* Posts by Mad Chaz

199 posts • joined 9 Dec 2009

Page:

New Xen vuln triggers Amazon, Rackspace reboot panic redux

Mad Chaz

"Microsoft, for example, uses a homegrown hypervisor for its Azure cloud."

Microsoft doesn't do planned reboots anyway. It just falls over without warning and they wonder what happened.

1
0

'Lenovo, Superfish put smut on my system' – class-action lawsuit

Mad Chaz

"Right now our main priority is working on fixes to the SDK, once it's ready we can deal with the site and DDOS attach which is not a priority right now,"

In other words, we're hard at work hiding any and all cash we made so we close shop and vanish before someone comes knocking at the door asking questions we'll need a lawyer for.

20
0

Author fined $500k in first US spyware conviction

Mad Chaz
Trollface

"As technology evolves, the FBI will continue to evolve to protect consumers from those who sell illegal spyware."

So when can we expect you to go after the NSA then?

0
0

Lenovo to customers: We only just found out about this Superfish vuln – remove it NOW

Mad Chaz

Re: Orange Alert!

"Which threat? The security threat, or the threat to their bottom line?"

I think it's the threat to the PR director's job that got them moving.

18
0

Post-pub nosh neckfiller: The Red Dwarf chilli chutney egg sarnie

Mad Chaz

Deeper research needed

I think for a proper story, you should trace back the blokes who came up with this brilliant non-sense and ask where they got the idea.

Also, the only thing that could have made Red Dwarf more awesome is more episodes per season. Incredible show. Wish more of it existed.

0
0

New claim: D-Link router exposes unprotected config controls to web – DNS hijackers, ahoy!

Mad Chaz
Alien

Re: ISP DNS

I was going to say something among those lines. Makes me glad the only way to get into my router involves ssh on the right network interface.

What's really sad is this is the kind of stupid mistakes any kind of even 1/10th decent quality assurance would have found. I mean how hard is it to just run a port scan ONCE on the firmware before you burn it on thousands of devices? Hell, there are websites that'll do it for free for any idiot who wants to just try.

Doesn't even involve making sure your webpage doesn't let you change things without first entering the default username/password.

When are we going to make these people to issue recalls? No, a firmware update no one will install doesn't cut it. Force them to take the kit back and feel the financial pain.

Alien, because it's colder then it as any right to be here, these people are stupid and I don't want to live on this planet anymore.

Makes me want to bang my head against a wall.

3
0

Why so tax-shy, big tech firms? – Bank of England governor

Mad Chaz

Re: Common Tax Delusions

Except corporations are "people" now, so along with all the perks that offers, they have to pay taxes on PROFITS. IE, on the money they made on the product. It doesn't change the price of producing the product, just how much profit the corporation can make on it. (you make more, you pay more taxes)

It's a way of redirecting wealth concentration for the greater good. In theory, that is what taxes are supposed to do. You make those with more money pay more so you're taking the money where it will hurt less people to produce value for all in the form of public infrastructure and services. This then profits those who have more money because the lower classes can get more done. That's the theory anyway.

In practice, it's now turning a lot more into a way for the rich to get richer and keep others poor.

You know that's bad when even a BANK BOSS says so.

1
0

Video nasty: Two big bugs in VLC media player's core library

Mad Chaz

Lister: We’re on a mining ship, 3 million years into deep space. Can someone explain to me where the smeg I got this traffic cone?

Cat: Hey, it’s not a good night unless you get a traffic cone! It’s the policewoman’s helmet and the suspenders that I don’t understand!

2
0

Apple lawyers fight to silence dead Steve Jobs: 'No right' to hear him from beyond the grave

Mad Chaz

Gota love how a story about Jobs is now completely taken over by 9/11 ranting.

0
0
Mad Chaz

Re: Not strange to me...

True, but a single manager can force 2300 architects and engineers to make the same bad decision.

0
0

WHOMP, there it is: Seagate demos Kinetic disk drive

Mad Chaz
Coffee/keyboard

"Seagate says its fancy drive is getting support from various respectable businesses like AOL"

AOL? Really? I mean AOL backing this product is enough reason NOT to want it all by itself. If AOL is interested, it MUST have fail writen all over it.

Seriously, you owe me a new keyboard after writing something like that.

0
0

Buggy? Angry? LET IT ALL OUT says Linus Torvalds

Mad Chaz

Re: So he admits it

Or Jobs. Rumor as it he was one heck of an asshole to work for.

12
0

VMware wins cool reception for two-CPU eval software

Mad Chaz

lots of home lab use KVM, almost entirely because of price.

Sure, it doesn't let you play with VMware's latest toys, but it's free and does what you need it to do for a home lab.

2
4

US drug squad cops: We snooped on innocent Americans' phone calls too!

Mad Chaz

"The agency is no longer collecting bulk telephony metadata from US service providers."

In other words, we've hired a third party private company (staffed by friends of XYZ) to do it for us. It's more expensive, but it allows us to say we're not doing it ourselves anymore.

5
1

Lazy FTSE 350 firms think lawyers can fight off cyber-security worries

Mad Chaz

Re: insurance

Once again, until top management can be held criminally and financially accountable for breaches, this will never get fixed. The people with the power to do something need to be the people held responsible when they do nothing.

8
0

Can't stop Home Depot-style card pwning, but suppliers will feel PCI regulation pain

Mad Chaz

The blame game and lack of responsibility.

The issue is that the people who COULD force the proper practices are the very ones who have all the incentives not to. The people in charge of IT are, 999/1000 of the time there to keep the budget to a minimum and rarely know how to even turn the color box on without help.

So it's "I can save here, here, and here" instead of "we have to spend X on this or we could face Y in the future".

When the penalty for a BREACH is you loose the ability to process payments until you can SHOW you took proper precautions to convince a third party you did your homework properly, as well as LARGE fines if you fail to disclose any such breach and are found out, we'll start to see some pro-active managers.

Until the idea of loosing the consumer's data equals "we will loose the entire buisness and I will not only loose my job, but also my golden parachute and I might face jail time if we don't do this right " in the mind of the people paying and approving the expense, it will continue to get worst.

1
0

Norks SCOLD Prez Obama over Sony mega hack payback sanctions

Mad Chaz

So human rights violation, torture, crimes against humanity = OK, no probs.

Hack a film studio that can't take basic security measures and keeps getting hacked like hell = sanctions.

Never mind if they actually did it. Even if they DID do it.

.... I don't want to live on this planet anymore.

19
2

Prez Obama slaps sanctions on Norks in payback for Sony hack

Mad Chaz

I blame sony. They failed to learn from past mistakes and have been hacked so many times in the past, it IS starting to look like the "victim"* is to blame.

*the real victims are the people who's info was stolen and who's life might be ruined by this, but I mean Sony here.

They seriously need to step-up security over there.

17
1

JPMorgan Chase mega-hack was a simple two-factor auth fail

Mad Chaz

I wonder when someone is going to wake up and realize all these "big scale hacks" are basically the money men leaving your private details in a box on the side of the street and claiming "someone stole our shit".

They blame technicians now, but who wants to bet this "server" was some director's old vpn entry point and the guy was too stupid/pig headed to change how he connected to the network from home on his windows XP laptop (they forced him to give up his windows 95 when the HDD died, but he screamed then too)? He'd probably convinced some "security manager" it was perfectly safe by bugging him until he gave up in frustration?

As for the "It's all TCP/IP's fault" AC, you're missing the point entirely here. Sure, we could have a better protocol then TCP/IP. It sucks. But even that would not do squat against the kinds of vectors this was done by, IE, old uncared for boxes that should have been retired 10 years ago, but with someone in power who "can't live without it", in the network. You will also always have machines that need to access other stuff (users talking to servers) and those will have to talk to all those different protocols, increasing the surface of attack IT staff have to maintain over the entire park. So more of a "loose loose" situation. This wasn't a protocol attack. This was a "we keep the door locked with just a rope and a do not enter sign" kind of attack.

The real criminals are the people who didn't take basic precautions. Those are the ones who should face a day in court.

0
0

Judge kills Facebook's bid to dismiss private message sniffing case

Mad Chaz

To me, this sounds like one of the first time an online service's T&C is likely to get a proper look at in court. Could be interesting.

14
0

Google sues Mississippi Attorney General 'for doing MPAA's dirty work'

Mad Chaz

Re: Only in America

Not for asking too many questions. For working for the studios. He's not supposed to be on special interest's payroll.

69
3

Sony hackers dump more hunks of stolen data, promise another 'Christmas gift'

Mad Chaz

Re: They are done

Last I checked, Apple and MS never released music CDs that installed malware in your computer if you so much as put the disk in.

7
1

Canadian watchdog goes to court to probe Apple's iPhone deals with mobe networks

Mad Chaz
Childcatcher

Conservative gov

I, as a proud Canadian, have full faith that justice will be rendered on by our wonderfull federal gov ... oh, this is the same gov that tried to make it illegal for fixed line ISPs to offer unlimited data usage to try and kill the small re-seller market? Right ...

4
0

It's a bad day to be Serco's CEO... or an investor, come to that

Mad Chaz

"significant advances in public sector contracting <...> that transfer substantially more risk to suppliers. "

In other words, we bid a lot lower then we knew it would cost to win the contract and got screwed over when the gov actually expected us to deliver at the price we said and didn't approve all the cost overruns we had planned.

7
0

'Tech giants who encrypt comms are unwittingly aiding terrorists', claims ex-Home Sec Blunkett

Mad Chaz

I'd suspect a fan of gulags. I wouldn't want something I like associated with that man even remotely either.

1
0
Mad Chaz

Quote: Tech companies who provide encrypted – and therefore secret – communications online <...> foster fear and instability around the world.

What I heard after: And we can't have that, because only government is allowed to do this!

Here is a clue. Maybe everyone is starting to get affraid someone's listening in, not just those you call bad guys. Cause, you know ... bypassing due process and law and all.

5
0

BOFH: SOOO... You want to sell us some antivirus software?

Mad Chaz

Re: Simple comment...

What kind of haircut did he have? I wouldn't be surprised if it as pointy ...

7
0

Ex-NSA lawyer warns Google, Apple: IMPENETRABLE RIM ruined BlackBerry

Mad Chaz

it helps them figure out what due process is so they can bypass it

2
0

By the way, Home Depot hackers also grabbed 53 million email addresses

Mad Chaz

I think it's about time laws were put in place so people who react like they did get jail time.

"We sale hammers" is not an excuse for crap IT practices when you handle people's financial information., yet it's unfortunately a very common kind of excuse. I've even seen IT stores fall to this way of thinking.

2
0

Data protection laws come to the rescue of poor, underpaid UK MPs

Mad Chaz

Re: Monitoring

Because you can't then resale a 1 bedroom flat you rented and make a profit out of it. You buy a house, let the idio ... taxpayers pay for it, then sale it and pocket the difference.

4
0

UNIX greybeards threaten Debian fork over systemd plan

Mad Chaz

Re: the "fun" part about systemd

Having spent the last 10 years supporting Windows machine(server, desktop, you name it), I know entirely too much about it for my own taste.

0
0
Mad Chaz

Re: the "fun" part about systemd

You make it sound like installing gnome is a must. If you want gnome, yea, you are stuck with systemd. That's systemd and gnome's fault, not gentoo. A lot of people who run gentoo are also likely to use something else then gnome (if they have a GUI) and the default installation manual still recommends using openRC.

0
0
Mad Chaz

the "fun" part about systemd

Is how much it wants to do. Explain to me why an init system needs (yes, it's required) an http server running?

Systemd is basically trying to take over the entire software stack. The attitude of the devs speaks volumes about this too. You find a lot of gems in the kernel mailing lists. The Gentoo Linux forum as been rather alive about this topic, as the maintainers of the distribution refuse to make systemd the default (it's an option, but not default) and a lot of the users agree with the choice.

Systemd is a lot like the windows registry. Lots of binary blobs you can't read or fix if things go wrong. Most linux users would rather the system took 10 more seconds to boot and be sure they can fix it if something goes wrong. It's not like we reboot our machines all the time.

70
0

Nadella's Karmagate howler was response to MICROSOFT BOARD DIRECTOR – report

Mad Chaz

Re: Is he a bit out of touch?

“That might be one of the initial ‘super powers,’ that quite frankly women [who] don’t ask for a raise have,” came the jaw-dropping reply. “It’s good karma. It will come back.”

Works for men too. What karma does when it comes back is land you with more work, more responsability and not a single cent more, because if you aren't asking for a raise, you must be happy with your salary!

It's like he's drinking the "trickle down" economy kool-aid.

7
2

Prez Obama backs net neutrality – but can't do anything about it. Thanks, Obama

Mad Chaz

Re: We know that

I think it's more ''Please don't hand the next election to the republicans by pissing the electorate off, our finances can't afford it right now" is how I'm reading it.

But I'm not from the US, so what do I know?

2
4

Slap for SnapChat web app in SNAP mishap: '200,000' snaps sapped

Mad Chaz

Re: A question

Another nail in the "security by obscurity" myth's coffin I guess.

Probably did something stupid like use a hard coded key in the app anyone with a compiler can extract.

But even then, anyone stupid enough to use an un-official site to save snapchat pictures is stupid enough to not have understood the point of snapchat, nevermind the fact that giving your password to a third party is dumb in the first place.

The good book as something about this too.

" A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."

14
0

WOMEN, your 'SUPERPOWER' is ... NOT asking for a RAISE: Satya Nadella

Mad Chaz

"He still has a long way to go before matching his predecessor, however. Former boss and publicist's nightmare Steve Ballmer had a history of behaving rather erratically in front of cameras."

What's fun is when you find yourself with a boss that think that is the proper way to talk with employees ...

3
0

Apple, Google mobe encryption good news... for TERRORISTS – EU top cop

Mad Chaz

“In any democratic society we need to provide law enforcement with a right to obtain information authorised by a judge, based on a clear suspicion, in cases involving serious crime or terrorism. This applies to the offline world and should also apply to the online world."

And that is why encryption is a good thing, as it forces the law enforcement to actually, you know, ask a judge for a warrant. Once you're actually doing that, we can talk. For now, go back into the hole you crawled out of.

5
0

PORTAL TO ELSEWHERE scried in small galaxy far, far away

Mad Chaz

Re: Doorways / Portals

you're starting to sound like amanfrommars ....

0
0
Mad Chaz

Re: Black Hole belongs in Alice in Wonderland

To continue with stereotypes, crackpots are also always quick to refuse other's opinions.

Your mistakes, and you made 2, are as follow.

1: you expected that a IT tabloid and it's comment forum were good places to discuss dense implementations of physics developed by people who, while brilliant, didn't have all the facts we have now about quantum mecanics. (remember, Einstein didn't believe in QM. We also find something very much like his biggest mistake (his words) accelerating the universe when we look out)

It's the wrong forum because at best you'll start a troll war. At worst, you'll get laughed into Oblivion.

2: That if experts ignore a paper or think it's not worth taking into account, they generally know what they are talking about.

If you know better, write a paper, prove it, and they will listen to you.

11
0
Mad Chaz
Coffee/keyboard

Re: Also, that title!

"Yes, quite likely directly into the universe's best implementation of blend-it-all Moulinex."

You, sir, are a genius. You also now have to send me a new keyboard.

well played.

1
0

Italy's High Court orders HP to refund punter for putting Windows on PC

Mad Chaz

Re: What are Apple buyers going to do.

Actually, while I do not like apple, you are wrong there. You can install any OS on a MAC. From windows to linux to bsd. They even provide drivers for windows and facilities to do it with bootcamp.

As for OS X elsewhere, that's not the same thing either.

2
0
Mad Chaz

Re: I want a Mac and iPad without OSX/iOS preinstalled... and an Android without Google software

Actually, OS X is now free if you own a MAC. It just won't run if you don't. You aren't charged for iOS or Android, it's given away with the device.

That's the difference.

4
1

Smart meters in UK homes will only save folks a lousy £26 a year

Mad Chaz

Re: not smart

have a look at just how MUCH information they are able to get from a smart reader. It can even go down to what movie you are watching by being able to analyse the fluctuations in usage from your TV.

It's seriously scary stuff.

1
2
Mad Chaz

Re: How do these thing save money?

They save money for the utilities, because they no longer have to pay someone to go read it.

Don't expect it to show on your bill however.

1
1

CIA infosec guru: US govt must buy all zero-days and set them free

Mad Chaz

Actually, code re-use is a good argument FOR the measure.

If your cold is old enough you aren't willing to support it, then why are you still using it in the newer product?

In truth, the whole idea is to force software compagnies to do something all other compagnies have to do, take responsability for the products they offer. By forcing them to re-internalise a lot of the costs of the crap they put out, you make it financially worth it for them to fix it.

7
0

DAYS from end of life as we know it: Boffins tell of solar storm near-miss

Mad Chaz

Re: Ouch

GPS wouldn't survive. The satelites would get fried. Also, most electronic that isn't shielded would also fail as induction currents from the magnetic storm we'd get from the CME hitting fries all the delicate components. So no more computers even if they aren't plugged.

1
5

NASDAQ IT security spend: $1bn. Finding mystery malware on its servers: Priceless

Mad Chaz

Re: Security

That's what happens when the only measure of "effort" is how much you spend.

I can spend 100 000$ on a 20 000$ car, I'm sure I could find someone who'd be willing to sale it to me for that price. Does that mean I have 100 000$ worth of car?

Paying someone a million to write a nice report saying "everything is following best practice" isn't getting a proper security audit with penetration testing by people who actually know what they are doing. But that requires hard work and actual costs, yet doesn't look as good on paper to the board.

15
0

Want to legally unlock your phone from its network? The US Senate says that's A-OK

Mad Chaz

Re: DrBob

That one you got backward. The trick here is they sale you a box that's useless on any other service and sale you 100 channels you don't want in a bundle with the 4 you do want, but that are all mysteriously in different "packages".

The cellphone gig is different. How they did it is they add a small lock code that allows them to claim better "security" for your calls. But due to the DMC's stupid language, that makes changing the code in that illegal. This way, it means you have to pay off your phone if you leave, but can't use it elsewhere. if nothing else, think of all the garbage bags full of fully functional phones. It's basically a way to trap you in.

3
1

Bezos house 'on FIRE': Amazon in-app kiddy megabuck charge storm

Mad Chaz

Just remember apple didn't put it there by choice. They went to court to keep that function from happening and lost. Heck, they are STILL fighting it.

8
0

Page:

Forums