version of Word. It won't run macros unless you, the user, explicitly enable them.

Not sure if that helps against a good phishing attack. If the attachment comes from a plausible-looking sender, the recipient is likely to enable the macros anyway, especially if it looks like the document cannot be read otherwise.

Really, the only solution is using document formats with no macro feature, or at most macros that are strictly limited to operating on the document contents itself, with no kind of programmable access to the file system or network at all.

10
0

My Microsoft Office 365 woes: Constant crashes, malware macros – and settings from Hell

MacroRodent
Silver badge

Stupid quotes

"LibreOffice isn't quite as fast as Word, but it's getting there. What is yet to be determined is not only whether or not I can defang all the "smart quote"-like stupidity and either have it preserve my settings through upgrades or make the settings changes something easy that can be injected at boot."

Yes, unfortunately LibreOffice also comes with these "I know better than you do how you want to write" settings enabled by default, but they can be turned off ("Tools->Autocorrect Options" and "Tools->Spelling and Grammar...->Options..."), and so far it has been very good at retaining these settings over upgrades (however, have not yet tried the latest version).

2
0

Microsoft silently kills dev backdoor that boots Linux on locked-down Windows RT slabs

MacroRodent
Silver badge

Re: Microsoft send an incoherent message

But "Microsoft Love's Linux".....

When they see an advantage in doing so, like in cloudy stuff, where Linux currently rules (the "embrace" phase). So there is no inconsistency.

Anyway, from Microsoft's point of view, this was about fixing a bug. Supporting Linux on these tablets was never promised.

6
1

Lenovo scrambling to get a fix for BIOS vuln

MacroRodent
Silver badge
FAIL

Re: Not Again!!! - Because ...

"There's no hardware you can trust."

Actually, there could be: a mechanical switch or jumper that would be connected directly to the write-enable pin of the firmware memory. Low-tech, and would keep the control in the hands of the owner of the machine, instead of Microsoft, which is of course we have the overly complicated UEFI "secure boot" instead. (And when you hand a complex spec to a vendor, it is guaranteed to screw up the implementation).

2
0

Linux letting go: 32-bit builds on the way out

MacroRodent
Silver badge
Holmes

32-bit compatibility

From article: "and if users desperately need to run 32-bit legacy applications, the'll have to do so in containers or virtual machines."

A strange statement. Actually, the x86_64 version of the Linux kernel runs 32-bit applications perfectly transparently, if the distribution provides the 32-bit versions of shared libraries, and they are installed. Or at least that is how it is in Red Hat and OpenSUSE, where 32-bit libs live in /lib and /usr/lib, and 64-bit libs in /lib64 and /usr/lib64, so installing them side by side is no problem.

I'm not that familiar with Ubuntu and other Debian derivatives. Maybe they use /lib and /usr/lib also in 64-bit systems, in which case I can see why they have extra trouble here. Too bad, they could have avoided it.

4
0

Alleged Brit hacker Lauri Love bailed amid US extradition battle lull

MacroRodent
Silver badge

Crime and punishment

A Finnish paper noted yesterday that in the U.S, Lauri Love could face 99 years in jail, whereas in Finland he would face 5 years at the worst, but probably less. U.S prison sentences are completely out of proportion.

21
1

Page:

Forums