* Posts by LDS

2187 posts • joined 28 Feb 2010

Associated Press sues FBI for impersonating its site to install spyware

LDS
Silver badge

Re: Is AP angry because FBI hindered a big piece of news?

Yes, and I would willfully cooperate, I'm not a coward. A copyright infringement? C'mon. If you know someone has a hostages and the police use an agent dressed as the local pizza chain to get close to the house because the criminals ordered a pizza is a trademark/copyright infringement? And the criminals would take revenge against the pizza chain?

It was also a targeted interception, as I read in this article. No one else could have been compromised, unless the suspect had forwarded the mail. Anyway, when you bug a room or a phone you also get other conversation, it's inevitable.

Face it, today you can't investigate only on the physical world. A lot happens in the 'cyber' one. Just any other interception system it has to be under legal control, a warrant needs to approve it on sound basis, and it has to limited as much as possible to the suspect(s) only.

Or the police should be fully forbidden to investigate in the 'cyber' world? One day, when *you* will be the victim of a crime, I'm sure you will change your mind and ask to gather the whole internet traffic to obtain justice...

2
2
LDS
Silver badge

Is AP angry because FBI hindered a big piece of news?

'Bomb explodes in high school! Many victims, read all the details! Full video of people tore to pieces! Read the full story of the murderer from Facebook! All the evidences FBI ignored!'

If it was under a legal warrant, and targeted to a single suspect with good reasons to target him, I don't find it so bad. Or an agent under the disguise of a courier or pizza boy to be able to catch off-guard dangerous criminals now is no longer permitted because it damages the brand reputation?

5
7

New low for humanity: ONE BEELLION lost souls log on to Facebook in one day

LDS
Silver badge

One lillte step towards his own cult of personality...

... and his attempt to world dominance.

0
0

Met Police to slash hundreds of IT jobs, hands £216m outsourcing gig to Steria

LDS
Silver badge

Re: This won't be popular...

Trying to exploit low-income areas to keep wages low has usually the disadvantage you won't be able to hire skilled people who know they can earn much more elsewhere, especially since those low-income areas offer often lower quality services also. It works for low-skill industries, never for hi-tech ones.

I live in a country where the government stubbornly thinks disadvantaged areas could be improved planting high-tech districts. Of course doing that in mafia-owned regions with a very low quality of services (hospitals, schools, etc.) means only locals apply for a job, because they're already used to live there. But because of the low level of local education system, and the failure of attracting very skilled people from elsewhere because of the non-existent appeal of the areas, the results are a disaster, of course but for the companies getting subsidies to install there...

0
0

Wow, Barcelona really has a problem with tech disruptors. Watch out Airbnb

LDS
Silver badge

Re: Governments effectively seek to outlaw direct transactions between citizens

Yes, if those 'direct transaction' means to bypass sensible rules (i.e. safety and hygienic ones) and not pay taxes, I guess governments, aka other citizens who obey rules and pay taxes, have very good reasons to give them a deeper look....

7
1

Google makes it official: Chrome will freeze Flash ads on sight from Sept 1

LDS
Silver badge
Devil

You will able to get only Google delivered malware...

... we don't want you infected by anybody else!

In other news, Google wants Apple developers to switch off HTTPS for its ads...

1
0

Malware menaces poison ads as Google, Yahoo! look away

LDS
Silver badge

very clever approach by crooks

Because nobody will do anything to keep the issue under control. News media won't warn the readers (but El Reg and a few others tech ones, maybe) and suggest blockers, because it will kill their own revenues stream. And the ad industry is now so big it can ignore the problem without risks of being rejected by customers. So crooks got a big chance to be able to continue operating without anybody doing nothing. They found a very, very weak spot, and could exploit it for a long time.

2
0

First pics of flagship Lumias for 18 months released … or maybe not

LDS
Silver badge

OS/2 3.0 did run Win 3.x applications. But it couldn't run Win32 applications, and there were some issues with some Win 3.1 as well. IBM too thought it was a way to get OS/2 more deployed, and instead of investing heavily on OS/2 native apps (it had bough Lotus, which had already lost by then on Windows...), waited for someone else do their own porting. They never did, and as soon as OS/2 couldn't run the newer app, it was in a dead end.

Is MS sure Google won't ensure soon Android apps couldn't be run on Windows, and users depending on them will have a good reason to migrate away?

I wonder what Nadella smokes, it should be worse than what Ballmer smoked...

0
0

Why Nobody Should Ever Search The Ashley Madison Data

LDS
Silver badge

Reading it accurately it does indeed look a joke. The attempt to show that actually only a tiny, tiny, tiny minority of site users are actually cheater, that almost all credit cards number were stolen ones (why would crooks waste them this way?), that all the cheaters had a very good reason and partner permission, especially that unforeseen illness called 'pregnancy' as a valid excuse ('really, I didn't know sex lead to pregnancy').

And everybody of course was very, very careful about sexually transmitted diseases, and not having children with their occasional partner...

And the rant about the military, but still noticing their 'publicly sworn oath' - and, after all, a marriage is too a publicly sworn oath you do because you choose it.

Also, that identifying an hypocritical politician is good (especially if it raises the journo notoriety, status and pay), while identifying your hypocritical partner is not.

And really, the closing lines about the moral standard asserting that wanting to know if your partner cheated you is worse than actually cheating. That's the real true old moral standard, when women had to accept silently their partner cheats, violence and so on... because as long as everything was 'secret' it was OK.

3
1

What Ashley Madison did and did NOT delete if you paid $19 – and why it may cost it $5m+

LDS
Silver badge

'Presumably ALM kept these details on file, even if you paid to delete your account, so it could get a picture of how old its users are, where they are from, what sort of person they are, and so on.'

You should change 'to get a picture' into 'sell those data to anybody willingly to pay for them'.

Again, in such business, you're always the product, never a customer.

2
0
LDS
Silver badge

Re: Hmmm...

No, it would mean the application needs to store the encryption key, and usually it's more difficult to protect it there than at the database level. Moreover, any application accessing the data needs to know the key.

Usually the best approach is let the database do the encryption, and then if needed protect the communication channel.

3
0
LDS
Silver badge

Re: Hmmm...

I wonder what edition of MySQL they used... because AFAIK database encryption is available only in some commercial edition.

0
0

Blueprints revealed: Oracle crams Sparc M7 and InfiniBand into cheaper 'Sonoma' chips

LDS
Silver badge

Re: What I Think Is the Big Question

At least, compare it with Intel chips designed for servers, not desktop/laptops...

4
1

Even 'super hackers' leave entries in logs, so prepare to drown in data

LDS
Silver badge

Just people are usually good at computing people and equipment costs, never at estimating risks and their real cost...

2
0

Ashley Madison spam starts, as leak linked to first suicide

LDS
Silver badge
Devil

I'm sure privacy concerns will be taken seriously this time...

... because the nature of the data, because of the people involved, and because data are available for free to anyone and not to a few ad giants only.

As usual, lawmakers will really act only when their own butts are on fire... and when they have nothing to gain personally but a lot to lose.

1
0

The good burghers of Palo Alto are entirely insane

LDS
Silver badge

"fields that the farmer is being paid to keep empty"

Just as long as you can import cheaper crop - which may not be true in the future... I'd be careful to build houses everywhere, you can't grow nor eat concrete... one day those fields could turn very useful.

Houses prices have nothing to do with availability, in a few countries there are *more* houses available than people and demand, still builder/owners tries to keep prices far too high for the available income (and many houses stay unsold) - even if building is now cheaper than ever, especially since workers are mostly low-paid immigrants from East Europe and Africa - but it was a quick way to make money, together banks for which mortgage loans have been a huge, easy, no-hassle affair in the past years - far easier and less risky than to invest into other kind of businesses - which also explains part of the enduring crisis in many European countries.

5
1
LDS
Silver badge

The issue is tha building on 'virgin' land...

... is far cheaper than buy, demolish old buildings, clean up and build new ones (unless a war helps you). Thereby 'investors' prefer to destroy new land while leaving behind old building areas which soon turns into slums - which has a negative economic impact also. Unluckily, the only way to stop this is through 'zoning', and then, yes, the 'artificial' value created can be good, if it puts constraints to redevelop areas instead of abandoning them while exploiting new ones in larger and larger circles - land in not an infinite resource...

3
0

Sysadmin ignores 25 THOUSAND patches, among other sins

LDS
Silver badge

A modified gina.dll smells very bad...

... I would have performed a full check of that machine, and reinstalled it ASAP.

8
1

Spotify climbs down on new terms and conditions

LDS
Silver badge

Re: peer-to-peer

In a work context *any* streaming service is bad - and good places or blocks them or puts proper QoS rules to block them when revenue-generating traffic needs the bandwidth...

0
0
LDS
Silver badge

Another case of "We tried to push it down your throat without you noticing..."

"... but this time it didn't worked. Please accept our apology while we look for another way to achieve the same."

31
0

Ashley Madison hack – Tory MP Green denies registering account

LDS
Silver badge

Re: Unsheath your sword of truth

And your year of birth even easier - but why make him look younger if you're trying to embarrass someone?

3
0
LDS
Silver badge

Re: Excellent.

Don't worry, it's still full of Clintons looking for the presidential seat, and Bushes are not scarce either.

4
0
LDS
Silver badge

Mail adresses were not checked...

... but does the system send emails automatically for contact requests or other messages exchanges? Who would risk to send them to other people addresses, risking to expose their activities, especially to some who could easily trigger a full investigation, unless explicitly trying to embarrass the recipient?

Or AM hoped to make some easy money from cancellations by people too afraid to make it public?

4
0

Get whimsical and win a Western Digital Black 6TB hard drive

LDS
Silver badge
FAIL

"Beam me up,,,"

"... there's no intelligent ape-like lifeform on this planet as we believed!"

0
0

Now Ashley Madison hackers reveal 'CEO's emails and source code'

LDS
Silver badge

Why the hacker should be 'he' and not 'she'?

1
0
LDS
Silver badge

"At least they could go out gracefully and protect the privacy of their customers"

A company trying to make easy money in such a business? They will try to beat the horse long after its death and putrefaction.

9
0

We're saving tax payers' money on Oracle licensing, honest, says Gov.uk

LDS
Silver badge

Re: Inquiry needed?

Face it - when you have a large amount of data stored in, and application built upon, whatever which is not plain ASCII files, you're going to depend on whatever manages those data, and moving away may be so expensive, and take so much time - with all the implied risks, it could be cheaper to stay with the current system even if still crazily expensive.

It would have happened with any other system - even open source ones - which doesn't mean "free" ones if you have to rely on truly professional paid support.

Moreover, offering features or solutions nobody else matches yet isn't illegal. Do you believe there are people who use Oracle despite its crazy prices just because of the name or because they get bribed? When it gets to very large, complex databases the available options unluckily becomes very few, because most of the efforts are directed to cover the medium sized databases (and the small ones), where it is easier to make money with a relatively moderate effort thanks to the larger user base - while many of the very large databases proprietary solutions implemented by some very large companies (Google, Facebook, etc.) may be very vertical, or never made available for general use, or both.

0
0

Pirate MEP: Microsoft's walled garden is no consumer pleasure park

LDS
Silver badge

Re: Stop Panicking

Yes, but now it's Windows AS A SERVICE...

2
0
LDS
Silver badge

Re: Earth to Microsoft

He wouldn't be able because his patches would be rejected because Linux has to stay a 1970s OS and never enter the XXI century... people feel comfortable in lots of its outdated designs because it ensures they never need to learn anything new, and better...

1
23
LDS
Silver badge

Re: Earth to Microsoft

Sure, because a Chromebook is something which is not controlled by Google, right? Ubuntu didn't play some nasty trick too, did it? And sure unauthorized hardware support is not an issue with Linux, most non mainstream hardware risks to be not supported anyway...

1
5
LDS
Silver badge

After all, they did see it worked for others, so why lose their chance? I've been saying for a long time that if Apple & C. had succeeded, others would have followed. It's all about the money, if you can earn more, and noone says what you do is unlawful, why not?

2
0

Another root hole in OS X. We know it, you know it, the bad people know it – and no patch exists

LDS
Silver badge

Re: Using page zero...

In the 6502 architecture page zero accesses were faster than other pages, that is why back then this techniques made sense. In the x86 architecture, there is no such faster access. In real mode, the lowest RAM addresses are used by interrupt vectors. In protected mode, they are addresses like everything else - after all they can be mapped anywhere in real RAM. Usually a good OS should not map addresses usually used by invalid pointers, so they will trigger a processor fault that can be caught and returned to the caller as an error/exception.

The kernel may map some memory to fixed addresses for simplicity, but in doing so it needs to actively protect it, and avoid addresses that can be easily "spoofed".

3
0

175 MILLION websites still powered by Windows Server 2003

LDS
Silver badge

Re: instances of NT4 left!

The vulnerability maybe, but I won't be 100% sure, depends where it is - but if an exploit works on NT is another issue - depends on what API it calls, if it happens to call something not available on NT it will fail, and most compilers/libraries today no longer target NT. Unless you explicitly write and test for it.

0
0

Rise up against Oracle class stupidity and join the infosec strike

LDS
Silver badge

Re: Nice idea

"But if you are consistently taking longer to produce work than the time allotted because you're doing work which wasn't asked for, you've got a problem."

Sometimes you need to beat them at their own game. Sure, you don't have to go over schedule or budget - at least no more over schedule and budget than the average project <G>. So you have to learn how to slip in those costs and time. It's feasible, even if not easy. And you may need some allies.

Also, you may never be rewarded for that - but by your own conscience.

Anyway, if you design and implement security from start, is usually cheaper than trying to retrofit it later - and that's another reason someone prefers to wait and then earn even more money...

0
1
LDS
Silver badge

"for example instructions for array manipulation"

You mean, for example, the "BOUND" instruction introduced by the 80286?

Often the hardware has protection features often ignored by system and application software - and sometime it is the culprit, as in the SMM bug unveiled yesterday. And when the bug is in hardware, it's even more difficult to fix...

1
0
LDS
Silver badge

Re: First, I stand for TLS, not SSL.

Right now, it cut me away from some older Dell systems remote management web tools, which I still use in a lab to run tests. I will have to revert them to unencrypted communications.

0
0
LDS
Silver badge

Quit your job...

... and they will hire immediately hire someone who will do what you refused to do, and usually worse. Did you check how many of your colleagues really understand security, and its broader implications on everybody's life?

Sometimes the only resistance is to work "secretly" behind the lines and fight for security, even if it means to slip it in products and services without management approval for funds. Especially if projects are your ones, and not just someone's else pushed down your throat. Meanwhile "evangelizing" about true security although many won't listen - until they got hit. If you are able, slowly you can get rid of the worst ones, and keep the right ones.

Meanwhile, look for a new better job if you can find one. Because, as an Italian proverb says "he cut his own testicles to upset his wife" - is not usually a good line of action. Sometimes waiting for some corpse coming down the river is funny. Just ensure the corpse is not yours, and no one could blame you for the murder. Cynic? Maybe. But is emulating Don Quixote clever? Sometime people learn only when their buttocks get aflame, and it may take some time.

7
0

W is for WTF: Google CEO quits, new biz Alphabet takes over

LDS
Silver badge

Re: except

Every Android devices funnels lots of user data to Google, just like GMail, Maps, etc. The ROI is there. The problem is for the hardware assemblers, who have margins close to zero.

4
0
LDS
Silver badge

Re: As long as I get my flying exosuit..

It will just fly you to the nearest advertiser, and force you to buy things you don't need, with full access to your bank account.

15
4

Introducing the Asus VivoMini UN42 – a pint-sized PC, literally

LDS
Silver badge

Re: Footprint

You have very old, outdated information dating back to Windows 3.1. MS compilers improved a lot since then (look for tests, if you don't believe me), and also the way you want your code compiled. BTW, the better code also was from the Watcom compiler, nor Borland (although its compiler was very good, back then), nor IBM.

Back in the old days of 386/486 processors, and small disks, having compact code was of paramount importance even if it was less performing.

Since Pentium processors and their parallel processing pipelines, techniques were devised to achieve far better performance at the price of code size, i.e. unrolling loops. As processor evolved, new techniques to minimize cache issues and the like were also introduced.

Also, x86 have some "complex" instructions that can do a lot in a single opcode, but may be again slower than implementing the same functions directly with simpler opcodes, in a RISC-like way. There's a lot if instructions still supported but very, very rarely used.

Since hard disk space was no longer an issue, most applications are compiled for speed, not for size, and most compiler optimizations are designed to improve code speed even at the expense of its size - unless you explicitly target size optimizations, which in turn may deliver slower executables.

But an executable contains far more than code - today a lot of space can be occupied by its resources, especially for GUI applications, but not only. You may also have debug data for error reporting, and so on.

2
0

Microsoft co-founder recovers ship's bell of 'The Mighty Hood'

LDS
Silver badge

Re: The Impact On The Public Was Terrible

There's still a difference from being hit, suffer heavy damages, but not fatal/critical one, and being hit and explode in little time. In the Pacific, several battleship sustained heavy hits and still survived, and were able to be repaired and return to action. Other took a lot of hits before being sunken

The battlecruiser design of the Hood left little chances to sustain a one-to-one combat with a true battleship, even if it had been upgraded. The Royal Navy was blinded by its own propaganda, and its risk-adverse tactic which kept the fleet too often in harbours - and having battleship sunk there instead of trying to sunk the enemy fleet.

2
2
LDS
Silver badge

Re: @Ledswinger

A ship's bell has a special meaning for sailors. In some ways, it impersonates the ship herself. It's far more than just a piece of metal to be shown in a museum.

22
0

Intel building Xeon into lapwarmers as designers, content creators call the shots

LDS
Silver badge

I always hated self-propelled workstations

Powerful, but very uncomfortable to carry around when you need. A good desktop is safer, expandable when you need it, and some part can be replaced without any need of sending it to support. Unless you really need some true mobility, usually it's just a waste of money.

1
0

A close shave: How to destroy your hard drives without burning down the data centre

LDS
Silver badge

Re: My method works a treat

It's just very difficult to recover. Not impossible.

2
0

Safe as houses: CCTV for the masses

LDS
Silver badge

Re: "the use of rules which allow you to specify the action"

I would prefer armed drones. No need to feed them with expensive meat, just keep their batteries loaded.

0
0

Oracle brews PERPETUAL, all-you-can-eat database licence

LDS
Silver badge

Re: Watch out for the little extras...

You should get an Oracle Partner subscription (hope it still exists). It allows you to use the licensed products for development/test/demo without issues, any number of instances you need, and you have access to support for patches and service requests. What you can't do is use that license for any production installation.

The subscription is a yearly fee, it's very much alike MSDN and the like, designed to keep dev/test labs to a manageable budget.

2
0
LDS
Silver badge

Re: Cut the crap

Buy companies here and there to crush competition, and then find yourself with a product portfolio and different dev teams noone wants to review and close/merge.

2
0
LDS
Silver badge

Re: Count me in!

The issue with Oracle was not seat/processor licenses only, often it was "options". Oracle comes with several built-in features you can't use until you get a formal license for that "option". Exactly, features are already there, you don't need to install an add-on or enter a new license key, just you can't use it without a piece of paper stating you can do it. Crazy? Yes, but that's how it works.

One is (was?) for example partitioning. If your DBA doesn't know Oracle licensing well enough, and starts to think partitioning some large tables is good, and does it without an option license, an Oracle audit will spot it and ask you money. Other options include(d) Advanced Security (encryption of data and communication channel), RAC (clustering), standy databases, some tuning/diagnostic features, and so on. Just a few are true add-ons to install separately (my last big experience with Oracle licensing was with 11g, thereby something may have changed since 12c)

Thereby having a flat fee letting you use any option if you start to need it without going through another round of licensing talks, would be welcome by many DBAs.

6
0

Keep up, boyos! 20k Win XP PCs still in use by NHS in Wales

LDS
Silver badge

Friday afternoon nap?

Marketing people on Friday afternoon are already in their roadster cars heading for some expensive resort for the weekend, to enjoy the money they made selling you some crap.

Only journalists and IT people are still at work, and could work over the weekend as well...

1
0

Microsoft vacates moral high ground for the data slurpers' cesspit

This post has been deleted by a moderator

Forums